SlideShare a Scribd company logo

Unlimited Attempts AllowedDetailsVirtual Labs  Dumping and Crac

Download as DOCX, PDF
T
TaunyaCoffman887

Unlimited Attempts AllowedDetails Virtual Labs:  Dumping and Cracking SAM Hashes to Extract Plain text Passwords Consider what you have learned so far about Attack Vectors and Countermeasures as you review the objectives and scenario below.  Complete the 2 labs that follow on EC-Council's website using the link below. Objective Lab 1 The goal of system hacking is to gain access, escalate privileges, execute applications, and hide files. The objective of this lab is to help students learn to monitor a system remotely and to extract hidden files and other tasks that include: Extracting administrative passwords Hiding files and extracting hidden files Recovering passwords Monitoring a system remotely Scenario Password hacking is one of the easiest and most common ways hackers obtain an unauthorized computer or network access. Although strong passwords that are difficult to crack (or guess) are easy to create and maintain, users often neglect this. Therefore, passwords are one of the weakest links in the information security chain. Passwords rely on secrecy. After a password is compromised, its original owner isn’t the only person who can access the system with it. Hackers have many ways to obtain passwords. They can obtain passwords from local computers by using password-cracking software. To obtain passwords from across a network, they can use remote cracking utilities or network analyzers. The labs in this module demonstrate just how easily hackers can gather password information from your network, and describe password vulnerabilities that exist in computer networks, as well as countermeasures to help prevent these vulnerabilities from being exploited on your systems. Week 5 Lab Assignment 1: Dumping and Cracking SAM Hashes to Extract Plaintext Passwords Lab Task: The objective of this lab is to help students learn how to: Use the pwdump7 tool to extract password hashes Use the Ophcrack tool to crack the passwords and obtain plain text passwords Lab Description: The Security Account Manager (SAM) is a database file present on Windows machines that stores user accounts and security descriptors for users on a local computer. It stores users' passwords in a hashed format (in LM hash and NTLM hash). Because a hash function is one-way, this provides some measure of security for the storage of the passwords. In a system hacking life cycle, attackers generally dump operating system password hashes immediately after a compromise of the target machine. The password hashes enable attackers to launch a variety of attacks on the system, including password cracking, pass the hash, unauthorized access of other systems using the same passwords, password analysis, and pattern recognition, in order to crack other passwords in the target environment. You need to have administrator access to dump the contents of the SAM file. Assessment of password strength is a critical milestone during your security assessment engagement. You will st ...

