April 2017
Intermediate to advanced
350 pages
8h 35m
English
Content preview from Applied Network Security
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
How do hackers obtain the hash?
As mentioned earlier, a hacker will usually target a low-level employee that has a device with line of sight (direct access) to a workstation server on the network. A hacker may then send a payload in the form of a RAT, such as the one we created in Chapter 4, Creating a RAT Using Msfvenom. A socially engineered e-mail is created posing as the HR department. Within the e-mail an urgent message is placed telling the employee a payroll error has been made. The message will then direct the user to click on the attached link to verify their identity for the payroll department. Most employees will click on the link in fear of their paycheck being disrupted if they don't.
Once the employee clicks on the link the ...