The labs in this module will provide a first-hand experience with various techniques that attackers use to write and propagate malware.

Published by

Sep 20, 2022

s

Struggling with a similar assignment? Don’t know where to start? Don’t have time to work on this? Get a high-quality paper written for you from scratch – PLAGIARISM FREE, guaranteed to get you a good grade. To get started, please click on the Submit Your Instructions at the bottom of the page.

 Unlimited Attempts AllowedDetails
Virtual Labs:  Dumping and Cracking SAM Hashes to Extract Plain text Passwords
Consider what you have learned so far about Attack Vectors and Countermeasures as you review the objectives and scenario below.  Complete the 2 labs that follow on EC-Council’s website using the link below.
Objective Lab 1
The goal of system hacking is to gain access, escalate privileges, execute applications, and hide files. The objective of this lab is to help students learn to monitor a system remotely and to extract hidden files and other tasks that include:
Extracting administrative passwords
Hiding files and extracting hidden files
Recovering passwords
Monitoring a system remotely
Scenario
Password hacking is one of the easiest and most common ways hackers obtain an unauthorized computer or network access. Although strong passwords that are difficult to crack (or guess) are easy to create and maintain, users often neglect this. Therefore, passwords are one of the weakest links in the information security chain.
Passwords rely on secrecy. After a password is compromised, its original owner isn’t the only person who can access the system with it. Hackers have many ways to obtain passwords. They can obtain passwords from local computers by using password-cracking software. To obtain passwords from across a network, they can use remote cracking utilities or network analyzers.
The labs in this module demonstrate just how easily hackers can gather password information from your network, and describe password vulnerabilities that exist in computer networks, as well as countermeasures to help prevent these vulnerabilities from being exploited on your systems.
Week 5 Lab Assignment 1: Dumping and Cracking SAM Hashes to Extract Plaintext Passwords
Lab Task:
The objective of this lab is to help students learn how to:
Use the pwdump7 tool to extract password hashes
Use the Ophcrack tool to crack the passwords and obtain plain text passwords
Lab Description:
The Security Account Manager (SAM) is a database file present on Windows machines that stores user accounts and security descriptors for users on a local computer. It stores users’ passwords in a hashed format (in LM hash and NTLM hash). Because a hash function is one-way, this provides some measure of security for the storage of the passwords.
In a system hacking life cycle, attackers generally dump operating system password hashes immediately after a compromise of the target machine. The password hashes enable attackers to launch a variety of attacks on the system, including password cracking, pass the hash, unauthorized access of other systems using the same passwords, password analysis, and pattern recognition, in order to crack other passwords in the target environment.
You need to have administrator access to dump the contents of the SAM file. Assessment of password strength is a critical milestone during your security assessment engagement. You will start your password assessment with a simple SAM hash dump and running it with a hash decryptor to uncover plaintext passwords.
Pwdump7 can also be used to dump protected files. You can always copy a used file by executing pwdump7.exe -d c:lockedfile.dat backup-lockedfile.dat. Rainbow tables for LM hashes of alphanumeric passwords are provided for free by the developers. By default, Ophcrack is bundled with tables that allow it to crack passwords not longer than 14 characters using only alphanumeric characters.
Rainbow tables for LM hashes of alphanumeric passwords are provided for free by the developers. By default, Ophcrack is bundled with tables that allow it to crack passwords not longer than 14 characters using only alphanumeric characters.
Objective Lab 2
With the help of malicious applications, attackers get access to stored passwords and can read personal documents, delete files, display pictures, and/or display messages on the screen.
According to a recent report by Symantec, more than 317 million new pieces of malware—computer viruses or other malicious software—were created in the year 2014. That means nearly one million new threats were released each day. Malware has the ability to perform various malicious activities that might range from simple email advertising to complex identity theft and password stealing. Malware programmers design code that:
Attacks browsers and track websites visited
Affects system performance, making it very slow
Causes hardware failure, rendering the computer inoperable
Steals personal information (including contacts, etc.)
Erases important information, resulting in potential huge loss of data
Attacks other computers from a single compromised system
Spams inboxes with advertising emails
The objectives of this lab include:
Creating a server and testing the network for attack
Detecting Malware
Attacking a network using sample Trojans and documenting all vulnerabilities and flaws detected
Scenario
Malware poses a major security threat to information security. Malware writers explore new attack vectors to exploit vulnerabilities in information systems. This leads to ever more sophisticated malware attacks, including drive-by malware, “mal-advertising” (or “malvertising”), Advanced Persistent Threats, and so on. Though organizations try hard to defend themselves using comprehensive security policies and advanced anti-malware controls, the current trend indicates that malware applications are targeting the “lower-hanging fruit” of: under-secured smartphones, mobile applications, social media, and cloud services. The problem is further complicated because of threat predictions.
As McAfee stated in its Threats Report published in February 2015, “Small nation-states and foreign terror groups will take to cyberspace to conduct warfare against their enemies. They will attack by launching crippling distributed denial of service attacks or using malware that wipes the master boot record to destroy their enemies’ networks.” Assessing an organization’s information system against malware threats is a major challenge today because of the quickly-changing nature of malware threats.
Defenders need to be well versed in the latest developments in this field and understand the basic functioning of malware, as well as have an ability to select and implement controls appropriate to your organization and its needs. The labs in this module will provide a first-hand experience with various techniques that attackers use to write and propagate malware. You will also learn how to effectively select security controls to protect your information assets from malware threats.
Week 5 Lab Assignment 2: Creating a Server using the ProRat Tool
Lab Task:
The objective of this lab is to help students learn to detect Trojan and backdoor attacks. The objectives of this lab include:
Creating a server and testing the network for attack
Detecting Malware
Attacking a network using sample Trojans and documenting all vulnerabilities and flaws detected
 
