The Basics of Hacking and Penetration Testing by Engebretson Patrick & David Kennedy
Author:Engebretson, Patrick & David Kennedy [Engebretson, Patrick & Kennedy, David]
Language: eng
Format: epub, pdf
ISBN: 9780124116412
Publisher: Elsevier Science
Published: 2013-06-27T14:00:00+00:00
JtR: King of the Password Crackers
It is hard to imagine discussing a topic like the basics of hacking without discussing passwords and password cracking. No matter what we do or how far we advance, it appears that passwords remain the most popular way to protect data and allow access to systems. With this in mind, let us take a brief detour to cover the basics of password cracking.
There are several reasons why a penetration tester would be interested in cracking passwords. First and foremost, this is a great technique for elevating and escalating privileges. Consider the following example: assume that you were able to compromise a target system but after logging in, you discover that you have no rights on that system. No matter what you do, you are unable to read and write in the target’s files and folders and even worse, you are unable to install any new software. This is often the case when you get access to a low-privileged account belonging to the “user” or “guest” group.
If the account you accessed has few or no rights, you will be unable to perform many of the required steps to further compromise the system. I have actually been involved with several Red Team exercises where seemingly competent hackers are at a complete loss when presented with an unprivileged account. They throw up their hands and say “Does anyone want unprivileged access to this machine? I don’t know what to do with it.” In this case, password cracking is certainly a useful way to escalate privileges and often allows us to gain administrative rights on a target machine.
Another reason for cracking passwords and escalating privileges is that many of the tools we run as penetration testers require administrative-level access in order to install and execute properly. As a final thought, on occasion, penetration testers may find themselves in a situation where they were able to crack the local administrator password (the local admin account on a machine) and have this password turn out to be the exact same password that the network administrator was using for the domain administrator account.
Download
The Basics of Hacking and Penetration Testing by Engebretson Patrick & David Kennedy.pdf
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Deep Learning with Python by François Chollet(12894)
A Developer's Guide to Building Resilient Cloud Applications with Azure by Hamida Rebai Trabelsi(10282)
Hello! Python by Anthony Briggs(10140)
The Mikado Method by Ola Ellnestam Daniel Brolund(10038)
OCA Java SE 8 Programmer I Certification Guide by Mala Gupta(9997)
Dependency Injection in .NET by Mark Seemann(9534)
Hit Refresh by Satya Nadella(9011)
Algorithms of the Intelligent Web by Haralambos Marmanis;Dmitry Babenko(8540)
The Kubernetes Operator Framework Book by Michael Dame(8318)
Exploring Deepfakes by Bryan Lyon and Matt Tora(8118)
Practical Computer Architecture with Python and ARM by Alan Clements(8050)
Robo-Advisor with Python by Aki Ranin(8043)
Implementing Enterprise Observability for Success by Manisha Agrawal and Karun Krishnannair(8031)
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(7936)
Building Low Latency Applications with C++ by Sourav Ghosh(7918)
Svelte with Test-Driven Development by Daniel Irvine(7911)
Grails in Action by Glen Smith Peter Ledbrook(7903)
Test-Driven iOS Development with Swift 4 by Dominik Hauser(7871)
Becoming a Dynamics 365 Finance and Supply Chain Solution Architect by Brent Dawson(7831)
