I’ve been writing about Pass the Hash (PtH) on and off over the last year. ![]() That’s where a hash-based approach can pay dividends. “I’m on the miller server, so I know my admin password is admin-miller.” Hackers of course are ready to jump on these weaknesses.īut let’s say you land in an environment where your inspired password guessing is not succeeding. It’s not completely unheard of for busy IT people to sacrifice security for convenience. In my pen testing scenario, there’s a beer motif in all the naming of the servers and the local admin passwords. But what happens if you can’t guess the password? In the previous post in this series, I guessed a local password and then tried various ways to move laterally within my mythical Acme network.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |