Our great sponsors
-
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Let’s walk through a typical attack against the Administrator account using a popular tool, CrackMapExec.
Because the Administrator account has no lockout policy, it is possible to make unlimited guesses of the account’s password. Using password lists like the SecList collections, an adversary can craft a custom list of well-known passwords to use to try to log on using the Administrator account.