Credential harvesting and escalation attacks
Credential harvesting is the process of identifying usernames, passwords, and hashes that can be utilized to achieve the objective set by the organization for a penetration testing/red team exercise. In this section, we will walk through three different types of credential harvesting mechanism that are typically used by attackers in Kali Linux.
Password sniffers
Password sniffers are a set of tools/scripts that typically perform man-in-the-middle attacks by discovery, spoofing, sniffing the traffic, and by proxying. From our previous experience, we noted that most organizations do not utilize SSL internally; Wireshark revealed multiple usernames and passwords.
In this section, we will explore bettercap
to capture SSL traffic on the network so that we can capture the credentials of network users. bettercap
is similar to the previous-generation ettercap
command, with the additional capability to perform network-level spoofing and sniffing. It can be...