1. Trang chủ
  2. » Giáo án - Bài giảng

CEH v8 labs module 05 System hacking

117 694 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 117
Dung lượng 4,56 MB

Nội dung

CEH Lab Manual System Hacking Module 05 Module 05 - System Hacking System Hacking System hacking is the science of testing computers and networkfor vulnerabilities and plug-ins Lab Scenario {— I Valuable intommtion _ Test your knowledge a* Web exercise £Q! Workbook review Password hacking 1s one o f the easiest and most common ways hackers obtain unauthorized computer 01‫ ־‬network access Although strong passwords that are difficult to crack (or guess) are easy to create and maintain, users often neglect tins Therefore, passwords are one of the weakest links 111 die uiformation-secunty chain Passwords rely 011 secrecy After a password is compromised, its original owner isn’t the only person who can access the system with it Hackers have many ways to obtain passwords Hackers can obtain passwords from local computers by using password-cracking software To obtain passwords from across a network, hackers can use remote cracking utilities 01‫ ־‬network analyzers Tins chapter demonstrates just how easily hackers can gather password information from your network and descnbes password vulnerabilities diat exit 111 computer networks and countermeasures to help prevent these vulnerabilities from being exploited 011 vour systems Lab Objectives The objective o f tins lab is to help students learn to m onitor a system rem otely and to extract hidden files and other tasks that include: [‫ “׳‬Tools dem onstrated in this lab are available in D:\CEHTools\CEHv8 Module 05 System Hacking ■ Extracting administrative passwords ■ HicUng files and extracting hidden files ■ Recovering passwords ■ Monitoring a system remotely Lab Environment To earn‫ ־‬out die lab you need: ■ A computer running Windows Server 2012 ■ A web browser with an Internet connection ■ Administrative pnvileges to run tools Lab Duration Tune: 100 Minutes C E H L ab M an u al Page E th ical H a ck in g and C ounterm easures Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited Module 05 - System Hacking Overview of System Hacking The goal o f system hacking is to gain access, escalate privileges, execute applications, and hide files stask Overview Lab Tasks Recommended labs to assist you 111 system hacking: ■ Extracting Administrator Passwords Using LCP ■ Hiding Files Using NTFS Stream s ■ Find Hidden Files Using ADS Spy ■ Hiding Files Using the Stealth Files Tool ■ Extracting SAM Hashes Using PWdump7 Tool ■ Creating die Rainbow Tables Using Winrtge ■ Password Cracking Using RainbowCrack ■ Extracting Administrator Passwords Using LOphtCrack ■ Password Cracking Using Ophcrack ■ System Monitoring Using R em oteE xec ■ Hiding Data Using Snow Steganography ■ Viewing, Enabling and Clearing the Audit Policies Using Auditpol ■ Password Recovery Using CHNTPW.ISO ■ User System Monitoring and Surveillance Needs Using Spytech Spy Agent ■ Web Activity Monitoring and Recording using Power Spy 2013 ■ Image Steganography Using Q uickStego Lab Analysis Analyze and document the results related to the lab exercise Give your opinion on the target’s security posture and exposure PLEASE TALK TO YOUR I N S T R U C T O R IF YOU HAVE Q U E S T IO N S R E L A T E D T O T H I S L AB C E H L ab M an u al Page 309 E th ica l H a ck in g and C ounterm easures Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited Module 05 - System Hacking Extracting Administrator Passwords Using LCP Link Control Protocol (LCP) ispart of the Point-to-Point (PPP)protocol In PPP communications, both the sending and receiving devices send out LCP packets to determine specific information requiredfor data transmission Lab Scenario l£^7 Valuable information S Test your knowledge *a Web exercise £ Q Workbook review Hackers can break weak password storage mechanisms by using cracking methods that outline 111 this chapter Many vendors and developers believe that passwords are safe from hackers if they don’t publish the source code for their encryption algorithms After the code is cracked, it is soon distributed across the Internet and becomes public knowledge Password-cracking utilities take advantage o f weak password encryption These utilities the grunt work and can crack any password, given enough time and computing power In order to be an expert ethical hacker and penetration tester, you m ust understand how to crack administrator passwords Lab Objectives Tlie objective o f tins lab is to help students learn how to crack administrator passwords for ethical purposes 111 this lab you will learn how to: ^^Tools dem onstrated in this lab are available in D:\CEHTools\CEHv8 Module 05 System Hacking C E H L ab M an u al Page 310 ■ Use an LCP tool ■ Crack administrator passwords Lab Environment To carry out the lab you need: ‫י‬ LCP located at D:\CEH-Tools\CEHv8 Module 05 System H acking\Passw ord Cracking Tools\LCP ■ You can also download the latest version o f LCP from the link http: / www.lcpsoft.com/engl1sh/1ndex.htm E th ica l H a ck in g and C ounterm easures Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited Module 05 - System Hacking ■ If you decide to download the la te st version, then screenshots shown 111 the lab might differ ■ Follow the wizard driven installation instructions ■ Run this tool 111 W indows Server 2012 ■ Administrative privileges to run tools ■ TCP/IP settings correctly configured and an accessible DNS server Lab Duration Time: 10 Minutes Overview of LCP LCP program mainly audits user account passw ords and recovers diem 111 Windows 2008 and 2003 General features o f diis protocol are password recovery, brute force session distribution, account information importing, and hashing It can be used to test password security, or to recover lost passwords Tlie program can import from die local (or remote) computer, or by loading a SAM, LC, LCS, PwDump or Smtt tile LCP supports dictionary attack, bmte lorce attack, as well as a hybrid ot dictionary and bmte torce attacks Lab Tasks TASK 1 Launch the Start menu by hovering the mouse cursor 011 the lower-left corner of the desktop Cracking Administrator Password S | Windows Server 2012 FIGURE 1.1: Windows Server 2012 —Desktop view Click the LCP app to launch LCP m You can also download LCP from http: / / www.lcpsoft.com C E H L ab M an u al Page 311 E th ical H a ck in g and C ounterm easures Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited Module 05 - System Hacking Start Administrator Server Manager Windows PowerShell Computer Control Panel T y Google Chrome Hyper-V Manager LCP tet *9 m Hyper-V Virtual Machine SQL Server Installation Center Mozilla Firefox Global Network Inventory ? Command Prompt £ Ifflfmrtbfimr a © II Nmap Zenmap GUI Woikspace Studio O Ku Dnktop FIGURE 1.2: Windows Server 2012 —Apps The LCP main window appears £ LCP supports additional encryption of accounts by SYSKEY at import from registry and export from SAM file TZI LCP File View Im port Session a c # ‫ "י‬Dictionaiy attack r ► ■6 Hybrid attack Dictionary word: User Name Help LM Password Ready fo r passwords recovering ?‫ ״ * * ■ ו‬a r Brute force attack I0 NT Password 0.0000 I 14 % done LM Hash NT Hash of passwords were found (0.000%) FIGURE 1.3: LCP main window From die menu bar, select Import and then Import from rem ote com puter C E H L ab M an u al Page 312 E th ical H a ck in g and C ounterm easures Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Module 05 - System Hacking LCP | File View | Im port | Session fh A Help e Im port From Local Computer Im port From Remote Computer Im port From SAM File Dictionary wc Im port From LC File User Name X done LM Hash Im port From LCS File NT Hash Im port From PwDump File Im port From Sniff File C Q l CP