To: Black Agnes
Man in the middle attacks are pretty simple. On a local Ethernet, a simple ARP cache poisoning can allow you to insert yourself between two parties. There are more sophisticated approaches to man in the middle for SSH sessions too. I've done all of those in SANS security classes. Why stop with a password? We actually stole an entire VMware VM as a class exercise. If you throw in a web site, you have a whole new set of attack surfaces. Javascript and SQL injection attacks. Click jacking. Remote path traversal. There are many more means of attack. Master them and take your exam as a Certified Ethical Hacker. It's a valid career path in today's world of cyber warfare.
117 posted on
07/25/2013 7:10:50 PM PDT by
Myrddin
To: Myrddin
Which makes me wonder again. Why ask for the hash files if they can just get the passwords the old fashioned way?
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson