Credential harvesting is the process of identifying usernames, passwords, and hashes that can be utilized to achieve the objective set by the organization for a penetration testing/red team exercise. In this section, we will walk through three different types of credential harvesting mechanism that are typically used by attackers in Kali Linux.
Password sniffers are a set of tools/scripts that typically perform man-in-the-middle attacks by discovery, spoofing, sniffing the traffic, and by proxying. From our previous experience, we noted that most organizations do not utilize SSL internally; Wireshark revealed multiple usernames and passwords.
In this section, we will explore
bettercap to capture SSL traffic on the network so that we can capture the credentials of network users.
bettercap is similar to the previous-generation
ettercap command, with the additional capability to perform network-level spoofing and sniffing. It can be...