is logically a transport layer protocol according to the OSI model Ready fo r passwords recovering of passwords were found (0.000%) FIGURE 1.4: Import die remote computer Select Computer nam e or IP ad d ress, select the Import type as Import from registry, and click OK Import from remote computer File View In Computer OK Computet name ot IP address: r Dictionary at! Dictionary word: User Name □ WIN-039MR5HL9E4 Cancel Help Import type (•) Import from registry O Import from memory I I Encrypt transferred data C Q l c p checks die identity of the linked device and eidier accepts or rejects the peer device, then determines die acceptable packet size for transmission Connection Execute connection Shared resource: hpc$ User name: Administrator Password: I Hide password Ready for passw! FIGURE 1.5: Import from remote computer window The output window appears C E H L ab M an u al Page 313 E th ical H a ck in g and C ounterm easures Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited Module 05 - System Hacking _ LCP ‫[ ־‬C:\Program Files (x86)\LCP\pwd80013.txt] File View Im port Session r Dictionary attack Hybrid attack Dictionary word: User Name LM Password NO PASSWO Guest S Main purpose of LCP program is user account passwords auditing and recovery in Windows r 1• ‫© ״*®״ ׳‬ Brute force attack 10 r ^Adm inistrator x Help a e + l ► !?> ‫י יי‬ r □ 0.0000 NT Password NO PASSWO 14 LM Hash X NO PASSWORD BE40C45QAB99713DF.J NO PASSWORD NO PASSWORD C25510219F66F9F12F.J X NT Hash ^ L A N G U A R D NO PASSWO X NO PASSWORD - C Martin NO PASSWO X NO PASSWORD 5EBE7DFA074DA8EE S Juggyboy NO PASSWO X NO PASSWORD 488CD CD D222531279 ■ fi Jason NO PASSWO X NO PASSWORD 2D 20D 252A479F485C - C Shiela NO PASSWO X NO PASSWORD 0CB6948805F797BF2 Ready fo r passwords recovering of passwords were found (14.286%) FIGURE 1.6: Importing the User Names N ow select any U ser Name and click the L1L4Play button Tins action generates passwords ‫־‬r a : LCP - [C:\Program Files (x86)\LCP\pwd80013.txt.lcp] File View Im port Session Help * o e 0 H 11 1 ^ ‫־‬8‫ ״׳‬l« M ‫ ״מ‬Dictionary attack r Hybrid attack Dictionary word: Administrate ‫ "י‬Brute force attack 14.2857 *d o n e / |7 Starting combination: ADMINISTRATORA User Name LM Password Ending combination: AD MINIS TRAT RZZ NT Password 14 x NO PASSWO x NT Hash NO PASSWORD BE40C45CAB99713DF NO PASSWORD NO PASSWORD - E lANGUAR NO PASSWO NO PASSWORD C25510219F66F9F12F ^ M a r t in NO PASSWO apple NO PASSWORD 5EBE7DFA074DA8EE ^Qjuqqyboy NO PASSWO green NO PASSWORD 488CDCD D222531279 ^ Jason NO PASSWO qwerty NO PASSWORD 2D20D252A479F485C ® S h ie la NO PASSWO test NO PASSWORD OCB6948805F797B F2 Passwords recovering interrupted x LM Hash o f passwords were found (71.429%) I FIGURE 1.7: LCP generates the password for the selected username Lab Analysis Document all die IP addresses and passwords extracted for respective IP addresses Use tins tool only for training purposes C E H L ab M anual Page 314 E th ical H a ck in g and C ounterm easures Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited Module 05 - System Hacking P L EA S E TALK TO Y OUR I N S T R U C T O R IF YOU HAVE Q U E S T I O N S R E L A T E D T O T H I S L AB Tool/Utility Information Collected/Objectives Achieved Remote Computer Name: W IN -D 39MR 5H L 9E Output: LCP User Name - ■ ■ ■ ■ - Martin Juggvboy Jason Sluela N T Password apple green qwerty test Questions \Y11at is the main purpose o f LCP? How von continue recovering passwords with LCP? Internet Connection Required □ Yes No Platform Supported Classroom C E H L ab M an u al Page 315 !Labs E th ica l H a ck in g and C ounterm easures Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited Module 05 - System Hacking Hiding Files Using NTFS Streams A stream consists of data associated rvith a main file or directory (known as the main unnamed stream) Each fie and directory in N TF S can have multiple data