Brute force attacks are probably the most basic and common password cracking attack performed during a penetration test. This basic style of attack can be very successful if it is carried out in an intelligent manner reducing the total number of password candidates that need to be tried before guessing the correct password. Two of the most common and feature rich password cracking or brute forcing tools available to penetration testers are THC-Hydra and Medusa. In this learning module we will explore the basic concepts for carrying out these style of attacks with Hydra and Medusa.
In this module, you will learn to use all available resources to identify and retrieve relevant exploitation information to effectively exploit identified vulnerabilities. With exploitation frameworks such as Metasploit so readily available to us, some penetration testers will stop looking for exploitation information and proof-of-concepts if this information or capability is not found within the framework or application. Limiting your resources in this manner can severely limit a penetration tester's options and available attack surfaces. A penetration tester familiar with a few exploit database resources and with the power of search engines can be far more effective at exploiting vulnerabilities.
Syslog is the most common method for transmitting system and device logs to central log management solutions and security information and event management solutions. Syslog was designed to be fast, lightweight, and simple to implement. It is these characteristics that make Syslog the go to protocol, but these same characteristics is what makes Syslog such an insecure protocol ripe for abuse by a crafty penetration tester and/or attacker. Security Operation Centers (SOC) and their staffed personnel tend to trust the Syslog protocol way to much by relying on these log messages to dictate their actions and/or reactions without questioning the trustworthiness and/or authenticity of these log messages. A few spoofed Syslog messages and a new style of social engineering attack can be carried out completely discombobulating a SOC into a process driven panic.
Want to be the first to know about new modules?
Our instructor led videos guide you step-by-step through new concepts and skills. Hacker Academy members have access to our entire library of content so they can learn at their own pace.
Hands-on labs are the best way to test your skills and try new things. Hacker Academy members have on-demand access to interactive labs to get their hands dirty.
Skills assessment quizzes are a great way to track your progress. Hacker Academy members have access skills quizzes and completion certificates that can be submitted for continuing education credits.
Hands-on labs are the best way to test your skills and try new things. This lab is part of a private Master Class.
Skills assessment quizzes are a great way to track your progress. This quiz is part of a private Master Class.