Lab Description:
ProRat is a remote administration tool (RAT) written in C programming language and is capable of working with all Windows operating systems. The main purpose of this RAT is to access one’s own computers remotely. As with other Trojan horses, ProRat uses a client and server. It opens a port on the computer, which allows the client to perform numerous operations on the server (the victim machine). 
Some of the ProRat’s malicious actions on the victim’s machine:
Logging keystrokes
Stealing passwords
Full control over files
Drive formatting
Open/close CD tray
Hide taskbar, desktop, and start button
View system information
Access the lab here: EC-Council | iLabs (Links to an external site.)
Submit proof of this assignment completion by uploading and submitting a screenshot of the graded lab from EC-Council Labs.  Refer to the Course Projects page for more information on project submissions. 

n

Need Writing Help? Our writing specialists are here 24/7, every day of the year, ready to support you! Instantly chat with an online tutor below or click here to submit your paper instructions to the writing team.

More than just an assignment.

GET THE GRADES YOU DESERVE | A OR A- GUARANTEED
NO MORE SLEEPLESS NIGHTS DOING RESEARCH
NO MORE LATE POINTS DEDUCTIONS 
GET A QUALITY PAPER SENT TO YOUR EMAIL
GET GOOD GRADES ON YOUR ASSIGNMENTS
Explore Now →

Who is this homework service for?

* If you are having a really hard class and want to get through it, then this is for you.

* If you have a medical emergency or someone close to you has a medical emergency and you don’t think you’ll be able to turn your assignment on time, this is definitely a service you could use.

* You can use us if you are having a tough Professor who won’t give you the grades you deserve.

* If you have a tight work schedule and you are getting points deducted for not submitting assignments on time.

* English might not be your first language and you feel like you are being left behind in class because of it.

* If you have a large project coming up and don’t think you have enough time to get it done well, definitely reach out to us.

TALK TO SUPPORT
{

Super stoked you are checking us out! We would like to help you with your assignment. We just need a few things from you:

* The full assignment instructions as they appear on your school account.

* If a Rubric is present, make sure to attach it.

* Any relevant weekly readings or learning resources.

* Include any special announcements or emails you might have gotten from your Professor regarding your assignment.

* Any templates or additional files required to complete the assignment.

If your assignment is somewhat complex and you need to explain it, please don’t hesitate to reach out to me via live chat. 

 

FAQ

Frequently asked questions

How soon can I get my paper done?

It depends with your deadline. If you need your paper completed in 3 hours, we will deliver it in that time. All you need to do is indicate your deadline in our custom order page here. Alternatively, if you are sending us your instructions via email, please be sure to indicate your deadline.

Will it be completely original? I don't want to be caught in a case of Academic Integrity Violation.

We are as paranoid as you are. Maybe even more! And we understand that the greatest sin you can commit in your academic journey is plagiarizing your academic work. To that end, we have made sure that we check and double-check our papers using high quality plagiarism detection tools such as SafeAssign and Turnitin before submitting the paper to you.

Who is my writer? Is he/she a native English Speaker?

All our writers are native English Speakers. That is not to say that ESL writers are not good, we just prefer hiring native writers because we want the very best people working on your paper. This might mean paying a little bit more for your paper as opposed to when you pay a foreign company whose writers are non-native English Speakers.

What if I need revisions? Will your charge additional for this?

Of course not! If you do happen to require a revision on your paper, our team will handle it for you free of charge. Matter of fact, we won’t rest till you are happy with your paper. So, ask for as many revisions as you need, it’s completely FREE!

Will you give me my money back if I don't like my paper?

We have very few instances where we delivered a paper that a client didn’t fall in love with. But if it so happens that you don’t like your paper for any reason whatsoever, we’ll refund your money back no questions asked.

I have more assignments after this, can you help me with those too?

Of course! And what’s even better is that we can reserve a writer permanently to work on your entire class. This comes in handy for projects which build up on each other and where you need just one writer, one writing style.

I got my order information wrong, can I change that?

Yes you can. Just reach out to our support team via email (support@essaynook.com) or live chat here and they’ll help you change the instructions.

Can I place an order via email instead of going through the order page?

Yes you can. Email Anna at anna@essaynook.com, she’s in charge of our sales team. Alternatively, you can talk to our Live Chat team here and request to speak to Anna.

Trusted by Thousands of Students

Delivering quality assignments since 2007

%d bloggers like this: