In review, scanning networks is the foundation of any attack, as this allows us to discover our attack surface. But we yet have to talk about the most vulnerable piece of the security chain: humans. We already gleaned from the domain names of IT systems that we humans like to map complex constructs on structures that are as simple as possible. For example, we prefer using meaningful names instead of memorising sequences of numbers. So it might be the case that our target system looks to be completely secure, requiring us to resort to non-technical procedures. This fact was previously summarised by Kevin Mitnick in 2002:

Companies spend millions of dollars on firewalls, encryption and secure access devices, and it’s money wasted, because none of these measures address the weakest link in the security chain.

Instead of getting worked up about hard-to-access IT infrastructure, we could simply drop USB sticks loaded with malware on the company grounds and wait for curious employees to do the rest. But these types of social engineering attacks during penetration testing should only be carried out in agreement with the client, as this purposefully manipulates persons. Humans are still the number 1 risk factor.

User passwords are a common entry point into IT systems. Who of us doesn’t use one of their passwords twice? This question once again illustrates that we humans continually try to make life easier. Passwords usually relate to the owner, and/or they fail to once in a while change the passwords to their user accounts. Collecting user passwords is thus particularly interesting to us, as these give us access to IT systems.

Basically, there are two ways of obtaining passwords of user accounts. The most obvious route is to try different passwords for a service until we can successfully log in as a user. As our login attempts are transmitted via a network, this methodology is referred to as online password attack. In addition to this, we may already have access to the system via vulnerability X. In this case, we may even be able to read all saved access data. It should be noted that, ideally, only the salted hashes of user passwords are saved. Our task would therefore be to reconstruct the passwords based on their hashes. As the cracking of hashes is performed on a system, this methodology is referred to as offline password attack.

Sub Articles

Penetation Testing Course

About Pentest Training

Discover the world of penetration testing. Learn how to infiltrate networks and successfully penetrate systems and applications. Acquire the necessary hacking skills and use them when conducting professional penetration tests. Become a real penetration tester. Here you will find the free documents for the Pentest Training of binsec academy GmbH. The binsec academy GmbH offers the corresponding security training lab environments and certifications. However, the knowledge and wiki articles on hacking and penetration testing is universal.

About binsec academy GmbH

binsec academy GmbH is the European provider of online security training with virtual laboratory environments. The core component of all security training is the focus on practice, practice and more practice. In the wiki here you will find the public and freely available course materials. You can put the theory into practice at binsec-academy.com.