System Hacking - p.1

System Hacking

System hacking is the science of testing computers and network for vulnerabilities and plug-ins.

Lab Scenario

Password hacking 1s one of the easiest and most common ways hackers obtain unauthorized computer 01־ network access. Although strong passwords that are difficult to crack (or guess) are easy to create and maintain, users often neglect tins. Therefore, passwords are one of the weakest links in the uiformation-secunty chain. Passwords rely on secrecy. After a password is compromised, its original owner isn’t the only person who can access the system with it. Hackers have many ways to obtain passwords. Hackers can obtain passwords from local computers by using password-cracking software. To obtain passwords from across a network, hackers can use remote cracking utilities or־ network analyzers. Tins chapter demonstrates just how easily hackers can gather password information from your network and descnbes password vulnerabilities diat exit in computer networks and countermeasures to help prevent these vulnerabilities from being exploited on  vour systems.

Lab Objectives

The objective of tins lab is to help students learn to monitor a system remotely and to extract hidden files and other tasks that include:

■ Extracting administrative passwords
■ HicUng files and extracting hidden files
■ Recovering passwords
■ Monitoring a system remotely

Lab Environment

To earn־ out die lab you need:

■ A computer running Windows Server 2012
■ A web browser with an Internet connection
■ Administrative pnvileges to run tools

Lab Duration

Tune: 100 Minutes

Overview of System Hacking

The goal of system hacking is to gain access, escalate privileges, execute applications, and hide files.

Lab Tasks

Recommended labs to assist you in system hacking:
■ Extracting Administrator Passwords Using LCP
■ Hiding Files Using NTFS Streams
■ Find Hidden Files Using ADS Spy
■ Hiding Files Using the Stealth Files Tool
■ Extracting SAM Hashes Using PWdump7 Tool
■ Creating die Rainbow Tables Using Winrtge
■ Password Cracking Using RainbowCrack
■ Extracting Administrator Passwords Using LOphtCrack
■ Password Cracking Using Ophcrack
■ System Monitoring Using RemoteExec
■ Hiding Data Using Snow Steganography
■ Viewing, Enabling and Clearing the Audit Policies Using Auditpol
■ Password Recovery Using CHNTPW.ISO
■ User System Monitoring and Surveillance Needs Using Spytech Spy Agent
■ Web Activity Monitoring and Recording using Power Spy 2013
■ Image Steganography Using QuickStego

Lab Analysis

Analyze and document the results related to the lab exercise. Give your opinion on the target’s security posture and exposure.