What will George do to recover the actual encrypted passwords?

George, a freelance Security Auditor and Penetration Tester, was working on a pen testing assignment for Xsecurity. George is an ESCA certified professional and was following the LPT methodology in performing a comprehensive security assessment of the company. After the initial reconnaissance, scanning and enumeration phases, he successfully recovered a user password and was able to log on to a Linux machine located on the network. He was also able to access the /etc/passwd file; however, the passwords were stored as a single “x” character.

What will George do to recover the actual encrypted passwords?
A . George will perform sniffing to capture the actual passwords
B . George will perform replay attack to collect the actual passwords
C . George will escalate his privilege to root level and look for /etc/shadow file
D . George will perform a password attack using the pre-computed hashes also known as a rainbow attack

Answer: C

Latest ECSAv10 Dumps Valid Version with 150 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments