Penetration Testing mailing list archives
Re: Password Cracking Issues
From: Jonathan Cran <jcran () 0x0e org>
Date: Fri, 25 Dec 2009 02:05:33 -0500
if you're looking for convention, there isn't one. just do what makes sense for your customer. if you're delivering the report to the same person, it might be a waste of your time to set about cracking the password. that said, are you sure it's still the same password? how can you be sure? have you verified? documented? i think you see where i'm going with this. hope it helps. jcran On Thu, Dec 17, 2009 at 10:07 AM, JAE HO JANG <misman95 () yahoo co jp> wrote:
Hi, I am doing Pen-testing of our customer's FW, NetScreen. But I installed this FW also set password a few months ago so I already knew the password (they haven't changed). In this case, what is the best way to do? just proceed the password cracking? then report them I managed to find the password? or skip password cracking and then advise to reinforce the password policy? Please advise. Thanks in advance. Regards, Tony -------------------------------------- Get Disney character's mail address on Yahoo! Mail http://pr.mail.yahoo.co.jp/disney/ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
-- Jonathan Cran jcran () 0x0e org 515.890.0070 ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Password Cracking Issues JAE HO JANG (Dec 21)
- Re: Password Cracking Issues Jonathan Cran (Dec 29)
- Re: Password Cracking Issues Javier Reyna (Dec 29)
- RE: Password Cracking Issues THOMAS, DEDRIC (ATTCLSMA) (Dec 29)