The Basics of Hacking and Penetration Testing by Engebretson Patrick & David Kennedy
Author:Engebretson, Patrick & David Kennedy [Engebretson, Patrick & Kennedy, David]
Language: eng
Format: epub, pdf
ISBN: 9780124116412
Publisher: Elsevier Science
Published: 2013-06-27T14:00:00+00:00
JtR: King of the Password Crackers
It is hard to imagine discussing a topic like the basics of hacking without discussing passwords and password cracking. No matter what we do or how far we advance, it appears that passwords remain the most popular way to protect data and allow access to systems. With this in mind, let us take a brief detour to cover the basics of password cracking.
There are several reasons why a penetration tester would be interested in cracking passwords. First and foremost, this is a great technique for elevating and escalating privileges. Consider the following example: assume that you were able to compromise a target system but after logging in, you discover that you have no rights on that system. No matter what you do, you are unable to read and write in the target’s files and folders and even worse, you are unable to install any new software. This is often the case when you get access to a low-privileged account belonging to the “user” or “guest” group.
If the account you accessed has few or no rights, you will be unable to perform many of the required steps to further compromise the system. I have actually been involved with several Red Team exercises where seemingly competent hackers are at a complete loss when presented with an unprivileged account. They throw up their hands and say “Does anyone want unprivileged access to this machine? I don’t know what to do with it.” In this case, password cracking is certainly a useful way to escalate privileges and often allows us to gain administrative rights on a target machine.
Another reason for cracking passwords and escalating privileges is that many of the tools we run as penetration testers require administrative-level access in order to install and execute properly. As a final thought, on occasion, penetration testers may find themselves in a situation where they were able to crack the local administrator password (the local admin account on a machine) and have this password turn out to be the exact same password that the network administrator was using for the domain administrator account.
Download
The Basics of Hacking and Penetration Testing by Engebretson Patrick & David Kennedy.pdf
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Deep Learning with Python by François Chollet(14616)
The Mikado Method by Ola Ellnestam Daniel Brolund(11877)
Hello! Python by Anthony Briggs(11791)
OCA Java SE 8 Programmer I Certification Guide by Mala Gupta(11240)
Dependency Injection in .NET by Mark Seemann(11001)
A Developer's Guide to Building Resilient Cloud Applications with Azure by Hamida Rebai Trabelsi(10517)
Algorithms of the Intelligent Web by Haralambos Marmanis;Dmitry Babenko(9832)
The Well-Grounded Java Developer by Benjamin J. Evans Martijn Verburg(9420)
Grails in Action by Glen Smith Peter Ledbrook(9163)
Hit Refresh by Satya Nadella(9038)
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(8808)
Secrets of the JavaScript Ninja by John Resig Bear Bibeault(8594)
The Kubernetes Operator Framework Book by Michael Dame(8470)
Test-Driven iOS Development with Swift 4 by Dominik Hauser(8309)
Exploring Deepfakes by Bryan Lyon and Matt Tora(8288)
Robo-Advisor with Python by Aki Ranin(8242)
Practical Computer Architecture with Python and ARM by Alan Clements(8217)
Implementing Enterprise Observability for Success by Manisha Agrawal and Karun Krishnannair(8187)
Building Low Latency Applications with C++ by Sourav Ghosh(8091)