streams that aregenerally hiddenfrom the user Lab Scenario / Valuable information ' Test your knowledge SB Web exercise m Workbook review Once the hacker has fully hacked the local system, installed their backdoors and port redirectors, and obtained all the information available to them, they will proceed to hack other systems 011 the network Most often there are matching service, administrator, or support accounts residing 011 each system that make it easy for the attacker to compromise each system in a short am ount o f time As each new system is hacked, the attacker performs the steps outlined above to gather additional system and password information Attackers continue to leverage inform ation 011 each system until they identity passwords for accounts that reside 011 highly prized systems including payroll, root domain controllers, and web servers 111 order to be an expert ethical hacker and penetration tester, you m ust understand how to hide files using NTFS streams Lab Objectives The objective o f tins lab is to help students learn how to lnde files using NTFS streams & T ools It will teach you how to: dem onstrated in ■ Use NTFS streams this lab are available in ■ Hide tiles D:\CEHTools\CEHv8 Module 05 System Hacking To carry out the lab you need: Lab Environment C E H L ab M an u al Page ■ A com puter running W indows Server 2008 as virtual machine ■ Form atted C:\ drive NTFS E th ica l H a ck in g and C ounterm easures Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited Module 05 - System Hacking Completing Setup Setup has finished installing product on your computer Click Finish to exit the Setup Wizard Keystrokes Typed — log all keystrokes, including optional nonalphanumerical keys, typed with time, Windows username, application name and window caption FIGURE 15.2: Select die Agreement The Run a s adm inistrator window appears Click Run Run as administrator X W ith administrative rights, you can check, delete and export logs, change settings, and have complete access to the software m N et Chatting Conversations —monitor and record all latest version Windows Live Messenger / Skype / MSN Messenger / IC Q / AIM / Yahoo! Messenger’s BOTH SIDES chatting conversations with time, chat users, and all coming/outgoing messages FIGURE 15.3: Selecting folder for installation C E H L ab M anual Page 409 Tlie S etup login passw ord window appears Enter the password 111 the N ew passw ord field, and retype the same password 111 the Confirm passw ord held Click Submit E tliical H a ck in g and C ounterm easures Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Module 05 - System Hacking Setup login password Setup a password to login the software The password can include uppercase letters, lowercase letters, numbers and symbols Screen Snapshots — automatically captures screenshots of entire desktop or active windows at set intervals Save screenshots as JPEG format images on your computer harddisk Automatically stop screenshot when user is inactive New password: Confirm password: FIGURE 15.4: Selecting New Password The Information dialog box appears Click OK Information Your passw ord is created You w ill use it to lo g in th e software FIGU RE 15.5: password confirmation window The Enter login Passw ord window appears Enter the password (which is already set) 10 Click Submit Self-Actions —record Power Spy administrator operations, like start or stop monitoring FIGU RE 15.6: Enter the password C E H L ab M anual Page 410 E th ical H a ck in g and C ounterm easures Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Module 05 - System Hacking 11 £ Q Stealth Mode: Power Spy run absolutely invisibly under Windows systems and does not show in Windows task list Xone will know it’s running unless you tell them! You can also choose to hide or unhide Power Spy icon and its uninstall entry The R egister product window appears Click Later to continue