I don't hide it from anybody; when doing pentests, my favorite approach was to simply browse information in open shares until I could find some user credentials there (yes, in big organizations, they are always there: scripts, source code, ini files...). With those in hands, try to see what else I was able to have access to; repeat the process until the whole network is owned. No big hack or exploit here, just basic "low hanging fruit detection".I just noticed a tool that makes that process thousands of times easier:
Very nice tool for pentests
Very nice tool for pentests
Very nice tool for pentests
I don't hide it from anybody; when doing pentests, my favorite approach was to simply browse information in open shares until I could find some user credentials there (yes, in big organizations, they are always there: scripts, source code, ini files...). With those in hands, try to see what else I was able to have access to; repeat the process until the whole network is owned. No big hack or exploit here, just basic "low hanging fruit detection".I just noticed a tool that makes that process thousands of times easier: