SANS560 GIAC Penetration Tester (GPEN) Practice Test

Single Crack mode relies on information tied to each user account. It generates password candidates from the account’s login name and the GECOS field, which typically contains the user’s real name and other metadata. By transforming and combining these pieces—such as using the login name, the full name from GECOS, or common variants (capitalization, concatenations like first name plus last name, or common suffixes)—it targets passwords users often create from personal information. The other fields listed (system hostname, IP address, password length) aren’t used as sources for these candidate passwords in this mode.