Education
1 of 7
Unlimited Attempts AllowedDetails Virtual Labs: Dumping and Cracking SAM Hashes to Extract Plain text Passwords Consider what you have learned so far about Attack Vectors and Countermeasures as you review the objectives and scenario below. Complete the 2 labs that follow on EC-Council's website using the link below. Objective Lab 1 The goal of system hacking is to gain access, escalate privileges, execute applications, and hide files. The objective of this lab is to help students learn to monitor a system remotely and to extract hidden files and other tasks that include: Extracting administrative passwords Hiding files and extracting hidden files Recovering passwords Monitoring a system remotely Scenario Password hacking is one of the easiest and most common ways hackers obtain an unauthorized computer or network access. Although strong passwords that are difficult to crack (or guess) are easy to create and maintain, users often neglect this. Therefore, passwords are one of the weakest links in the information security chain.
Passwords rely on secrecy. After a password is compromised, its original owner isn’t the only person who can access the system with it. Hackers have many ways to obtain passwords. They can obtain passwords from local computers by using password-cracking software. To obtain passwords from across a network, they can use remote cracking utilities or network analyzers. The labs in this module demonstrate just how easily hackers can gather password information from your network, and describe password vulnerabilities that exist in computer networks, as well as countermeasures to help prevent these vulnerabilities from being exploited on your systems. Week 5 Lab Assignment 1: Dumping and Cracking SAM Hashes to Extract Plaintext Passwords Lab Task: The objective of this lab is to help students learn how to: Use the pwdump7 tool to extract password hashes Use the Ophcrack tool to crack the passwords and obtain plain text passwords Lab Description: The Security Account Manager (SAM) is a database file present on Windows machines that stores user accounts and security descriptors for users on a local computer. It stores users' passwords in a hashed format (in LM hash and NTLM hash).
Because a hash function is one-way, this provides some measure of security for the storage of the passwords. In a system hacking life cycle, attackers generally dump operating system password hashes immediately after a compromise of the target machine. The password hashes enable attackers to launch a variety of attacks on the system, including password cracking, pass the hash, unauthorized access of other systems using the same passwords, password analysis, and pattern recognition, in order to crack other passwords in the target environment. You need to have administrator access to dump the contents of the SAM file. Assessment of password strength is a critical milestone during your security assessment engagement. You will start your password assessment with a simple SAM hash dump and running it with a hash decryptor to uncover plaintext passwords. Pwdump7 can also be used to dump protected files. You can always copy a used file by executing pwdump7.exe -d c:lockedfile.dat backup-lockedfile.dat. Rainbow tables for LM hashes of alphanumeric passwords are provided for free by the developers. By default, Ophcrack is bundled with tables that allow it to crack passwords not longer than 14 characters using only alphanumeric characters. Rainbow tables for LM hashes of alphanumeric passwords are provided for free by the developers. By default, Ophcrack is bundled with tables that allow it to crack passwords not longer than 14 characters using only alphanumeric characters. Objective Lab 2 With the help of malicious applications, attackers get access to stored passwords and can read personal documents, delete files,
display pictures, and/or display messages on the screen. According to a recent report by Symantec, more than 317 million new pieces of malware—computer viruses or other malicious software—were created in the year 2014. That means nearly one million new threats were released each day. Malware has the ability to perform various malicious activities that might range from simple email advertising to complex identity theft and password stealing. Malware programmers design code that: Attacks browsers and track websites visited Affects system performance, making it very slow Causes hardware failure, rendering the computer inoperable Steals personal information (including contacts, etc.) Erases important information, resulting in potential huge loss of data Attacks other computers from a single compromised system Spams inboxes with advertising emails The objectives of this lab include: Creating a server and testing the network for attack Detecting Malware Attacking a network using sample Trojans and documenting all vulnerabilities and flaws detected
Scenario Malware poses a major security threat to information security. Malware writers explore new attack vectors to exploit vulnerabilities in information systems. This leads to ever more sophisticated malware attacks, including drive-by malware, “mal-advertising” (or “malvertising”), Advanced Persistent Threats, and so on. Though organizations try hard to defend themselves using comprehensive security policies and advanced anti-malware controls, the current trend indicates that malware applications are targeting the “lower-hanging fruit” of: under- secured smartphones, mobile applications, social media, and cloud services. The problem is further complicated because of threat predictions. As McAfee stated in its Threats Report published in February 2015, “Small nation-states and foreign terror groups will take to cyberspace to conduct warfare against their enemies. They will attack by launching crippling distributed denial of service attacks or using malware that wipes the master boot record to destroy their enemies’ networks.” Assessing an organization’s information system against malware threats is a major challenge today because of the quickly-changing nature of malware threats. Defenders need to be well versed in the latest developments in this field and understand the basic functioning of malware, as well as have an ability to select and implement controls appropriate to your organization and its needs. The labs in this module will provide a first-hand experience with various techniques that attackers use to write and propagate malware. You will also learn how to effectively select security controls to
protect your information assets from malware threats. Week 5 Lab Assignment 2: Creating a Server using the ProRat Tool Lab Task: The objective of this lab is to help students learn to detect Trojan and backdoor attacks. The objectives of this lab include: Creating a server and testing the network for attack Detecting Malware Attacking a network using sample Trojans and documenting all vulnerabilities and flaws detected Lab Description: ProRat is a remote administration tool (RAT) written in C programming language and is capable of working with all Windows operating systems. The main purpose of this RAT is to access one’s own computers remotely. As with other Trojan horses, ProRat uses a client and server. It opens a port on the computer, which allows the client to perform numerous operations on the server (the victim machine). Some of the ProRat’s malicious actions on the victim's machine:
Logging keystrokes Stealing passwords Full control over files Drive formatting Open/close CD tray Hide taskbar, desktop, and start button View system information Access the lab here: EC-Council | iLabs (Links to an external site.) Submit proof of this assignment completion by uploading and submitting a screenshot of the graded lab from EC-Council Labs. Refer to the Course Projects page for more information on project submissions.

Recommended

The menu items at McDonalds in Moscow are slightly different than
The menu items at McDonalds in Moscow are slightly different thanThe menu items at McDonalds in Moscow are slightly different than
The menu items at McDonalds in Moscow are slightly different thanTaunyaCoffman887
 
UV3051 This technical note was prepared by Professor
UV3051 This technical note was prepared by ProfessorUV3051 This technical note was prepared by Professor
UV3051 This technical note was prepared by ProfessorTaunyaCoffman887
 
ScenarioYour manager wants you to make a PowerPoint presentation
ScenarioYour manager wants you to make a PowerPoint presentation ScenarioYour manager wants you to make a PowerPoint presentation
ScenarioYour manager wants you to make a PowerPoint presentation TaunyaCoffman887
 
Research Proposal Final Submission Rubric Writing Componen
Research Proposal Final Submission Rubric Writing ComponenResearch Proposal Final Submission Rubric Writing Componen
Research Proposal Final Submission Rubric Writing ComponenTaunyaCoffman887
 
The response must be 250 words and use at least 2 scholarly citation
The response must be 250 words and use at least 2 scholarly citationThe response must be 250 words and use at least 2 scholarly citation
The response must be 250 words and use at least 2 scholarly citationTaunyaCoffman887
 
Sample Discussion Board Post for Criminal Justice Submitted
Sample Discussion Board Post for Criminal Justice SubmittedSample Discussion Board Post for Criminal Justice Submitted
Sample Discussion Board Post for Criminal Justice SubmittedTaunyaCoffman887
 
Please note a system that you work with frequently that has a major
Please note a system that you work with frequently that has a major Please note a system that you work with frequently that has a major
Please note a system that you work with frequently that has a major TaunyaCoffman887
 
Practical Research Planning and DesignTwelfth Edition
Practical Research Planning and DesignTwelfth EditionPractical Research Planning and DesignTwelfth Edition
Practical Research Planning and DesignTwelfth EditionTaunyaCoffman887
 

Recommended

The menu items at McDonalds in Moscow are slightly different than
The menu items at McDonalds in Moscow are slightly different thanThe menu items at McDonalds in Moscow are slightly different than
The menu items at McDonalds in Moscow are slightly different thanTaunyaCoffman887
 
UV3051 This technical note was prepared by Professor
UV3051 This technical note was prepared by ProfessorUV3051 This technical note was prepared by Professor
UV3051 This technical note was prepared by ProfessorTaunyaCoffman887
 
ScenarioYour manager wants you to make a PowerPoint presentation
ScenarioYour manager wants you to make a PowerPoint presentation ScenarioYour manager wants you to make a PowerPoint presentation
ScenarioYour manager wants you to make a PowerPoint presentation TaunyaCoffman887
 
Research Proposal Final Submission Rubric Writing Componen
Research Proposal Final Submission Rubric Writing ComponenResearch Proposal Final Submission Rubric Writing Componen
Research Proposal Final Submission Rubric Writing ComponenTaunyaCoffman887
 
The response must be 250 words and use at least 2 scholarly citation
The response must be 250 words and use at least 2 scholarly citationThe response must be 250 words and use at least 2 scholarly citation
The response must be 250 words and use at least 2 scholarly citationTaunyaCoffman887
 
Sample Discussion Board Post for Criminal Justice Submitted
Sample Discussion Board Post for Criminal Justice SubmittedSample Discussion Board Post for Criminal Justice Submitted
Sample Discussion Board Post for Criminal Justice SubmittedTaunyaCoffman887
 
Please note a system that you work with frequently that has a major
Please note a system that you work with frequently that has a major Please note a system that you work with frequently that has a major
Please note a system that you work with frequently that has a major TaunyaCoffman887
 
Practical Research Planning and DesignTwelfth Edition
Practical Research Planning and DesignTwelfth EditionPractical Research Planning and DesignTwelfth Edition
Practical Research Planning and DesignTwelfth EditionTaunyaCoffman887
 
PAPER 1ABSTRACTThis paper takes a peak within the criminal
PAPER 1ABSTRACTThis paper takes a peak within the criminalPAPER 1ABSTRACTThis paper takes a peak within the criminal
PAPER 1ABSTRACTThis paper takes a peak within the criminalTaunyaCoffman887
 
NRNPPRAC 6665 & 6675 Focused SOAP Psychiatric Evaluation Exemplar
NRNPPRAC 6665 & 6675 Focused SOAP Psychiatric Evaluation ExemplarNRNPPRAC 6665 & 6675 Focused SOAP Psychiatric Evaluation Exemplar
NRNPPRAC 6665 & 6675 Focused SOAP Psychiatric Evaluation ExemplarTaunyaCoffman887
 
PLEASE READ CAREFULLY- Please use APA (7th edition) formatting
PLEASE READ CAREFULLY- Please use APA (7th edition) formattingPLEASE READ CAREFULLY- Please use APA (7th edition) formatting
PLEASE READ CAREFULLY- Please use APA (7th edition) formattingTaunyaCoffman887
 
Mass shootings – a short researchBackgroundA subset of nationa
Mass shootings – a short researchBackgroundA subset of nationaMass shootings – a short researchBackgroundA subset of nationa
Mass shootings – a short researchBackgroundA subset of nationaTaunyaCoffman887
 
I - Update Annotated bibliographyto educate yourself about
I - Update Annotated bibliographyto educate yourself aboutI - Update Annotated bibliographyto educate yourself about
I - Update Annotated bibliographyto educate yourself aboutTaunyaCoffman887
 
Discussion CultureYou are socialized within a culture the momen
Discussion CultureYou are socialized within a culture the momenDiscussion CultureYou are socialized within a culture the momen
Discussion CultureYou are socialized within a culture the momenTaunyaCoffman887
 
Given the growth in telecommuting and other mobile work arrangem
Given the growth in telecommuting and other mobile work arrangemGiven the growth in telecommuting and other mobile work arrangem
Given the growth in telecommuting and other mobile work arrangemTaunyaCoffman887
 
District management involves many important components (I.E., organi
District management involves many important components (I.E., organiDistrict management involves many important components (I.E., organi
District management involves many important components (I.E., organiTaunyaCoffman887
 
Develop a 4-6 page holistic intervention plan design to improve th
Develop a 4-6 page holistic intervention plan design to improve thDevelop a 4-6 page holistic intervention plan design to improve th
Develop a 4-6 page holistic intervention plan design to improve thTaunyaCoffman887
 
After studying the course materials located on Module 5 Lectu
After studying the course materials located on Module 5 LectuAfter studying the course materials located on Module 5 Lectu
After studying the course materials located on Module 5 LectuTaunyaCoffman887
 
1. Big data is a common topic when discussing structured and uns
1. Big data is a common topic when discussing structured and uns1. Big data is a common topic when discussing structured and uns
1. Big data is a common topic when discussing structured and unsTaunyaCoffman887
 
Copyright 2022 Post University. ALL RIGHTS RESERVED
Copyright 2022 Post University. ALL RIGHTS RESERVED Copyright 2022 Post University. ALL RIGHTS RESERVED
Copyright 2022 Post University. ALL RIGHTS RESERVED TaunyaCoffman887
 
Create two formative assessments. One assessment is for students
Create two formative assessments. One assessment is for studentsCreate two formative assessments. One assessment is for students
Create two formative assessments. One assessment is for studentsTaunyaCoffman887
 
Adapted from the PICOT Questions Template; Ellen Fineout-Overh
Adapted from the PICOT Questions Template; Ellen Fineout-OverhAdapted from the PICOT Questions Template; Ellen Fineout-Overh
Adapted from the PICOT Questions Template; Ellen Fineout-OverhTaunyaCoffman887
 
1Felicity S. MillerDate April XX, 2022 Preparer
1Felicity S. MillerDate April XX, 2022 Preparer 1Felicity S. MillerDate April XX, 2022 Preparer
1Felicity S. MillerDate April XX, 2022 Preparer TaunyaCoffman887
 
Unit II Assignment WorksheetThis worksheet is intended to help y
Unit II Assignment WorksheetThis worksheet is intended to help yUnit II Assignment WorksheetThis worksheet is intended to help y
Unit II Assignment WorksheetThis worksheet is intended to help yTaunyaCoffman887
 
© The Author(s) 2017. Published by Oxford University Press on
© The Author(s) 2017. Published by Oxford University Press on © The Author(s) 2017. Published by Oxford University Press on
© The Author(s) 2017. Published by Oxford University Press on TaunyaCoffman887
 
[Name of Capstone Paper][Student Name] University
[Name of Capstone Paper][Student Name] University [Name of Capstone Paper][Student Name] University
[Name of Capstone Paper][Student Name] University TaunyaCoffman887
 
What is the risk of not conducting a feasibility analysisHow ar
What is the risk of not conducting a feasibility analysisHow arWhat is the risk of not conducting a feasibility analysisHow ar
What is the risk of not conducting a feasibility analysisHow arTaunyaCoffman887
 
What is the impact of contextual factors on advocacy and policy Con
What is the impact of contextual factors on advocacy and policy ConWhat is the impact of contextual factors on advocacy and policy Con
What is the impact of contextual factors on advocacy and policy ConTaunyaCoffman887
 

More Related Content

More from TaunyaCoffman887

PAPER 1ABSTRACTThis paper takes a peak within the criminal
PAPER 1ABSTRACTThis paper takes a peak within the criminalPAPER 1ABSTRACTThis paper takes a peak within the criminal
PAPER 1ABSTRACTThis paper takes a peak within the criminalTaunyaCoffman887
 
NRNPPRAC 6665 & 6675 Focused SOAP Psychiatric Evaluation Exemplar
NRNPPRAC 6665 & 6675 Focused SOAP Psychiatric Evaluation ExemplarNRNPPRAC 6665 & 6675 Focused SOAP Psychiatric Evaluation Exemplar
NRNPPRAC 6665 & 6675 Focused SOAP Psychiatric Evaluation ExemplarTaunyaCoffman887
 
PLEASE READ CAREFULLY- Please use APA (7th edition) formatting
PLEASE READ CAREFULLY- Please use APA (7th edition) formattingPLEASE READ CAREFULLY- Please use APA (7th edition) formatting
PLEASE READ CAREFULLY- Please use APA (7th edition) formattingTaunyaCoffman887
 
Mass shootings – a short researchBackgroundA subset of nationa
Mass shootings – a short researchBackgroundA subset of nationaMass shootings – a short researchBackgroundA subset of nationa
Mass shootings – a short researchBackgroundA subset of nationaTaunyaCoffman887
 
I - Update Annotated bibliographyto educate yourself about
I - Update Annotated bibliographyto educate yourself aboutI - Update Annotated bibliographyto educate yourself about
I - Update Annotated bibliographyto educate yourself aboutTaunyaCoffman887
 
Discussion CultureYou are socialized within a culture the momen
Discussion CultureYou are socialized within a culture the momenDiscussion CultureYou are socialized within a culture the momen
Discussion CultureYou are socialized within a culture the momenTaunyaCoffman887
 
Given the growth in telecommuting and other mobile work arrangem
Given the growth in telecommuting and other mobile work arrangemGiven the growth in telecommuting and other mobile work arrangem
Given the growth in telecommuting and other mobile work arrangemTaunyaCoffman887
 
District management involves many important components (I.E., organi
District management involves many important components (I.E., organiDistrict management involves many important components (I.E., organi
District management involves many important components (I.E., organiTaunyaCoffman887
 
Develop a 4-6 page holistic intervention plan design to improve th
Develop a 4-6 page holistic intervention plan design to improve thDevelop a 4-6 page holistic intervention plan design to improve th
Develop a 4-6 page holistic intervention plan design to improve thTaunyaCoffman887
 
After studying the course materials located on Module 5 Lectu
After studying the course materials located on Module 5 LectuAfter studying the course materials located on Module 5 Lectu
After studying the course materials located on Module 5 LectuTaunyaCoffman887
 
1. Big data is a common topic when discussing structured and uns
1. Big data is a common topic when discussing structured and uns1. Big data is a common topic when discussing structured and uns
1. Big data is a common topic when discussing structured and unsTaunyaCoffman887
 
Copyright 2022 Post University. ALL RIGHTS RESERVED
Copyright 2022 Post University. ALL RIGHTS RESERVED Copyright 2022 Post University. ALL RIGHTS RESERVED
Copyright 2022 Post University. ALL RIGHTS RESERVED TaunyaCoffman887
 
Create two formative assessments. One assessment is for students
Create two formative assessments. One assessment is for studentsCreate two formative assessments. One assessment is for students
Create two formative assessments. One assessment is for studentsTaunyaCoffman887
 
Adapted from the PICOT Questions Template; Ellen Fineout-Overh
Adapted from the PICOT Questions Template; Ellen Fineout-OverhAdapted from the PICOT Questions Template; Ellen Fineout-Overh
Adapted from the PICOT Questions Template; Ellen Fineout-OverhTaunyaCoffman887
 
1Felicity S. MillerDate April XX, 2022 Preparer
1Felicity S. MillerDate April XX, 2022 Preparer 1Felicity S. MillerDate April XX, 2022 Preparer
1Felicity S. MillerDate April XX, 2022 Preparer TaunyaCoffman887
 
Unit II Assignment WorksheetThis worksheet is intended to help y
Unit II Assignment WorksheetThis worksheet is intended to help yUnit II Assignment WorksheetThis worksheet is intended to help y
Unit II Assignment WorksheetThis worksheet is intended to help yTaunyaCoffman887
 
© The Author(s) 2017. Published by Oxford University Press on
© The Author(s) 2017. Published by Oxford University Press on © The Author(s) 2017. Published by Oxford University Press on
© The Author(s) 2017. Published by Oxford University Press on TaunyaCoffman887
 
[Name of Capstone Paper][Student Name] University
[Name of Capstone Paper][Student Name] University [Name of Capstone Paper][Student Name] University
[Name of Capstone Paper][Student Name] University TaunyaCoffman887
 
What is the risk of not conducting a feasibility analysisHow ar
What is the risk of not conducting a feasibility analysisHow arWhat is the risk of not conducting a feasibility analysisHow ar
What is the risk of not conducting a feasibility analysisHow arTaunyaCoffman887
 
What is the impact of contextual factors on advocacy and policy Con
What is the impact of contextual factors on advocacy and policy ConWhat is the impact of contextual factors on advocacy and policy Con
What is the impact of contextual factors on advocacy and policy ConTaunyaCoffman887
 

More from TaunyaCoffman887 (20)

PAPER 1ABSTRACTThis paper takes a peak within the criminal
PAPER 1ABSTRACTThis paper takes a peak within the criminalPAPER 1ABSTRACTThis paper takes a peak within the criminal
PAPER 1ABSTRACTThis paper takes a peak within the criminal
 
NRNPPRAC 6665 & 6675 Focused SOAP Psychiatric Evaluation Exemplar
NRNPPRAC 6665 & 6675 Focused SOAP Psychiatric Evaluation ExemplarNRNPPRAC 6665 & 6675 Focused SOAP Psychiatric Evaluation Exemplar
NRNPPRAC 6665 & 6675 Focused SOAP Psychiatric Evaluation Exemplar
 
PLEASE READ CAREFULLY- Please use APA (7th edition) formatting
PLEASE READ CAREFULLY- Please use APA (7th edition) formattingPLEASE READ CAREFULLY- Please use APA (7th edition) formatting
PLEASE READ CAREFULLY- Please use APA (7th edition) formatting
 
Mass shootings – a short researchBackgroundA subset of nationa
Mass shootings – a short researchBackgroundA subset of nationaMass shootings – a short researchBackgroundA subset of nationa
Mass shootings – a short researchBackgroundA subset of nationa
 
I - Update Annotated bibliographyto educate yourself about
I - Update Annotated bibliographyto educate yourself aboutI - Update Annotated bibliographyto educate yourself about
I - Update Annotated bibliographyto educate yourself about
 
Discussion CultureYou are socialized within a culture the momen
Discussion CultureYou are socialized within a culture the momenDiscussion CultureYou are socialized within a culture the momen
Discussion CultureYou are socialized within a culture the momen
 
Given the growth in telecommuting and other mobile work arrangem
Given the growth in telecommuting and other mobile work arrangemGiven the growth in telecommuting and other mobile work arrangem
Given the growth in telecommuting and other mobile work arrangem
 
District management involves many important components (I.E., organi
District management involves many important components (I.E., organiDistrict management involves many important components (I.E., organi
District management involves many important components (I.E., organi
 
Develop a 4-6 page holistic intervention plan design to improve th
Develop a 4-6 page holistic intervention plan design to improve thDevelop a 4-6 page holistic intervention plan design to improve th
Develop a 4-6 page holistic intervention plan design to improve th
 
After studying the course materials located on Module 5 Lectu
After studying the course materials located on Module 5 LectuAfter studying the course materials located on Module 5 Lectu
After studying the course materials located on Module 5 Lectu
 