Register product An icon is displayed on Desktop to disable Stealth Mode in trial version You can totally try the software on yourself Click Start monitoring and Stealth Mode on it's control panel, then anything as usual on the PC: visiting web sites, reading emails, chatting on facebook or Skype, etc Then, use your hotkey to unhide its control panel, and click an icon on the left to check logs You can also click Configuration to change settings, setup an email to receive logs from any location, such as a remote PC iPad or a smart phone If you like the product, click Purchase button below to buy and register it Stealth Mode will be enabled after it is unlocked with your registration information User Name: Unlock Code: FIGURE 15.7: Register product window 12 The main window o f Power Spy appears, as displayed figure Power Spy ‫ם‬ ea Task Schedule: You can set starting and ending time for eadi task to automatically start and stop the monitoring job Control Panel 111 die following Buy now © f Start monitoring Keystrokes w eb sites visited D ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ A p p licatio n s ® Stealth Mode jm * ® Configuration n clipboard 1‫׳‬ m ic ro p h o n e ex ec u te d Export all logs D elete all logs FIGU RE 15.8: Main window o f Power Spy 13 k t A S K Click Start monitoring Monitoring and Recording User Activities C E H L ab M anual Page 411 E th ical H a ck in g and C ounterm easures Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited Module 05 - System Hacking Power Spy ‫ם‬ Control Panel Buy now £ © f Start m onitoring Keystrokes websites visited ® Stealth Mode *m JP © Configuration ■■■■■ ■■■■■ ■■■■■ Applications executed n clipboard © About t microphone © Uninstall Export all logs y=i‫ ־‬JLogs View: choose to view different type of logs from program main interface You can delete selected logs or clear all logs, search logs or export lossing reports in HTML format D elete all logs FIGU RE 15.9: Start monitoring 14 The System R eboot R ecom m ended window appears Click OK System Reboot Recommended One or more monitoring features require system reboot to start working It is recommended to close the software first (click Stealth Mode or X on the right top corner), then restart your computer The message displays only once FIGU RE C E H L ab M anual Page 412 15 10: System Reboot Recommended w in d o w 15 Click Stealth Mode (stealth mode runs the Power Spy completely invisibly on the computer) 16 The Hotkey reminder window appears Click OK (to unhide Power Spy, use the Ctrl+Alt+X keys together on your PC keyboard) E th ical H a ck in g and C ounterm easures Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Module 05 - System Hacking Power Spy Control Panel ‫ם‬ Buy now | g ® f Stop monitoring Keystrokes H otkey rem inder The Stealth Mode is started and the software will run completely invisibly To unhide it, use your hotkey: Ctrl + Al + X (Press the keys together on your keyboard) Hotkey only works in current Windows user account It is disabled in other user accounts for security I °K ■■ ■■ ■ Applications executed cnpDoara w m About Y microphone (£> Uninstall Export all logs m Easy-to-use Interface: config Power Spy with either Wi2ard for common users or control panel for advanced users Userfriendly graphical program interface makes it easy for beginngers D elete all logs FIGURE 15.11: Stealth mode window 17 The Confirm window appears Click Y es Comfirm Are you sure you remember this? ves |1 No | FIGURE 15.12: Stealth mode notice 18 N ow browse the Internet (anytiling) To bring Power Spy out of stealth mode, press CONTROL+ALT+X on your keyboard 19 The Run a s adm inistrator window appears Click Run Run as administrator ‫י‬ * With administrative rights, you can check, delete and export logs, change settings, and have complete access to the software FIGU RE 15.13: Rim as administrator C E H L ab M anual Page 413 