Could this happen?

You've just been hired by a Fortune 500 company to conduct a black box pen-test against the enterprise.  Nothing is off-limits. You pack your USB LAN Turtle, Tetra Wi-Fi Pineapple and weaponized version of Linux, head to the client site and socially engineer your way around the security guard... Moments later you're launching a RDP MiTM attack using ARP cache poisoning and spoofed DNS answers... you capture domain credentials using Cain, upload the hashes to your cracking server and leverage Hashcat to crack the passes before lunch. After lunch, you fire up a Powershell module in Metasploit to expand influence and identify sensitive assets.  Score! Using nmap, you've discovered the SQL database that holds the product prices displayed on your client’s homepage.  Using a time-based SQL injection attack, you decrement the price of their featured product by 99% and take a screenshot for your report. Man this was too easy...

Oh yeah, I forgot to mention, you just got paid by the client to do this and it was 100% legal...

Become a Hacker!