2. http://www.smartserials.com/
3. http://www.serialportal.com/
5. http://www.unlimitedserials.com/
6. http://www.superserials.com/
9. http://www.serialcoded.com/
Advertisements
Recent Comments
Jack on MySIDHistoryTool tasse on MySIDHistoryTool
Command Prompt Commands Tricks
16/10/2015 — Yogi1. Copy CMD output directly to clipboard
IT guys run some command prompt commands and then to share the output, they copy paste the output by right clicking cmd and marking the stuff and pressing enter, then paste. This is lots of unecessary work 😉 and waste of time.
Here’s the command prompt trick, type in your command for example, ipconfig and postfix ‘ | clip ‘ to directly copy your cmd output to clipboard.
now, Select Paste to paste the stuff directly to notepad, TADAA…! Awesome, ain’t it? 😀 🙂
2. Open Command Prompt in a specific Folder
CMD usually opens up in either User or System folder depending upon whether you ran it as administrator or not.
If you want to run a particular file in a specific folder (suppose d:\docs\bills.txt), then your approach will be CMD > (Change directory) cd d:\docs\ so that command prompt can navigate to the location, then you will run the Bill.txt file.
Now here is the Command prompt trick 🙂 , just navigate to the folder and press and hold SHIFT KEY and then Right click and you will see a popup menu with some extra items, like the one in below picture.
Select open command window here to directly open the CMD prompt with the path to that folder directly.
3. Run CMD as Admin
You can simply press Ctrl+Shift+Enter to open command prompt with admin privileges or an Elevated command promt. This Command prompt trick will work for all the programs installed on your system.
4. CMD History
Check last used command prompt commands in a session using the navigation (Up, Down, Left, Right ) buttons, but you can see list of all the commands by pressing the F7 button.
5. Drag and Drop Files to Change Path
If you are already in command prompt, and you want to copy the exact path to a folder or file to run the file or change the present working directory, you can simply drag and drop file or the folder on the command prompt.
6. Run Commands Simultaneously
You can put && between two commands and execute them one after another. The command on the left will execute first followed by the command on the right of the double ampersand.
7 Delicious Layers of Enterprise End-User Computing Security You Need to be Considering
19/04/2014 — YogiHere’s how we look at the seven layers of security:
Security Layer #1 – Anti-Virus Scan of Host PC
Malware has become increasingly vicious and an attack can instantly cripple an organization and cost millions of dollars to clean up. In order support this need, Moka5 partnered with security leader AVG. Moka5’s built-in AVG anti-virus constantly monitors for key loggers and screen scrapers, and ensues that these are not present on the host computer at startup.
Security Layer #2 – Full Virtual Machine Encapsulation
With full virtual machine encapsulation, a policy-enforced container keeps corporate data separate from personal files. Although the virtual machine “borrows” what it physically needs from the host (CPU, RAM, keyboard, mouse, monitor, etc.), the operating system, applications and data are kept separate. Not only does this prevent viruses and malware on the host from infecting the container, but it also helps eliminate data leaks and IP loss.
Security Layer #3 – AES-256 Encryption
If encryption is enabled, Moka5 will encrypt all LivePC containers using AES (128-bit or 256-bit) encryption. AES-256 encryption of the container ensures compliance with data security standards and privacy regulations.
Security Layer #4 – Tamper Resistance and Copy Protection
Taper-resistance and copy protection keep the container itself or its metadata from being moved or edited.
Security Layer #5 – Active Directory credentials or Two-Factor Authentication
LDAP/AD integration and two-factor authentication support ensures that you can use your existing access control processes.
Security Layer #6 – Seamless Updates and Granular Policies
130+ granular security policies give IT full control over the container, allowing them to configure data security in the way that best meets their unique requirements. These security protections can be tailored for specify users or applied across an entire organization.
Security Layer #7 – Remote Kill
The ability to remote revoke or remote kill allows IT to wipe the encrypted container from lost or stolen devices over the Internet or though a timeout mechanism.
Offline NT/2000/XP/Vista/7 Password Changer
23/12/2013 — Yogi| Section 0. Background Information |
- What is Hiren’s Boot CD?
- Hiren’s BootCD is a boot CD containing various diagnostic programs such as partitioning agents, system performance benchmarks, disk cloning and imaging tools, data recovery tools, MBR tools, BIOS tools, and many others for fixing various computer problems. It is a Bootable CD; thus, it can be useful even if the primary operating system cannot be booted.
- http://www.hiren.info/pages/bootcd
- Lab Notes
- In this lab we will do the following:
- Download the Hiren’s iso
- Boot Damn Vulnerable WXP-SP2 into the Hiren’s Environment
- Use the Offline Password Changer to clear the Administrator’s Password
- In this lab we will do the following:
- Prerequisites
- Instructions:
- This will work on Windows NT, 2000, XP, Vista and 7
- This lab uses the Damn Vulnerable WXP-SP2 Virtual Machine.
- Instructions:
- Legal Disclaimer
- As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
- In accordance with UCC § 2-316, this product is provided with “no warranties, either express or implied.” The information contained is provided “as-is”, with “no guarantee of merchantability.”
- In addition, this is a teaching website that does not condone malicious behavior of any kind.
- Your are on notice, that continuing and/or using this lab outside your “own” test environment is considered malicious and is against the law.
- © 2012 No content replication of any kind is allowed without express written permission.
| Section 1. Prerequisite |
- Open A Firefox Browser
- Notes:
- Login to the machine that has VM Player Installed.
- Instructions:
- Click on the Windows Start Button
- Type firefox in the search box
- Click on Mozilla Firefox
- Notes:
- Place Link in Firefox Browser
- Instructions:
- Place the following address in the Firefox Browser
- Click OK to download
- Instructions:
- Navigate and Save
- Instructions:
- Navigate to your external USB hard drive.
- Create a directory call Hirens on your
- Click Save
- Instructions:
| Section 2. Configuring VMware to play Hiren’s |
- Edit Virtual Machine Settings
- Instructions:
- Click on Damn Vulnerable Windows XP
- Click on Edit virtual machine
- Instructions:
- Configure CD/DVD (IDE)
- Instructions
- Configure CD/DVD (IDE)
- Click the radio button “Use ISO image file:”
- Click the Browse button and Navigate to the location of the Hiren’s.BootCD.14.0.iso
- Click the Options Tab
- Instructions
- Configure Operating System Settings
- Instructions
- Settings: General
- Guest operating system: Linux
- Version: Other Linux 2.6.x kernel
- Click on OK
- Instructions
- Start Damn Vulnerable WXP-SP2
- Instructions:
- Click on Damn Vulnerable WXP-SP2
- Click on Play virtual machine
- Instructions:
- Access the Boot Menu
- Instructions
- Once you see the below vmware screen, (1) Left Click in the screen and (2) press the key.
- Note(FYI)
- Beginners be patient, this might take a few times. <Grin>
- Instructions
- Boot from CD-ROM Drive
- Instructions
- Arrow Down to where CD-ROM Drive is highlighted
- Press <Enter>
- Instructions
| Section 3. Starting up the Offline NT/2000/XP/Vista/7 Password Changer |
- Select “Offline NT/2000/XP/Vista/7 Password Changer” (See Below)
- Instructions
- Arrow Down to Offline NT/2000/XP/Vista/7 Password Changer
- Press Enter
- Instructions
- Linux Kernel Boot options
- Instructions
- Press Enter.
- Instructions
- Partition Selection
- Instructions
- Type “1“
- Press Enter.
- Instructions
- Unclean File System Message
- Instructions
- Do you wish to force it (y/n) [n] y
- Press Enter.
- Instructions
- What is the path of the registry directory?