E th ical H a ck in g and C ounterm easures Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Module 05 - System Hacking 20 The Enter login passw ord window appears Enter the password (which is already set) 21 Click Submit FIGU RE 15.14: E nter the password 22 Click Later in the R egister product window to continue if it appears 23 Click Stop monitoring to stop the monitoring Power Spy a Control Panel f ( ® Stop m onitoring Keystrokes websites visited ® Stealth Mode JP (D * ■ ■■■■ ■■■■■ ■■■■■ Applications executed Buy now ® Configuration m clipboard 1‫׳‬ ® About microphone Export all logs D elete all logs FIGU RE 15.15: Stop the monitoring 24 To check user keystrokes from the keyboard, click K eystrokes in Power Spy Control Panel C E H L ab M anual Page 414 E th ical H a ck in g and C ounterm easures Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited Module 05 - System Hacking Power m Program Executed — log all programs including application, executable file, documents and directories navigated with time, Windows username, application/document/ direct ory name and file paths S p y Control Panel ‫ם‬ f screenshots D ■■■■ ■ ■■■■ ■ ■■■■■ Applications executed Start monitoring Keystrokes websites visited P * (O) Yahoo messenger m clipboard Configuration © 1‫׳‬ About microphone Export all logs Delete all logs FIGU RE 15.16: Selecting keystrokes from Power spy control panel 25 It will show all the resulted keystrok es as shown screenshot 26 Click the C lose button li/JWUJ£«:>/*« MNMMIir 1/3»fX12w.1m 173>OCl3?-.H!t7W« u n ti* im tm i Aor*t,t.tgr *awiHIr 111 the following 4!Cnto) fM|(O.0v !VKf•■ In (•K^rwtwA » — »H fjpHV»n.10d— >«! wayim •m (attjiwrotor ew wm : l« w •m vyajra• •m («H)«two*ofroAct'cAa : 09‫»* יי•׳‬ »Vfogr•"«n(xMjamn*•**•(* un5W: (*(a* txytm jhfXP^oCW _ ;W ear— oAa'cAa :;»2SUIO.I2m lkM-a‫־‬n>7)UI.«•*•1*^31•UF'bJConalnvc**r w o *»r w (j) Documents > Jl Music h Network OF! D•/‫• !♦־־‬rar I stego I *‫ר‬ | Image (’ bmp) Hide Folders FIGURE 16.9: Browse for saved file C E H L ab M anual Page 422 14 Exit from the Q uickStego window Again open QmckStego, and click Open Im age 111 the Picture, Im age, Photo File dialog box 15 Browse the S teg o file (which is saved on desktop) 16 The hidden text inside the image will appear as displayed in the following figure E th ical H a ck in g and C ounterm easures Copyright © by EC-Council All Rights Reserved Reproduction is Stricdy Prohibited Module 05 - System Hacking Q Approximately 2MB of free hard disk space (plus extra space for any images) FIGURE 16.10: Hidden text is showed Lab Analysis Analyze and document the results related to the lab exercise Give your opinion on your target’s security posture and exposure PLEASE TALK TO YOUR IN S T R U C T O R IF YOU HAVE Q U E S T IO N S R E L A T E D T O T H I S L AB T o o l/U tility Information C ollected /O b jectives Achieved Im ag e U sed: Lamborghi11i_5.jpg Q uickS tego O u u t: The hidden text inside the image will be shown In te rn e t C o n n ectio n R eq u ired □ Yes No P latform S upported !Labs C E H L ab M anual P ag e 423 E th ica l H a ck in g and C ounterm easures Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited ... onstrated in this lab are available in D:CEHToolsCEHv8 Module 05 System Hacking C E H L ab M an u al Page 332 ■ Pwdump7 located at D: CEH- ToolsCEHv8 Module 05 System H ackingPassw ord Cracking Toolspwdum... D:CEHToolsCEHv8 Module 05 System Hacking C E H L ab M an u al Page 321 ■ Use ADS Spy ■ Find hidden tiles Lab Environment To carry out the lab you need: ‫י‬ ADS Spy located at D: CEH- ToolsCEHv8... navigate to D: CEH- ToolsCEHv8 Generating H ashes Module 05 S ystem H ackingPassw ord Cracking Toolspwdump7 Alternatively, you can also navigate to D: CEH- ToolsCEHv8 Module 05 S ystem H ackingPassw

Ngày đăng: 14/04/2017, 08:50

TỪ KHÓA LIÊN QUAN

TÀI LIỆU CÙNG NGƯỜI DÙNG

  • Đang cập nhật ...

TÀI LIỆU LIÊN QUAN