This document describes two security labs - a social engineering lab and a physical security lab. In the social engineering lab, students are instructed to find a phishing email in their junk folder and analyze why it is considered spam. The physical security lab simulates a situation where an attacker exploits physical security vulnerabilities to access a company's network and steal password hashes from one of the Windows computers. Students are guided through steps as an attacker to gain remote desktop access to the target computer, export registry files containing password hashes, and use a tool to extract and view the password hashes, including that of the Administrator account.

1. Lab-12: Social Engineering and Physical Security
The first section of Lab-11 will be different than what you have
been doing in the Labs till today. You will search your junk e-
mail folder to find a spam/phishing e-mail and provide insights
on the discovered e-mail. Please be careful and don’t click in
the links in the e-mail you found. The second section of the lab
is a simulation of a physical security breach. It shows how
things can be more comfortable for malicious users and
especially for an insider when physical security is not
strong.Section-1: Social Engineering Lab
Social engineering attacks are usually performed case by case,
meaning that it is not generally possible to automate and scale
the tasks. Because it requires interacting with people in person
or over the phone. The main goal is to convince people to do
something for the hacker, such as sharing a password, doing
some configuration, etc. Phishing e-mails is one of the methods
that hackers can use in social engineering campaigns. Phishing
e-mails can be regarded as a scalable and automated way of
making social engineering attacks.
Phishing e-mails are considered spam/junk e-mail by most e-
mail service providers such as Gmail and Outlook.
Advanced and targeted phishing e-mails may harm your
computer, even if you haven't clicked on any link in the e-mail,
meaning that just opening the e-mail might harm your computer.
These kinds of phishing e-mails use the browser or e-mail
client's vulnerabilities on which you open the e-mail.
Important: Before starting this lab,
make sure that
your browser and e-mail client is up-to-date. Check
your antivirus definition database to confirm that it is up-to-
date. You can also consider using Kali VM on your computer
for this lab; the only thing is that you will have to log in to your

2. e-mail service from the browser.
After completing all of these pre-checks:
1) Go to your spam/junk e-mail folder
2) Find a phishing/spam e-mail
Be cautious and don’t click any link as it may contain links to
malicious websites and files
3)
Take a screenshot of the phishing/spam e-mail
4) Explain why it is a spam e-mailSection-2: Physical Security
Lab
Physical security can be considered as an essential aspect of
cybersecurity. From a technical perspective, it is usually easier
to steal information from a physically not secured
device/environment than from a physically secured
device/environment. In addition to conventional physical
security countermeasures, computer hard drives should be fully
encrypted. BIOS access should be restricted by a password.
Computers should be configured not to boot from external
media such as a USB. Otherwise, attackers with physical access
can boot the system from his/her media and perform malicious
acts such as stealing information, installing rootkits, and wiping
hard drive.
Assume that you access the physical premises of a company by
exploiting the vulnerabilities in physical security procedures.
You bring your laptop with you (Kali Linux on Netlab
environment) and plug it to the company network. You assign
an IP address to your computer and finally access to the
network. The target is one of the Windows 7 computers in the
network. Your motivation is to steal the password hash of the
Administrator account on that computer. Because you know that
the company has been using the same password in different
systems. You already know the password of the ms user on
Windows 7.
Now follow the following steps to steal the password hashes.

3. 1) Log in to Kali Linux on the Netlab Environment
Assume that this is your laptop, and you already gained access
to the company network.
2)
Open a terminal window and type
rdesktop 192.168.2.13 -r disk:tmp=/root/Desktop
This command will open a remote desktop connection to
Windows 7 Target and map the Desktop of root account on Kali
to Windows 7 Target so that as the attacker, you will be able to
copy the file with password hashes to the attacker computer
(Kali) easily.
3) Type yes for the “Do you trust this certificate?” question
4) You will see the login screen of the Windows 7 Target
5) Click Other User
6) Type username as
ms and password as
ms
7) Click the start menu, right-click on Command Prompt icon,
click on
Run as administrator, and click on Yes
8) Type
reg save HKLMSAM c:SAM and press enter
Reg is a built-in Windows command that helps system
administrators automate register administration tasks (such as
view, query, delete, import, export, change). At the hands of an
attacker, this tool can turn into a weapon like many other
system administration tools.
In this specific command, you export the portion of the registry
that stores username and password hashes of the accounts. But
it has an encryption layer, and you have to decrypt it to see the
usernames and password hashes.
9) Type
reg save HKLMSYSTEM c:SYSTEM and press enter

4. In this command, you export yet another critical portion of the
registry. In our context, you will get the syskey from this file
and use it to decrypt the SAM file you export in the previous
step.
10) Double click Computer icon on the desktop, open C drive
and confirm that SAM and SYSTEM files have been created.
11)
Select both files, right-click on them and click ‘Copy’
12) Revert to My Computer view as performed in Step-10. You
will see the Desktop of the root account on Kali is mapped as
tmp, as shown below.
13)
Paste the files you copied in the previous step into this
mapped drive.
14) Log out of Windows 7 Target
15) Confirm that SAM and SYSTEM files are on the desktop of
Kali
16) At the terminal windows, type
cd Desktop to change the directory to the Desktop
(Notice that D is capital)
17)
Type
samdump2 SYSTEM SAM in the terminal window to
extract the usernames and password hashes. The obvious next
step for an attacker would be to crack the Administrator
password by performing a brute force attack against hashes.
Take a screenshot of the terminal window showing the account
information.
Weekly Learning and Reflection
In two to three paragraphs (i.e., sentences, not bullet lists) using

5. APA style citations if needed, summarize, and interact with the
content covered in this lab. Summarize what you did as an
attacker, what kind of vulnerabilities did you exploit, what
might have prevented these attacks. Mention the attackers and
all of the targets in your summary. You can provide topologies,
sketches, graphics if you want. In particular, highlight what
surprised, enlightened, or otherwise engaged you. You should
think and write critically, not just about what was presented but
also what you have learned through the session. You can ask
questions for the things you're confused about. Questions asked
here will be summarized and answered anonymously in the next
class.
image1.png