SANS Penetration Testing: Category - Passwords

A Penetration Tester's Pledge

by Ed Skoudis Over the weekend, I was thinking about the wonderful psexec capabilities of tools like Metasploit, the Nmap Scripting engine smb-psexec script, and the psexec tool itself from Microsoft Sysinternals. It's my go-to exploit on Windows targets, once I have gained SMB access and admin credentials (username and password, or username and hash … Continue reading A Penetration Tester's Pledge


This is the Winter2012 of our Discontent: Guessing Bad Rotating Passwords

[Editor's Note: Sometimes the most effective and lethal penetration testing and ethical hacking techniques are shockingly straight-forward. Tim Medin offers hugely useful advice in this article on fine-tuning your wordlists based on the target organization's password policy. Read it and live it — these techniques will make your password guessing attacks much more effective. -Ed.] … Continue reading This is the Winter2012 of our Discontent: Guessing Bad Rotating Passwords