penetration testing 4
A: In 1â€“2 pages
You have been asked to describe the different types of penetration tests that can be conducted. Take this opportunity to discuss the difference between white-box and black-box testing.
Then, one important task that is conducted during a penetration test is an assessment of password strength, or simply, to crack passwords to allow for further access. This may take the shape of running a test against known passwords or exploiting a vulnerability and stealing the password hashes and trying to crack them. In either case, the concept is the same; the difference is how the password hashes are obtained. There are many tools available to perform this task. To help give an understanding of these tools, this activity will have you explore some of these tools and analyze them to find the right fit for you and your organization.
- Use 1 of the tools described in the Unit 4.
- Extract the password hashes from a machine.
- With the extracted password hashes, try to crack them using the program selected in the previous step.
- Submit an obfuscated list of users and cracked passwords, or output generated from the program.
- Provide a summary of the penetration test plan contents needed to conduct the password penetration activity.
Add a discussion about types of penetration tests, the discussion about the method to extract passwords, and the list of obfuscated passwords to your report. Upon completion of this discussion provide a paragraph on the processes and procedures you will need to implement to create the password recovery penetration test plan.
B: In a 4-6 paragraphs word document
Part of the team performs vulnerability assessments while you are tasked to perform a penetration test. The vice president of your organization has heard of your team’s efforts and wants to better understand what you are doing.
- Describe the difference between a vulnerability assessment and a penetration test.
- Describe at least 1 tool that can be used for a penetration test.
- Provide details about the topic.