Why would a penetration tester perform credential dumping attacks?

A penetration tester may perform credential dumping attacks primarily to obtain access credentials that can be used for future exploitation. This technique involves extracting passwords and other sensitive information from a system or application, allowing the tester to further penetrate the network or system with the acquired credentials. By leveraging these credentials, the tester can assess how far they can advance within a network, simulating a real-world attack scenario where an adversary might gather sensitive data to move laterally within an organization.

This practice provides insight into not only the vulnerabilities present in storage and management of sensitive information but also helps illustrate the risks associated with weak password policies, inadequate credential storage, and lack of proper access controls. Capturing these credentials can lead to the discovery of more significant weaknesses within an organization's security posture, thus allowing for better recommendations for remediation.

In contrast, while altering user permissions or demonstrating application vulnerabilities are legitimate aspects of a penetration test, they are not the primary goal of credential dumping. Cleaning up unnecessary files on the server does not align with the objectives of penetration testing, as it relates more to system maintenance rather than security assessment.