O'Reilly logo

Penetration Testing by Georgia Weidman

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 9. Password Attacks

Passwords are often the path of least resistance on pentesting engagements. A client with a strong security program can fix missing Windows patches and out-of-date software, but the users themselves can’t be patched. We’ll look at attacking users when we discuss

social engineering in Chapter 11, but if we can correctly guess or calculate a user’s password, we may be able to avoid involving the user in the attack at all. In this chapter we’ll look at how to use tools to automate running services on our targets and sending usernames and passwords. Additionally, we’ll study cracking the password hashes we gained access to in Chapter 8.

Password Management

Companies are waking up to the inherent risks of password-based authentication; ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required