Last week I just have a class in my university about the PRIVILEGE ESCALATION. What I got from this topic is:
– Authentication can be founded in three things which are something you know, something you have and who you are.
-There are two types of password attack which are offline attack(get the physical access to the machine) and online attack(attack from distance/ remotely)
– offline cracking tools such as rainbow crack, samdump, John The Ripper, Ophcrack(to crack the password), crunch, and wyd.
– online cracking tools such as BruteSSH, Hydra, Dsniff, and wireshark(TCPdump)
– The man in the middle attack which means that we as the attacker disguise our mac address as the gateaway of the network transaction between two or more clients.