Chapter 9. Password Attacks

Passwords are often the path of least resistance on pentesting engagements. A client with a strong security program can fix missing Windows patches and out-of-date software, but the users themselves can’t be patched. We’ll look at attacking users when we discuss

social engineering in Chapter 11, but if we can correctly guess or calculate a user’s password, we may be able to avoid involving the user in the attack at all. In this chapter we’ll look at how to use tools to automate running services on our targets and sending usernames and passwords. Additionally, we’ll study cracking the password hashes we gained access to in Chapter 8.

Password Management

Companies are waking up to the inherent risks of password-based authentication; ...

Get Penetration Testing now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.