1. Big data is a common topic when discussing structured and uns
1. Big data is a common topic when discussing structured and uns1. Big data is a common topic when discussing structured and uns
1. Big data is a common topic when discussing structured and uns
 
Copyright 2022 Post University. ALL RIGHTS RESERVED
Copyright 2022 Post University. ALL RIGHTS RESERVED Copyright 2022 Post University. ALL RIGHTS RESERVED
Copyright 2022 Post University. ALL RIGHTS RESERVED
 
Create two formative assessments. One assessment is for students
Create two formative assessments. One assessment is for studentsCreate two formative assessments. One assessment is for students
Create two formative assessments. One assessment is for students
 
Adapted from the PICOT Questions Template; Ellen Fineout-Overh
Adapted from the PICOT Questions Template; Ellen Fineout-OverhAdapted from the PICOT Questions Template; Ellen Fineout-Overh
Adapted from the PICOT Questions Template; Ellen Fineout-Overh
 
1Felicity S. MillerDate April XX, 2022 Preparer
1Felicity S. MillerDate April XX, 2022 Preparer 1Felicity S. MillerDate April XX, 2022 Preparer
1Felicity S. MillerDate April XX, 2022 Preparer
 
Unit II Assignment WorksheetThis worksheet is intended to help y
Unit II Assignment WorksheetThis worksheet is intended to help yUnit II Assignment WorksheetThis worksheet is intended to help y
Unit II Assignment WorksheetThis worksheet is intended to help y
 
© The Author(s) 2017. Published by Oxford University Press on
© The Author(s) 2017. Published by Oxford University Press on © The Author(s) 2017. Published by Oxford University Press on
© The Author(s) 2017. Published by Oxford University Press on
 
[Name of Capstone Paper][Student Name] University
[Name of Capstone Paper][Student Name] University [Name of Capstone Paper][Student Name] University
[Name of Capstone Paper][Student Name] University
 
What is the risk of not conducting a feasibility analysisHow ar
What is the risk of not conducting a feasibility analysisHow arWhat is the risk of not conducting a feasibility analysisHow ar
What is the risk of not conducting a feasibility analysisHow ar
 
What is the impact of contextual factors on advocacy and policy Con
What is the impact of contextual factors on advocacy and policy ConWhat is the impact of contextual factors on advocacy and policy Con
What is the impact of contextual factors on advocacy and policy Con
 

Unlimited Attempts AllowedDetailsVirtual Labs  Dumping and Crac

  • 1. Unlimited Attempts AllowedDetails Virtual Labs: Dumping and Cracking SAM Hashes to Extract Plain text Passwords Consider what you have learned so far about Attack Vectors and Countermeasures as you review the objectives and scenario below. Complete the 2 labs that follow on EC-Council's website using the link below. Objective Lab 1 The goal of system hacking is to gain access, escalate privileges, execute applications, and hide files. The objective of this lab is to help students learn to monitor a system remotely and to extract hidden files and other tasks that include: Extracting administrative passwords Hiding files and extracting hidden files Recovering passwords Monitoring a system remotely Scenario Password hacking is one of the easiest and most common ways hackers obtain an unauthorized computer or network access. Although strong passwords that are difficult to crack (or guess) are easy to create and maintain, users often neglect this. Therefore, passwords are one of the weakest links in the information security chain.
  • 2. Passwords rely on secrecy. After a password is compromised, its original owner isn’t the only person who can access the system with it. Hackers have many ways to obtain passwords. They can obtain passwords from local computers by using password-cracking software. To obtain passwords from across a network, they can use remote cracking utilities or network analyzers. The labs in this module demonstrate just how easily hackers can gather password information from your network, and describe password vulnerabilities that exist in computer networks, as well as countermeasures to help prevent these vulnerabilities from being exploited on your systems. Week 5 Lab Assignment 1: Dumping and Cracking SAM Hashes to Extract Plaintext Passwords Lab Task: The objective of this lab is to help students learn how to: Use the pwdump7 tool to extract password hashes Use the Ophcrack tool to crack the passwords and obtain plain text passwords Lab Description: The Security Account Manager (SAM) is a database file present on Windows machines that stores user accounts and security descriptors for users on a local computer. It stores users' passwords in a hashed format (in LM hash and NTLM hash).
  • 3. Because a hash function is one-way, this provides some measure of security for the storage of the passwords. In a system hacking life cycle, attackers generally dump operating system password hashes immediately after a compromise of the target machine. The password hashes enable attackers to launch a variety of attacks on the system, including password cracking, pass the hash, unauthorized access of other systems using the same passwords, password analysis, and pattern recognition, in order to crack other passwords in the target environment. You need to have administrator access to dump the contents of the SAM file. Assessment of password strength is a critical milestone during your security assessment engagement. You will start your password assessment with a simple SAM hash dump and running it with a hash decryptor to uncover plaintext passwords. Pwdump7 can also be used to dump protected files. You can always copy a used file by executing pwdump7.exe -d c:lockedfile.dat backup-lockedfile.dat. Rainbow tables for LM hashes of alphanumeric passwords are provided for free by the developers. By default, Ophcrack is bundled with tables that allow it to crack passwords not longer than 14 characters using only alphanumeric characters. Rainbow tables for LM hashes of alphanumeric passwords are provided for free by the developers. By default, Ophcrack is bundled with tables that allow it to crack passwords not longer than 14 characters using only alphanumeric characters. Objective Lab 2 With the help of malicious applications, attackers get access to stored passwords and can read personal documents, delete files,
  • 4. display pictures, and/or display messages on the screen. According to a recent report by Symantec, more than 317 million new pieces of malware—computer viruses or other malicious software—were created in the year 2014. That means nearly one million new threats were released each day. Malware has the ability to perform various malicious activities that might range from simple email advertising to complex identity theft and password stealing. Malware programmers design code that: Attacks browsers and track websites visited Affects system performance, making it very slow Causes hardware failure, rendering the computer inoperable Steals personal information (including contacts, etc.) Erases important information, resulting in potential huge loss of data Attacks other computers from a single compromised system Spams inboxes with advertising emails The objectives of this lab include: Creating a server and testing the network for attack Detecting Malware Attacking a network using sample Trojans and documenting all vulnerabilities and flaws detected
  • 5. Scenario Malware poses a major security threat to information security. Malware writers explore new attack vectors to exploit vulnerabilities in information systems. This leads to ever more sophisticated malware attacks, including drive-by malware, “mal-advertising” (or “malvertising”), Advanced Persistent Threats, and so on. Though organizations try hard to defend themselves using comprehensive security policies and advanced anti-malware controls, the current trend indicates that malware applications are targeting the “lower-hanging fruit” of: under- secured smartphones, mobile applications, social media, and cloud services. The problem is further complicated because of threat predictions. As McAfee stated in its Threats Report published in February 2015, “Small nation-states and foreign terror groups will take to cyberspace to conduct warfare against their enemies. They will attack by launching crippling distributed denial of service attacks or using malware that wipes the master boot record to destroy their enemies’ networks.” Assessing an organization’s information system against malware threats is a major challenge today because of the quickly-changing nature of malware threats. Defenders need to be well versed in the latest developments in this field and understand the basic functioning of malware, as well as have an ability to select and implement controls appropriate to your organization and its needs. The labs in this module will provide a first-hand experience with various techniques that attackers use to write and propagate malware. You will also learn how to effectively select security controls to
  • 6. protect your information assets from malware threats. Week 5 Lab Assignment 2: Creating a Server using the ProRat Tool Lab Task: The objective of this lab is to help students learn to detect Trojan and backdoor attacks. The objectives of this lab include: Creating a server and testing the network for attack Detecting Malware Attacking a network using sample Trojans and documenting all vulnerabilities and flaws detected Lab Description: ProRat is a remote administration tool (RAT) written in C programming language and is capable of working with all Windows operating systems. The main purpose of this RAT is to access one’s own computers remotely. As with other Trojan horses, ProRat uses a client and server. It opens a port on the computer, which allows the client to perform numerous operations on the server (the victim machine). Some of the ProRat’s malicious actions on the victim's machine:
  • 7. Logging keystrokes Stealing passwords Full control over files Drive formatting Open/close CD tray Hide taskbar, desktop, and start button View system information Access the lab here: EC-Council | iLabs (Links to an external site.) Submit proof of this assignment completion by uploading and submitting a screenshot of the graded lab from EC-Council Labs. Refer to the Course Projects page for more information on project submissions.