Re: Password Cracking Issues

[Javier Reyna <jreyna () onlinet com mx>]

So, you, previous the pentest, knew the password. ?


I thinks the test was not if you had previosuly knew the password but if you can crakc it. If you cannot crack it you 
cannot said you crack it, even if you know the passwd, you must test if you can obtain that pwd. My 2 cents.

On Thu, Dec 17, 2009 at 11:07:30PM +0800, JAE HO JANG wrote:
> Hi,
>
> I am doing Pen-testing of our customer's FW, NetScreen.
> But I installed this FW also set password a few months ago so I already knew the password (they haven't changed).
> In this case, what is the best way to do? 
> just proceed the password cracking? then report them I managed to find the password?
> or skip password cracking and then advise to reinforce the password policy?
>
> Please advise.
> Thanks in advance.
>
> Regards,
> Tony
>
>
> --------------------------------------
> Get Disney character's mail address on Yahoo! Mail
> http://pr.mail.yahoo.co.jp/disney/
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified. 
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

Attachment: _bin
Description: