CIS 8630. Business Computer Forensics and Incident Response. Lab Protocol 06: Password Cracking with Cain and Abel



Similar documents
Cain & Abel v 2.5. Password Cracking Via ARP Cache Poisoning Attacks. v.1. Page 1 of 15

1 Disabling Access to USB Mass Storage Devices

1.5 MONITOR. Schools Accountancy Team INTRODUCTION

Lab: Data Backup and Recovery in Windows XP

Primavera P6 Professional Windows 8 Installation Instructions. Primavera P6. Installation Instructions. For Windows 8 Users

How to use FTP Commander

CITY OF BURLINGTON PUBLIC SCHOOLS MICROSOFT EXCHANGE 2010 OUTLOOK WEB APP USERS GUIDE

Create a New Database in Access 2010

NAS 225 Introduction to FTP Explorer

Instructions for Configuring a SAS Metadata Server for Use with JMP Clinical

QualysGuard WAS. Getting Started Guide Version 3.3. March 21, 2014

Using SSH Secure Shell Client for FTP

Batch Scanning. 70 Royal Little Drive. Providence, RI Copyright Ingenix. All rights reserved.

Lab - Data Backup and Recovery in Windows XP

Secure Web Development Teaching Modules 1. Security Testing. 1.1 Security Practices for Software Verification

Tips & Tricks SSL VPN - Windows

Optional Lab: Data Backup and Recovery in Windows 7

Pendragon Forms Industrial

Installation and Configuration Guide

ELECTRONIC DATA PROCESSOR (EDP) QUICKSTART FOR DATA PROVIDERS

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

Access Control and Audit Trail Software

Lab - Data Backup and Recovery in Windows 7

Content Filtering Client Policy & Reporting Administrator s Guide

ECDL. European Computer Driving Licence. Database Software BCS ITQ Level 1. Syllabus Version 1.0

Allworx OfficeSafe Operations Guide Release 6.0

How to FTP (How to upload files on a web-server)

Outlook Web Access (OWA) Cheat Sheet

Using the GroupWise Client

Secure IIS Web Server with SSL

Legal Notes. Regarding Trademarks KYOCERA Document Solutions Inc.

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014

GE Healthcare Life Sciences UNICORN Administration and Technical Manual

Easy Setup Guide for the Sony Network Camera

Xerox Multifunction Devices. Verify Device Settings via the Configuration Report

WINDOWS 7 & HOMEGROUP

NAS 253 Introduction to Backup Plan

NOVELL ZENWORKS ENDPOINT SECURITY MANAGEMENT

Getting Started with MozyPro Online Backup Online Software from Time Warner Cable Business Class

3 Setting up Databases on a Microsoft SQL 7.0 Server

Global VPN Client Getting Started Guide

Gold Lock Desktop. User Manual. Follow these simple steps to install, configure, and use Gold Lock Desktop.

How to register and use our Chat System

Dell Statistica Statistica Enterprise Installation Instructions

First Time On-Campus VLab Setup Windows XP Edition

TAMUS Terminal Server Setup BPP SQL/Alva

UX Mail Fax Features. Empowered by Innovation. P/N Rev 1, September 15, 2008 Printed in U.S.A. V4.21

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses

Implementing and using the NetSupport Connectivity Server

Microsoft Outlook Web App (OWA)

Universal Management Service 2015

Outlook 2010 Essentials

Using Websense Data Endpoint Client Software

Faculty & Staff Guide for Outlook Web App (OWA) Prepared by Information Technology Division Lehman College July 11, 2013

Smart Control Center. User Guide. 350 East Plumeria Drive San Jose, CA USA. November v1.0

Customer Tips. Xerox Network Scanning TWAIN Configuration for the WorkCentre 7328/7335/7345. for the user. Purpose. Background

1.5 MONITOR FOR FMS 6 USER GUIDE

Lab 1: Windows Azure Virtual Machines

Instructions for Importing (migrating) Data

A. BACK UP YOUR CURRENT DATA. QuickBooks Business Accounting Software for Windows Account Conversion Instructions

Business Objects InfoView Quick-start Guide

Download/Install IDENTD

Print Server Application Guide. This guide applies to the following models.

Virtual Receptionist Manual

Print Server Application Guide

Operating System Installation Guide

Now part of ALLSCRIPTS. HealthMatics EMR Input Manager

support HP MFP Scan Setup Wizard 1.1

F-Secure Mobile Security for Business. Getting Started Guide

XenApp/Citrix Program Neighborhood Installation

Team Foundation Server 2010, Visual Studio Ultimate 2010, Team Build 2010, & Lab Management Beta 2 Installation Guide

Solution domain. Cloud PC Backup Startingkit for users. Date 26/05/2015 Sensitivity Unrestricted Our reference V1.0 Contact

Configure SPLM 2012 on Windows 7 Laptop

NICCA User Guide for digitally signing Using Digital Signature Certificate (DSC) in Outlook Express

Installing Oracle 12c Enterprise on Windows 7 64-Bit

Getting started guide for installing printers and printing at UNIS

webmethods Certificate Toolkit

Creating a Windows 8.1 Base Virtual Machine

TREENO FILE MONITOR. Installation and Configuration Guide

TERAcloud w w w. t e r a c l o u d. u k

TIGERPAW EXCHANGE INTEGRATOR SETUP GUIDE V3.6.0 August 26, 2015

Note: With v3.2, the DocuSign Fetch application was renamed DocuSign Retrieve.

Getting Started with IntelleView POS Administrator Software

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

HOW TO USE OIT VIA THE WEB

Office of History. Using Code ZH Document Management System

Installing the Microsoft Network Driver Interface

McAfee.com Personal Firewall

1. Scope of Service. 1.1 About Boxcryptor Classic

Windows Client/Server Local Area Network (LAN) System Security Lab 2 Time allocation 3 hours

Setting Up ALERE with Client/Server Data

QUANTIFY INSTALLATION GUIDE

WhatsUp Event Alarm v10.x Listener Console User Guide

How to Use JCWHosting Reseller Cloud Storage Solution

Configuring SonicWALL TSA on Citrix and Terminal Services Servers

etoken Enterprise For: SSL SSL with etoken

ECA IIS Instructions. January 2005

Active Directory integration with CloudByte ElastiStor

You can find the installer for the +Cloud Application on your SanDisk flash drive.

Transcription:

CIS 8630 Business Computer Forensics and Incident Response Lab Protocol 06: Password Cracking with Cain and Abel Purpose: Ensure every student gains first-hand experience with password cracking tools. Students will also develop first-hand knowledge in distinguishing brute-force versus dictionary attacks. Students will also experience the distinction between the security of various password parameters such as password length and character set. Materials required: (all downloadable files) passwordhash.txt, dict.zip, ca_setup.exe Deliverable: This lab protocol with answers. Be sure your name and team name is on the material delivered. 1. If you are using your own Windows machine, Download Cain and Abel from http://www.oxid.it/cain.html. It may be necessary to override your Internet security. Download lastest version for Windows NT/2000/XP onto your desktop. 2. If you are using your VM machine, use windows explorer to open the directory, C:\dayspace\Tools\Password Cracking. 3. Run the installer (casetup.exe). Note that your virus checker s active scanner is likely to issue warnings that a password cracker is being accessed. If possible, dismiss the messages without deleting or blocking the files. Be sure to also install the winpcap packet driver when the CA installer prompts. 4. If you are using your own Windows machine, go to http://lastbit.com/dict.asp, download the medium sized dictionary (dict.zip) onto your desktop. Unzip the contents (DICT.TXT) onto your desktop. 5. If you are using your VM machine, unzip C:\dayspace\Tools\Password Cracking\dict.zip onto your desktop. 6. Prior to running the Cain program on your own machine, it may be necessary to suspend the virus checker s active scanning. 1 of 9

7. Run Cain using the desktop icon. ( Ignore message Windows firewall is enabled. Some features will not work correctly if received). 8. Click on the cracker tab (if users are listed, right-click and delete them). 2 of 9

9. right click in the blank area and chose add to list 10. Now you can add hashes that you want to crack. For now, choose import hashes from local system. Check Include Password History Hashes 11. Answer the following questions: a. How many user accounts are there on your machine? 3 of 9

b. Did you find your user account? c. Which accounts have you never used before? 12. If you are using your own Windows achine, download the file http://cis.gsu.edu/rbaskerville/cis8630/labs/passwordhash.zip. Unzip the file to your desktop. 13. If you are using your VM machine, copy the file C:\dayspace\Tools\Password Cracking\dict.zip onto your desktop 14. This file contains the hashes from another system. 15. In Cain and Abel, right click in main pane and select remove all, to take the current information out. Right click again and select add to list like before. This time, choose import hashes from a text file and browse for the file you just saved. Click next 16. The program should now look like the screen below 4 of 9

17. Select all the rows then right click and choose brute force attack and then, NTLM hashes. The other options are for other types of password hashes. 5 of 9

18. For now, leave the default settings in the form. Look at the options you have to change the predefined character sets, password lengths, and start point. Click on start and let the program run for about a minute. 19. Answer the following questions a. How many hashes were you able to crack in 1 minute? b. Write down the plain text passwords here (you may have more or less) c. How many characters were in the longest plain text password? d. Are the plain text passwords secure or not? Why? 20. After stopping the cracker, experiment with the optional settings and see how they affect the keyspace. Answer the following questions. a. What is the keyspace for a 6 digit password made up of numbers only? 6 of 9

_ b. What is the keyspace for a 6 digit password made up of lower case letters only? _ c. What is the keyspace for a 6 digit password made up of upper and lower letters, numbers, symbols and everything else in the last predefined character set? _ d. What do you recommend systems allow in their passwords? _ e. What do you recommend systems require in their passwords? 21. Pretend you listen when someone logs into a machine and you hear them type 5 characters when they enter their password. Adjust the settings and run the cracker again. 22. Select the largest character set and then adjust the max and min length to equal 5. Click start and write below the estimated time left. Do this again with the max and min equal to 6, 7, 8 and 9. a. What recommendations do these results imply for password policies? 5 6 7 8 9 23. Exit the brute force cracker 24. Right click and remove all, then reload the hash file. (right click, add to list, import hashes from text file) 25. Select all the accounts (right click, select all) 26. Right click on the hashes and select the dictionary attack, then NTLM hashes 7 of 9

27. The dictionary attack dialog box will open. Right click on the (empty) Dictionary listing at the top of the box, and select Add to list. Open the DICT.TXT file that you earlier extracted to your desktop. 28. Leave the defaults and click start 29. Answer the following questions. a. How does the speed of the dictionary attack compare with the brute force attack? 8 of 9

b. What is the longest password found? c. Which of the passwords cracked in the brute force attack were discovered in the discovered in the dictionary attack and vice-versa Brute Force Attack Passwords Dictionary Attack Passwords d. What are the advantages and disadvantages of dictionary attacks? e. What recommendations do these results imply for password policies? 9 of 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information