Password cracking by definition is recovering passwords from data that has been stored or transmitted by a computer system. Passwords are used to secure various system types, which we have touched upon in Chapter 3, Server-side Attacks, while attacking web servers.

Host systems are usually Windows or Linux-based and have specific characteristics regarding how they store and protect user passwords. This section will focus on cracking host system password files. We included this in the Web Application Penetration Testing book, because host systems are a common authorized client to web applications. Compromising a client means opening a door to access a targeted web application.

The easiest method to obtain user ...