- Instructions
- [WINDOWS/system32/config] Just Press Enter
- Instructions
- Select which part of the registry to load
- Instructions
- Type “1“
- Press Enter.
- Instructions
- Select Hive
- Instructions
- Type “1“
- Press Enter.
- Instructions
- Type in the username that you would like to reset.
- Instructions
- Type “Administrator“
- Press Enter
- Instructions
- User Edit Menu
- Instructions
- To clear the password, select 1.
- Press Enter
- Notes(FYI)
- You also have the ability to do the following
- Set a new password
- Promote a user to an Administator
- Unlock Accounts
- You also have the ability to do the following
- Instructions
- Reviewing Results
- Instructions
- There will be a message that says “Password cleared!”
- To quit the application, type “!“
- Press Enter
- Instructions
- Back to Loaded Hives Selection
- Instructions
- Type “q” to quit.
- Press Enter
- Instructions
- Writing back changes selection
- Instructions
- Type “y” to save changes.
- Press Enter
- Instructions
- New Run Selection
- Instructions
- Type “n” to quit
- Press Enter
- Instructions
| Section 4. Proof of Lab |
- Proof of Lab Instructions
- Instructions:
- date
- Press <Enter>
- echo “Your Name”
- Replace the string “Your Name” with your actual name.
- e.g., echo “John Gray”
- Do a PrtScn
- Paste into a word document
- Upload to Moodle
- Instructions:
- Poweroff Operating System
- Instructions
- Type “poweroff“
- Press Enter
- Instructions
- CPU Disabled Message
- Instructions
- Click OK
- Instructions
- Poweroff Virtual Machine
- Instructions
- Virtual Machine –> Virtual Machine Settings –> Power Off
- Click Yes
- Instructions
| Section 5. Configuring your original VMware back to play Windows XP |
- Edit Virtual Machine Settings
- Instructions
- Select Damn Vulnerable WXP-SP2
- Select Edit Virtual machine settings
- Instructions
- Configure CD/DVD (IDE) Settings
- Instructions
- Select CD/DVD (IDE)
- Select the Use physical drive: Radio Button
- Select Auto detect
- Click on the Options Tab
- Instructions
- Configure Operating System Settings
- Instructions
- Select General
- Guest operating system: Microsoft Windows
- Version: Windows XP Professional
- Click on the OK Button
- Instructions
- Start Damn Vulnerable WXP-SP2
- Instructions:
- Click on Damn Vulnerable WXP-SP2
- Click on Play virtual machine
- Instructions:
| Section 6. Logging into Windows after password was cleared |
- Login as user administrator (See Below)
- Instructions:
- Remember you cleared the password, so leave the password field blank.
- Click on OK.
- Instructions:
| Section 7. Set Administrator’s Password |
- Open Control Panel
- Instructions:
- Start –> Control Panel
- Instructions:
- Open User Accounts
- Instructions:
- Click on User Accounts
- Instructions:
- Open the Administrator Account
- Instructions:
- Click on Administrator
- Instructions:
- Select Create a password
- Instructions:
- Click on Create a password
- Instructions:
- Create a password for your account
- Instructions:
- Type a new password:
- Type the new password again to confirm:
- Click Create Password
- Instructions:
Installing BackTrack 5 R1
23/12/2013 — Yogi| Section 0. Background Information |
- What is BackTrack5
- BackTrack is an operating system based on the Ubuntu GNU/Linux distribution aimed at digital forensics and penetration testing use. It is named after backtracking, a search algorithm. The current version is BackTrack 5, code name “Revolution.”
- BackTrack provides users with easy access to a comprehensive and large collection of security-related tools ranging from port scanners to password crackers. Support for Live CD and Live USB functionality allows users to boot BackTrack directly from portable media without requiring installation, though permanent installation to hard disk is also an option
- BackTrack includes many well known security tools including
- Metasploit integration
- RFMON Injection capable wireless drivers
- Aircrack-NG
- Kismet
- Nmap
- Ophcrack
- Ettercap
- Wireshark (formerly known as Ethereal)
- BeEF (Browser Exploitation Framework)
- Hydra
- BackTrack Download
- Legal Disclaimer
- As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
- In accordance with UCC § 2-316, this product is provided with “no warranties, either express or implied.” The information contained is provided “as-is”, with “no guarantee of merchantability.”
