O'Reilly logo

Assessing Network Security by David LeBlanc, Kevin Lam, Ben Smith

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 15. Password Attacks

Password-guessing attacks are one of the most popular aspects of penetration testing. Passwords come from a lot of places—you can guess them, you can find them lying around in files, and in some cases, you can obtain them from the operating system. Passwords obtained from the operating system are sometimes in the clear or are reversibly encrypted, and sometimes they are stored as a hash, often known as a password verifier. A hashing function is designed to take an input and convert it to an output in a non-reversible manner, so you will sometimes see password verifiers referred to as an OWF (one-way function).

Password hashes are typically attacked (or cracked) using a combination of dictionary attacks and brute-force ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required