Chapter 9. Password Attacks
Passwords are often the path of least resistance on pentesting engagements. A client with a strong security program can fix missing Windows patches and out-of-date software, but the users themselves can’t be patched. We’ll look at attacking users when we discuss
social engineering in Chapter 11, but if we can correctly guess or calculate a user’s password, we may be able to avoid involving the user in the attack at all. In this chapter we’ll look at how to use tools to automate running services on our targets and sending usernames and passwords. Additionally, we’ll study cracking the password hashes we gained access to in Chapter 8.
Companies are waking up to the inherent risks of password-based authentication; ...