- In addition, this is a teaching website that does not condone malicious behavior of any kind.
- Your are on notice, that continuing and/or using this lab outside your “own” test environment is considered malicious and is against the law.
- © 2012 No content replication of any kind is allowed without express written permission.
| Section 1. Create a New Virtual Machine |
- Create a New Virtual Machine. (See Below)
- New Virtual Machine Wizard
- Instructions:
- Select the radio button “Installer disc image file (iso):”
- Click the Browse Button.
- Navigate to where you BT5 iso is located.
- Select the BT5 iso
- Click Next
- Instructions:
- New Virtual Machine Wizard
- Instructions:
- Guest operating system: Linux
- Version: Ubuntu
- Select Next
- Instructions:
- New Virtual Machine Wizard
- Instructions:
- Virtual machine name: BackTrack5R1
- Location: In my case, I saved it to my USB drive, located in H:\BackTrack5R1\
- Select Next
- Instructions:
- New Virtual Machine Wizard
- Instructions:
- Maximum disk size (GB): For our purposes use 20GB.
- Radio Button: Store virtual disk as an single file
- Select Next
- Instructions:
- New Virtual Machine Wizard
- Instructions:
- Click on the “Customize Hardware…” button
- Instructions:
- New Virtual Machine Wizard
- Instructions:
- Click on Memory (which is highlighted in blue)
- Click on 512 MB. (Recommended is 1024 MB, but not really needed for lab purposes).
- Do not click on OK
- Instructions:
- New Virtual Machine Wizard
- Instructions:
- Click on Network Adapter
- Click on “Bridged: Connected directly to the physical network”
- Click OK.
- Instructions:
- Click on the Finish button.
- Instructions:
- Click the Customize Hardware… button
- Instructions:
- Start the Boot Process
- Instructions:
- Press Enter
- Instructions:
- BackTrack Live CD
- Instructions:
- Select “BackTrack Text – Default Boot Text Mode”
- Press <Enter>
- Instructions:
- Bring up the GNOME
- Instructions:
- Type startx
- Instructions:
| Section 2. Install BackTrack to Harddrive |
- Install BackTrack to Harddrive
- Instructions:
- Option 1: Double Click on the icon labeled “Install BackTrack”
- OR
- Option 2: System –> Administration –> Install BackTrack Live
- Option 1: Double Click on the icon labeled “Install BackTrack”
- Instructions:
- Select Language
- Instructions:
- In my case: English.
- Click Forward
- Instructions:
- Select Language
- Instructions: (In my case)
- Region: English
- Time Zone: United States (Chicago)
- Click Forward
- Instructions: (In my case)
- Select Language
- Instructions: (In my case)
- Suggested option: USA
- Click Forward
- Instructions: (In my case)
- Select Language
- Instructions:
- Select “Erase and use the entire disk”
- Select Forward
- OR Note (This is optional)
- If you select “Specify partitions manually”, then you can create you own file systems layout.
- / – 2000 MB
- /boot – 500 MB
- swap – 1280 MB (Double Memory)
- /tmp – 1000 MB
- /home – 2000 MB
- /var – 2000 MB
- /usr – 3000 MB
- Then use the rest as needed using volume management.
- If you select “Specify partitions manually”, then you can create you own file systems layout.
- Instructions:
- Select Language
- Instructions:
- Click on Install
- Instructions:
- Informational
- Note(FYI):
- The installation process will take between 10 and 45 minutes depending on your systems resources.
- Note(FYI):
- Consistency Reboot
- Instructions:
- Click on Restart Now
- Instructions:
| Section 3. Login to BackTrack |
- Edit Virtual Machine Settings
- Instructions:
- Virtual Machine –> Virtual Machine Settings…
- Instructions:
- Edit CD/DVD (IDE)
- Instructions:
- Select CD/DVD (IDE)
- Click on Use physical drive:
- Select Auto detect
- Click the OK Button
- Instructions:
- Login to BackTrack
- Instructions:
- Login: root
- Password: toor
- Instructions:
- Bring up the GNOME
- Instructions:
- Type startx
- Instructions:
- Bring up a console terminal
- Instructions:
- Click on the Terminal Console Icon
- Instructions:
- Change root’s password
- Instructions:
- passwd root
- Use our standard class password
- Instructions:
- Create a student account and set password
- Instructions:
- useradd -m -d /home/student -c “Security Student” -s /bin/bash student
- passwd student
- Use our standard class password
- Instructions:
| Section 4. Installing VMware Tools |
- Why are we installing VMware tools?
- It’s nice to be able to cut and paste from the host machine into the VMWare instance.
- Install build-essentials and linux-headers
- Instructions:
- You must be root!!!
- aptitude install build-essential linux-headers-$(uname -r)
- Instructions:
- Installation Question and Answer
- Instructions:
- Do you want to continue? [Y/n/?] Y
- Instructions:
- Mount VMware Tools
- Instructions:
- Virtual Machine –> Install VMware Tools…
- Instructions:
- Check if VMware Tools is mounted
- Instructions:
- df -k
- Notice that /media/VMware Tools is mounted.
- Instructions:
- VMware Tools Set Up Work
- Instructions:
- cd /media/VMware\ Tools
- ls -lrta
- cp VMwareTools* /var/tmp
- cd /var/tmp
- gunzip VMwareTools*
- tar xovf VMwareTools*
- Instructions:
- Install VMware Tools
- Instructions:
- cd /var/tmp/vmware-tools-distrib
- ./vmware-install.pl
- yes
- Instructions:
- Press Enter on the following Questions (See Below)
- Press Enter on the following Questions (See Below)
- Press Enter on the following Questions (See Below)
- Note(FYI):
- Answer “no” to changing the kernel header path…
- Note(FYI):
- Press Enter on the following Questions (See Below)
| Section 5. Proof of Lab |
- Proof of Lab
- Note(FYI):
- A new /boot/initrd.img-2.6.39.4 will be generated.
- You will have to reboot for the changes to take affect.
- Instructions:
- cd /
- ls -l /boot/initrd.img-2.6.39.4
- echo “Your Name”
- Replace the string “Your Name” with your actual name.
- e.g., echo “John Gray”
- Proof of Lab Instructions
- Press both the <Ctrl> and <Alt> keys at the same time.
- Do a <PrtScn>
- Paste into a word document
- Upload to Moodle
- Note(FYI):
- Power Off Machine
- Note(FYI):
- If you want to continue using BackTrack, then don’t power off the machine.
- Instructions:
- poweroff
- Note(FYI):
Password Cracking
23/12/2013 — Yogi{ Using Kali, bkhive, samdump2, and John to crack the SAM Database }
| Section 0. Background Information |
What is the SAM Database?
-
- The SAM database is the Security Accounts Manager database, used by Windows that manages user accounts and other things. It is implemented as a registry file that is locked for exclusive use while the OS is running.
- What is Kali?
- Kali Linux is an advanced Penetration Testing and Security Auditing Linux distribution.
- Kali is a complete re-build of BackTrack Linux, adhering completely to Debian development standards, which contains for the following features:
- More than 300 penetration testing tools
- Vast wireless device support
- Custom kernel patched for injection
- Secure development environment
- What is bkhive?
- bkhive dumps the syskey bootkey from Windows NT/2K/XP/Vista system hive.
- What is samdump2?
- samdump2 dumps the Windows NT/2K/XP/Vista password hashes.
