perimeter -> command execution -> privileges escalation -> ...The next step for pentesters is to gain privileges at other machines.
For example, it can be done by stealing credentials (one of many methods).
Passwords at local machine will be hashed and it's not so good to crack it due to the time.
SSH MITM (tool: http://www.signedness.org/tools/mitm-ssh.tgz) is a good one. It should be noticed though that passwords can be shared between many services and thus is also necessary.
PAM (Pluggable Authentification Module) provide dynamic authorization for applications and services in a Linux system. Our password logger plugin for PAM can be found here: https://github.com/ONsec-Lab/scripts/tree/master/pam_steal
This is a good point after rooting machines during penetration tests.
./make.shThen check /tmp/.steal.log - all FTP/SSH and other PAM-based daemon's passwords will be there!
add "auth required pam_steal.so" into it
If you like my blog, Please Donate Me
Or Click The Banner For Support Me.