Let's look at the dscl utility on macOS that allows hackers to query directory services information, including extracting sensitive fields such as the password hash. An admin can extract the ShadowHashData and then attempt to crack the hash with a tool such as hashcat.
This is a post-exploitation technique to be aware of as Red and Blue Teamers and build tests and detections for.
As always: Pentesting requires authorization from proper stakeholders. Do not engage in testing/targeting any accounts that you do not own.
26 янв 2023