- What is John the Ripper?
- John the Ripper is a free password cracking software tool. Initially developed for the Unix operating system, it now runs on fifteen different platforms (eleven of which are architecture-specific versions of Unix, DOS, Win32, BeOS, and OpenVMS). It is one of the most popular password testing and breaking programs as it combines a number of password crackers into one package, autodetects password hash types, and includes a customizable cracker. It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix versions (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. Additional modules have extended its ability to include MD4-based password hashes and passwords stored in LDAP, MySQL, and others.
- Lab Notes
- In this lab we will do the following:
- We will boot Windows into Kali.
- We will use Kali to mount the Windows Disk Partition that contains the SAM Database.
- We will use bkhive and samdump2 to extract password hashes for each user.
- We will use John the Ripper to crack the administrator password.
- In this lab we will do the following:
- Legal Disclaimer
- As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
- In accordance with UCC § 2-316, this product is provided with “no warranties, either express or implied.” The information contained is provided “as-is”, with “no guarantee of merchantability.”
- In addition, this is a teaching website that does not condone malicious behavior of any kind.
- Your are on notice, that continuing and/or using this lab outside your “own” test environment is considered malicious and is against the law.
- © 2013 No content replication of any kind is allowed without express written permission.
| Section 1. Log into Damn Vulnerable WXP-SP2 |
- Start Up Damn Vulnerable WXP-SP2.
- Instructions:
- Click on Damn Vulnerable WXP-SP2
- Click on Edit virtual machine Settings
- Note(FYI):
- For those of you not part of my class, this is a Windows XP machine running SP2.
- Instructions:
- Edit Virtual Machine Settings
- Instructions:
- Click on Network Adapter
- Click on the Bridged Radio button
- Click on the OK Button
- Instructions:
- Play Virtual Machine
- Instructions:
- Click on Damn Vulnerable WXP-SP2
- Click on Play virtual machine
- Instructions:
- Logging into Damn Vulnerable WXP-SP2.
- Instructions:
- Username: administrator
- Password: Use the Class Password or whatever you set it.
- Click the OK Button
- Instructions:
| Section 2. Change Administrator Password |
- Open a Command Prompt
- Instructions:
- Start –> All Programs –> Accessories –> Command Prompt
- Instructions:
- Change the Administrator Password
- Instructions:
- net user administrator football
- Note(FYI):
- We are changing the password to something that is in the dictionary to show you how easily it can be cracked.
.
- Instructions:
- Shutdown Windows Machine
- Instructions:
- shutdown -s -t 0
- Note(FYI):
- shutdown -s, shutdown the machine.
- -t 0, give the user a grace period of 0 seconds. The default is 30 seconds.
- Instructions:
| Section 3. Configure Windows to boot from Kali |
- Start Up Damn Vulnerable WXP-SP2.
- Instructions:
- Click on Damn Vulnerable WXP-SP2
- Click on Edit virtual machine Settings
- Note(FYI):
- For those of you not part of my class, this is a Windows XP machine running SP2.
- Instructions:
- Edit Virtual Machine Settings
- Instructions:
- Click on CD/DVD(IDE)
- Check the Connect at power on checkbox
- Click on the Use ISO Image File: radio button
- Click the Browse Button and Navigate to Kali.iso location
- Select the Kali.iso
- Click on the OK Button
- Instructions:
| Section 4. Power on Virtual Machine and Obtain Boot Menu |
- Play Virtual Machine
- Instructions:
- Click on Damn Vulnerable WXP-SP2
- Click on Play virtual machine
- Instructions:
- Obtain Boot Menu
- Instructions
- Once you see the below vmware screen, (1) Left Click in the screen and (2) press the “<Esc>” key
- Note(FYI):
- This might take you a few times so be patient!!!
