This chapter focused on step 3 of our basic methodology: exploitation. Exploitation is the process most newcomers associate associate directly with “hacking”. Because exploitation is a broad topic, the capter examined several different methods for completing this step including using the online password cracker Medusa to gain access to remote systems. The process of exploiting remote vulnerabilities with Metasploit was discussed as well as several payloads that can be used with Metasploit. John the Ripper was introduced for cracking local passwords. A tool for password resetting was shown for those times when a penetration tester doesn’t have time to wait for a password cracker. Wireshark was used to sniff data off the network and macof was used to sniff network traffic on a switched network.