![]() I’ve been writing about Pass the Hash (PtH) on and off over the last year. That’s where a hash-based approach can pay dividends. “I’m on the miller server, so I know my admin password is admin-miller.” Hackers of course are ready to jump on these weaknesses.īut let’s say you land in an environment where your inspired password guessing is not succeeding. It’s not completely unheard of for busy IT people to sacrifice security for convenience. In my pen testing scenario, there’s a beer motif in all the naming of the servers and the local admin passwords. But what happens if you can’t guess the password? In the previous post in this series, I guessed a local password and then tried various ways to move laterally within my mythical Acme network. Part III: Playing with RATs and Reverse Shells.This article is part of the series "Penetration Testing Explained".
0 Comments
Leave a Reply. |