Obtaining and cracking user passwords
Password cracking by definition is recovering passwords from data that has been stored or transmitted by a computer system. Passwords are used to secure various system types, which we have touched upon in Chapter 3, Server-side Attacks, while attacking web servers.
Host systems are usually Windows or Linux-based and have specific characteristics regarding how they store and protect user passwords. This section will focus on cracking host system password files. We included this in the Web Application Penetration Testing book, because host systems are a common authorized client to web applications. Compromising a client means opening a door to access a targeted web application.
The easiest method to obtain user ...
Get Web Penetration Testing with Kali Linux now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.