- Instructions
- Boot Menu Options
- Instructions:
- Arrow Down to CD-ROM Drive
- Press <Enter>
- Instructions:
| Section 5. Mount Windows Disk Partition with Kali |
- Kali Linux Boot Menu
- Instructions:
- Arrow Down to Live (686-pae)
- Press <Enter>
- Note(FYI):
- Note this will usually be the first selection.
- Instructions:
- Open a Terminal Window
- Instructions:
- Click on the Terminal Window Icon
- Instructions:
- View and Mount Windows Disk
- Instructions:
- fdisk -l
- Where “-l” is the lower case letter L.
- mount -t ntfs /dev/sda1 /mnt
- fdisk -l
- Note(FYI):
- The fdisk command will allow you to see the partition table for one or many disk(s)
- The mount command will mount a file system. Since this is a Windows file system, I am specifying the “-t ntfs” option.
- Instructions:
- View Mount Point
- Instructions:
- df -k
- Note(FYI):
- The df command reports on file system disk space usage.
- Arrow #1 is point to the Windows Disk.
- Arrow #2 is the /mnt point that the Windows Disk is not mounted on.
- Instructions:
- View Windows Disk Contents
- Instructions:
- cd /mnt
- ls
- cd WINDOWS/system32/config
- Note(FYI):
- Since we mount the windows disk boot partition (/dev/sda1) on top of the /mnt directory, we have to cd into it to see its’ contents.
- The ls command will list the directories contents.
- This is where the SAM database lives. The SAM database is where all the Windows passwords live.
- Instructions:
| Section 6. Using bkhive and samdump2 |
- Using bkhive and samdump2
- Instructions:
- ls
- bkhive system /root/hive.txt
- samdump2 SAM /root/hive.txt > /root/hash.txt
- Note(FYI):
- ls the contents of the /WINDOWS/system32/config directory.
- bkhive dumps the syskey bootkey from Windows NT/2k/XP/Vista system hive.
- samdump2 dumps the Windows NT/2k/XP/Vista password hashes.
- Instructions:
- View Hash Contents
- Instructions:
- cd /root
- ls -l *.txt
- file *.txt
- cat hash.txt
- Note(FYI):
- Change directory into /root, because that is where we put our hive and hash files.
- List out the files using a wildcard (*).
- Determine the file type of the hash and hive files, where the hash file is (ASCII) and the hive file is (Compressed Binary).
- View the contents of the hash file
- Instructions:
| Section 7. Using John the Ripper |
- Run John the Ripper
- Instructions:
- john /root/hash.txt -format=nt2 -users=Administrator
- cd /root/.john
- ls -l
- cat john.pot
- Note(FYI):
- John is a password cracking tool.
- After john is ran, it stores the results in the .john directory under the current user’s home directory. (e.g., /root/.john).
- Use “ls -l” to show the detail listing of the files.
- View the contents of the john.pot file which contains the cracked passwords.
- Instructions:
| Section 8. Proof of Lab |
- Proof of Lab
- Instructions:
- cd /root/.john
- ls -l
- cat john.pot
- date
- echo “Your Name”
- This should be your actual name.
- e.g., echo “John Gray”
- Proof of Lab Instructions:
- Do a PrtScn
- Past into a word document
- Upload to Moodle.
- Instructions:
| Section 9. Post Installation Instructions |
- Un-Mount and Poweroff the Virtual Machine
- Instructions:
- cd
- umount /mnt
- poweroff
- Instructions:
- Remove Disc Message
- Instructions:
- Press Enter
- Instructions:
- Edit Damn Vulnerable WXP-SP2.
- Instructions:
- Click on Damn Vulnerable WXP-SP2
- Click on Edit virtual machine Settings
- Note(FYI):
- For those of you not part of my class, this is a Windows XP machine running SP2.
- Instructions:
- Edit Virtual Machine Settings
- Instructions:
- Click on CD/DVD(IDE)
- Click on the Use physical drive: radio button
- Select Auto detect from the down drop menu
- Click on the OK Button
- Instructions:
