Chapter 9. Password Attacks
Passwords are often the path of least resistance on pentesting engagements. A client with a strong security program can fix missing Windows patches and out-of-date software, but the users themselves canât be patched. Weâll look at attacking users when we discuss
social engineering in Chapter 11, but if we can correctly guess or calculate a userâs password, we may be able to avoid involving the user in the attack at all. In this chapter weâll look at how to use tools to automate running services on our targets and sending usernames and passwords. Additionally, weâll study cracking the password hashes we gained access to in Chapter 8.
Password Management
Companies are waking up to the inherent risks of password-based ...
Get Penetration Testing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.