Welcome back, my tenderfoot hackers!
Hacker newbies have an inordinate fixation on password cracking. They believe that cracking the password is the only way to gain access to the target account and its privileges. If what we really want is access to a system or other resources, sometimes we can get it without a password. Good examples of this are replay attacks and MitM attacks. Neither requires us to have passwords to have access to the user’s resources.
Another way to gain access to a user’s account, resources, and privileges is through capturing or impersonating the user’s tokens.
An… more
Sig Nordal 