what i do?

Am an Information Risk Consultant and Penetration Tester, i specialize mostly in penetrating secure networks/computer systems where i simulate an organized professional attack against your organization, where after that a detailed report with weakness and exploited vectors are summarized. This will help you gain control over your infrastructures security and maximize your protection.

Monday, August 12, 2013

MOST OF THE KENYAN BANKING PASSWORD SECURITY

Lately i have been involved with Banking Security alot and i have noticed that admins are really trying so hard on Password Security. Personally i never bruteforce, i always let the guys starting up to run the Xhydras, but if i do its normally a manual check, not running a tool on the network, with a string of passwords.

I find running some of these automations so chaotic

One issue i have come to realize its better just to try bypass the AV and just dump the passwords on the memory and since all the Kenyan banks carry same security loop holes, from one institution to another, that they never fix, its has become like the same game for me each day. So, i will list some of the passwords you might find if you are doing Pentests for Kenyan banks in Nairobi.

Domain Administration Passwords

P@ssw0rd
$ecurity2013
$ecurity2012
p@ss2013 e.g DTBp@ss2013 "This is just an example, its doesnt mean its the one"
p@ss2012
N3ptuneApps
datast0re!

kkitabu

Application passwords

admin: netptune
admin: Oracle10
admin: netfilter
admin: nitajaribu


The above, experienced in five banks.

Will Continue adding more as time goes on.

3 comments:

Daniel Njora said...

Good job Chuks!

Bright Gameli said...

They are too lazy to use a password that secure enough thus use the simple ones...

Bright Gameli said...

They are too lazy to use a password that secure enough thus use the simple ones...