Unlimited Attempts AllowedDetails
Virtual Labs: Dumping and Cracking SAM Hashes to Extract Plain text Passwords
Consider what you have learned so far about Attack Vectors and Countermeasures as you review the objectives and scenario below. Complete the 2 labs that follow on EC-Council’s website using the link below.
Objective Lab 1
The goal of system hacking is to gain access, escalate privileges, execute applications, and hide files. The objective of this lab is to help students learn to monitor a system remotely and to extract hidden files and other tasks that include:
- Extracting administrative passwords
- Hiding files and extracting hidden files
- Recovering passwords
- Monitoring a system remotely
Scenario
Password hacking is one of the easiest and most common ways hackers obtain an unauthorized computer or network access. Although strong passwords that are difficult to crack (or guess) are easy to create and maintain, users often neglect this. Therefore, passwords are one of the weakest links in the information security chain.
Passwords rely on secrecy. After a password is compromised, its original owner isn’t the only person who can access the system with it. Hackers have many ways to obtain passwords. They can obtain passwords from local computers by using password-cracking software. To obtain passwords from across a network, they can use remote cracking utilities or network analyzers.
The labs in this module demonstrate just how easily hackers can gather password information from your network, and describe password vulnerabilities that exist in computer networks, as well as countermeasures to help prevent these vulnerabilities from being exploited on your systems.
Week 5 Lab Assignment 1: Dumping and Cracking SAM Hashes to Extract Plaintext Passwords
Lab Task:
The objective of this lab is to help students learn how to:
- Use the pwdump7 tool to extract password hashes
- Use the Ophcrack tool to crack the passwords and obtain plain text passwords
Lab Description:
The Security Account Manager (SAM) is a database file present on Windows machines that stores user accounts and security descriptors for users on a local computer. It stores users’ passwords in a hashed format (in LM hash and NTLM hash). Because a hash function is one-way, this provides some measure of security for the storage of the passwords.
In a system hacking life cycle, attackers generally dump operating system password hashes immediately after a compromise of the target machine. The password hashes enable attackers to launch a variety of attacks on the system, including password cracking, pass the hash, unauthorized access of other systems using the same passwords, password analysis, and pattern recognition, in order to crack other passwords in the target environment.
You need to have administrator access to dump the contents of the SAM file. Assessment of password strength is a critical milestone during your security assessment engagement. You will start your password assessment with a simple SAM hash dump and running it with a hash decryptor to uncover plaintext passwords.
Pwdump7 can also be used to dump protected files. You can always copy a used file by executing pwdump7.exe -d c:\lockedfile.dat backup-lockedfile.dat. Rainbow tables for LM hashes of alphanumeric passwords are provided for free by the developers. By default, Ophcrack is bundled with tables that allow it to crack passwords not longer than 14 characters using only alphanumeric characters.
Rainbow tables for LM hashes of alphanumeric passwords are provided for free by the developers. By default, Ophcrack is bundled with tables that allow it to crack passwords not longer than 14 characters using only alphanumeric characters.
Objective Lab 2
With the help of malicious applications, attackers get access to stored passwords and can read personal documents, delete files, display pictures, and/or display messages on the screen.
According to a recent report by Symantec, more than 317 million new pieces of malware—computer viruses or other malicious software—were created in the year 2014. That means nearly one million new threats were released each day. Malware has the ability to perform various malicious activities that might range from simple email advertising to complex identity theft and password stealing. Malware programmers design code that:
- Attacks browsers and track websites visited
- Affects system performance, making it very slow
- Causes hardware failure, rendering the computer inoperable
- Steals personal information (including contacts, etc.)
- Erases important information, resulting in potential huge loss of data
- Attacks other computers from a single compromised system
- Spams inboxes with advertising emails
The objectives of this lab include:
- Creating a server and testing the network for attack
- Detecting Malware
- Attacking a network using sample Trojans and documenting all vulnerabilities and flaws detected
Scenario
Malware poses a major security threat to information security. Malware writers explore new attack vectors to exploit vulnerabilities in information systems. This leads to ever more sophisticated malware attacks, including drive-by malware, “mal-advertising” (or “malvertising”), Advanced Persistent Threats, and so on. Though organizations try hard to defend themselves using comprehensive security policies and advanced anti-malware controls, the current trend indicates that malware applications are targeting the “lower-hanging fruit” of: under-secured smartphones, mobile applications, social media, and cloud services. The problem is further complicated because of threat predictions.
As McAfee stated in its Threats Report published in February 2015, “Small nation-states and foreign terror groups will take to cyberspace to conduct warfare against their enemies. They will attack by launching crippling distributed denial of service attacks or using malware that wipes the master boot record to destroy their enemies’ networks.” Assessing an organization’s information system against malware threats is a major challenge today because of the quickly-changing nature of malware threats.
Defenders need to be well versed in the latest developments in this field and understand the basic functioning of malware, as well as have an ability to select and implement controls appropriate to your organization and its needs. The labs in this module will provide a first-hand experience with various techniques that attackers use to write and propagate malware. You will also learn how to effectively select security controls to protect your information assets from malware threats.
Week 5 Lab Assignment 2: Creating a Server using the ProRat Tool
Lab Task:
The objective of this lab is to help students learn to detect Trojan and backdoor attacks. The objectives of this lab include:
- Creating a server and testing the network for attack
- Detecting Malware
- Attacking a network using sample Trojans and documenting all vulnerabilities and flaws detected
Lab Description:
ProRat is a remote administration tool (RAT) written in C programming language and is capable of working with all Windows operating systems. The main purpose of this RAT is to access one’s own computers remotely. As with other Trojan horses, ProRat uses a client and server. It opens a port on the computer, which allows the client to perform numerous operations on the server (the victim machine).
Some of the ProRat’s malicious actions on the victim’s machine:
- Logging keystrokes
- Stealing passwords
- Full control over files
- Drive formatting
- Open/close CD tray
- Hide taskbar, desktop, and start button
- View system information
Access the lab here: EC-Council | iLabs (Links to an external site.)
Submit proof of this assignment completion by uploading and submitting a screenshot of the graded lab from EC-Council Labs. Refer to the Course Projects page for more information on project submissions.