You have been asked to describe the different types of penetration tests that can be conducted. Take this opportunity to discuss the difference between white-box and black-box testing.
Then, one important task that is conducted during a penetration test is an assessment of password strength, or simply, to crack passwords to allow for further access. This may take the shape of running a test against known passwords, or exploiting a vulnerability and stealing the password hashes and trying to crack them. In either case, the concept is the same; the difference is how the password hashes are obtained. There are many tools available to perform this task. To help give an understanding of these tools, this activity will have you explore some of these tools and analyze them to find the right fit for you and your organization.
- Use 1 of the tools described in the Unit 4 Individual Project.
- Extract the password hashes from a machine.
- With the extracted password hashes, try to crack them using the program selected in the previous step.
- Submit an obfuscated list of users and cracked passwords, or output generated from the program.
- Provide a summary of the penetration test plan contents needed to conduct the password penetration activity.
Add a discussion about types of penetration tests, the discussion about the method to extract passwords, and the list of obfuscated passwords to your report. Upon completion of this discussion provide a paragraph on the processes and procedures you will need to implement to create the password recovery penetration test plan.