7Safe asked:

Daniel Compton, Information Security Consultant of 7Safe, took the audience through a demonstration of common risks found that he sees whilst carrying out penetration tests for clients. This covered two main areas which were “client side attacks” and “pivot attacks”. The demonstrations were all based on fully patched Windows operating systems with anti-virus protection, firewall protection and the latest patches for 3rd party products. Once the client victim computer was exploited from the Internet, Daniel demonstrated how it was possible to pivot and dive deep into the internal corporate network and extracting passwords and credit card data. You can watch the video demonstration here.

Tagged with →  
Share →

6 Responses to Penetration Testing: Real World Penetration Testing

  1. 7Safe says:

    @mihiguy You could use incognito to impersonate the token for the administrator, but for the demo we wanted to extract the hash of the password to show passing the hash techniques.

  2. 7Safe says:

    @blacksiddis You will need to manually download these from Ophcrack. If using something like Backtrack it will not have the tables installed by default due to the size it would make the installer.

  3. blacksiddis says:

    Cool vid dude, but I seem to have some troubles with ophcrack. I got a hash (and I actually know the pass, I just want to test ophcrack) and well I appear to have no ‘tables’ installed.. Nothing happens when i press crack and also the bottom windows on ophcrack is empty in my screen. Whats wrong? and how do I solve it?

  4. Y3KhOoo says:

    U fly
    owning print serv and jump to other …
    tu est tres mechant :p

  5. mihiguy says:

    why upload whosthere-alt instead of using meterpreter’s incognito module? (This is a true question, I don’t know advantages for that…)

  6. LevanSopromadze says:

    Cool video, really very helpful !!!

Leave a Reply

Your email address will not be published. Required fields are marked *

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop us a note so we can take care of it!

Set your Twitter account name in your settings to use the TwitterBar Section.