The Basics of Hacking and Penetration Testing by Engebretson Patrick & David Kennedy
Author:Engebretson, Patrick & David Kennedy [Engebretson, Patrick & Kennedy, David]
Language: eng
Format: epub, pdf
ISBN: 9780124116412
Publisher: Elsevier Science
Published: 2013-06-27T14:00:00+00:00
JtR: King of the Password Crackers
It is hard to imagine discussing a topic like the basics of hacking without discussing passwords and password cracking. No matter what we do or how far we advance, it appears that passwords remain the most popular way to protect data and allow access to systems. With this in mind, let us take a brief detour to cover the basics of password cracking.
There are several reasons why a penetration tester would be interested in cracking passwords. First and foremost, this is a great technique for elevating and escalating privileges. Consider the following example: assume that you were able to compromise a target system but after logging in, you discover that you have no rights on that system. No matter what you do, you are unable to read and write in the target’s files and folders and even worse, you are unable to install any new software. This is often the case when you get access to a low-privileged account belonging to the “user” or “guest” group.
If the account you accessed has few or no rights, you will be unable to perform many of the required steps to further compromise the system. I have actually been involved with several Red Team exercises where seemingly competent hackers are at a complete loss when presented with an unprivileged account. They throw up their hands and say “Does anyone want unprivileged access to this machine? I don’t know what to do with it.” In this case, password cracking is certainly a useful way to escalate privileges and often allows us to gain administrative rights on a target machine.
Another reason for cracking passwords and escalating privileges is that many of the tools we run as penetration testers require administrative-level access in order to install and execute properly. As a final thought, on occasion, penetration testers may find themselves in a situation where they were able to crack the local administrator password (the local admin account on a machine) and have this password turn out to be the exact same password that the network administrator was using for the domain administrator account.
Download
The Basics of Hacking and Penetration Testing by Engebretson Patrick & David Kennedy.pdf
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
The Mikado Method by Ola Ellnestam Daniel Brolund(20603)
Hello! Python by Anthony Briggs(19899)
Secrets of the JavaScript Ninja by John Resig Bear Bibeault(18208)
Dependency Injection in .NET by Mark Seemann(18108)
The Well-Grounded Java Developer by Benjamin J. Evans Martijn Verburg(17575)
OCA Java SE 8 Programmer I Certification Guide by Mala Gupta(17421)
Kotlin in Action by Dmitry Jemerov(17185)
Adobe Camera Raw For Digital Photographers Only by Rob Sheppard(16930)
Algorithms of the Intelligent Web by Haralambos Marmanis;Dmitry Babenko(16235)
Grails in Action by Glen Smith Peter Ledbrook(15390)
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(13266)
Secrets of the JavaScript Ninja by John Resig & Bear Bibeault(11381)
A Developer's Guide to Building Resilient Cloud Applications with Azure by Hamida Rebai Trabelsi(10579)
Test-Driven iOS Development with Swift 4 by Dominik Hauser(10393)
Jquery UI in Action : Master the concepts Of Jquery UI: A Step By Step Approach by ANMOL GOYAL(9387)
Hit Refresh by Satya Nadella(9083)
The Kubernetes Operator Framework Book by Michael Dame(8521)
Exploring Deepfakes by Bryan Lyon and Matt Tora(8348)
Robo-Advisor with Python by Aki Ranin(8294)
