Penetration Testing mailing list archives
Re: Password Cracking Issues
From: Javier Reyna <jreyna () onlinet com mx>
Date: Thu, 24 Dec 2009 13:50:58 -0600
So, you, previous the pentest, knew the password. ? I thinks the test was not if you had previosuly knew the password but if you can crakc it. If you cannot crack it you cannot said you crack it, even if you know the passwd, you must test if you can obtain that pwd. My 2 cents. On Thu, Dec 17, 2009 at 11:07:30PM +0800, JAE HO JANG wrote:
Hi, I am doing Pen-testing of our customer's FW, NetScreen. But I installed this FW also set password a few months ago so I already knew the password (they haven't changed). In this case, what is the best way to do? just proceed the password cracking? then report them I managed to find the password? or skip password cracking and then advise to reinforce the password policy? Please advise. Thanks in advance. Regards, Tony -------------------------------------- Get Disney character's mail address on Yahoo! Mail http://pr.mail.yahoo.co.jp/disney/ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Attachment:
_bin
Description:
Current thread:
- Password Cracking Issues JAE HO JANG (Dec 21)
- Re: Password Cracking Issues Jonathan Cran (Dec 29)
- Re: Password Cracking Issues Javier Reyna (Dec 29)
- RE: Password Cracking Issues THOMAS, DEDRIC (ATTCLSMA) (Dec 29)