CERTIFIED INFORMATION SECURITY EXPERT

Topic: OPERATING SYSTEM THREATS &

SECURITY
By: Nikhil Shingade

What is Operating System?

An operating system is a software which acts as an interface between the end user and
computer hardware. Every computer must have at least one OS to run other programs.
Important thing which will be cover in this are:
BIOS (Basic Input Output Software)  Is used for hardware configuration
BOOTLOADER  Loads OS in ram and executes using processor
BOOTMBR (for windows)
GRUB (Grand Unified Bootloader) (for Linux)
KERNEL  manager of OS

1. How to set or reset windows password using cmd?

If we enter the wrong password this will throw an error…but where does this error comes
from.

Where is the windows password location?

C:  windows  system32  config  sam
Windows password is stored in SAM (Security Account Manager) file.
Windows password is stored in hash format.
This is an encrypted file which cannot be read easily and is stored in NTML(New
Technology LAN Manager) HASH.

How to see the number of users in the system in cmd?

Open CMD  type net user  hit enter

How to set new password?

Open CMD  net user USERNAME * hit enter  then enter new password 
reconfirm new password  hit enter

How to change password of ADMIN?

Open CMD  net user * hit enter  then enter new password  reconfirm new
password  hit enter

Windows password cracking techniques :-

1. Brute force attack In cryptography, a brute-force attack consists of an attacker
submitting many passwords or passphrases with the hope of eventually guessing a
combination correctly.
Let’s consider a combination 0 – 9 (length is 10)
So the combinations will start from 000000000 to 999999999
Let’s consider this combination a – z (length is 26)

Cracking passwords with a combination of number, special character, lower and

upper case is a tough task for brute force attack.
Brute force is a time-consuming attack and if length of password is >12 then
password will not be cracked and if it’s a combination it will take days to crack it.

Tool  cain
Open CAIN  select cracker click “+” click next for including all the hashes 
Right click the user who’s password is to be cracked  select brute force  select
NTLM  select alpha numeric  length as 8  hit start

2. Dictionary attack  a dictionary attack is a form of brute force attack technique for

defeating a cipher or authentication mechanism by trying to determine its decryption
key or passphrase by trying thousands or millions of likely possibilities, such as
words in a dictionary or previously used passwords, often from lists obtained from
past security breaches.

3. Rule based attack

We have some information about the password and rest of the password is guessed
on based on the persons information.

4. Password bypassing

Requirements:-
Pen drive (for booting)
Kon – Boot software

What is KON – BOOT?

Kon – Boot is a tool that allows accessing target computer without knowing the
user’s password. Unlike other solutions Kon – Boot does not reset or modify user’s
password and all changes are reverted back to previous state after restart.
Working of KONBOOT software
 Enter BIOS  Boot  put removable device on the top  hit enter

Windows 8 / 8.1 / 10 passwords can be cracked.

5. Password resetting
6. Password removing
Windows password security :-
1. Bios password security
This can be set in the BOIS mode.
This is saved in a CMOS(Complementary Metal Oxide Semiconductor ) battery.
If we forget that we have to change the cell itslf it cannot be reset.
2. Syskey password security
Enter Run  search SYSKEY  Enter the password
This will pop up when u start the win OS and helps protecting against KON – BOOT
attacks.

Linux Commands OR Linux Operating System Hacking

How to install Linux:

 Install Vmware Workstation Player
 Choose your preferred Linux OS
 Create your Linux Virtual Machine
o Click Create a New Virtual Machine
o Select the default option, Installer Disc Image File (ISO)
o Click Browse to find the ISO file
o With “guest” OS selected, click NEXT
o Select Linux as the Guest operating system type
o Under Version, scroll through the list and select the OS
o Click NEXT to proceed and if necessary, input a Virtual Machine Name
o Confirm the storage location and change if needed
 With the OS selected and configured, it’s time to build the virtual machine
o Under Specify Disk Capacity adjust Maximum disk size if required (the
defauly should be enough)
o Select split virtual disk into multiple files as this makes moving the
VM to a new PC easy
o If anything seems wrong click Back, otherwise click finish
 Your Linux Virtual Machine will be added to VMware Workstation Player.
 File Commands
o Directory Listing Commands
o Change Directory
o Current Working Directory
o Creating & Deleting Folders
 Open terminal
o ~ HOME DIRECTORY
o /  ROOT DIRECTORY
o clear  To clear the terminal
o ls  list directory contents
o ls – l detailed information of the files with date of creation, location,
permissions
o ls – a  To view hidden files and folders
o cd  change directory , used to change directory for eg: if you are
currently in home directory we can use cd to switch to any location
cd Desktop/
o cd..  Used to go to the previous directory or folder
o touch FILENAME  used for creating empty text file
o cat >FILENAME hit enter ENTER THE CONTENT TO BE ADDED IN
THE FILE  used for creating text file with content
o mkdir DIRECTORYNAME How to create directory or folder
o cp SOURCE_FILE DESTINATION_FOLDER  How to copy one
file into a folder
Eg: cp /root/Desktop/FILE_NAME /root/Desktop/FOLDER_NAME/
o pwd  How to find current location i.e PRESENT WORKING
DIRECTORY
o mv  to move a file from one location from another
o rm FILE_NAME  to delete files
o rmdir FOLDER_NAME  to delete a folder
o chmod 777  How to change permissions of a file
 Permissions are there for 3 people
 User
 Groups
 Others
o Read  value “4”
o Write  value “2”
o Execute  value “1”
 For eg: chmod 7 4 3
 user has full permission
 groups have permission to read the file
 others have there permission to write and execute the
file
o whoami  To check which user is currently logged in
o add user USERNAME OR user add USERNAME  How to create
user
  Once user is added Enter the Password then press Y for
information correction.
o su USERNAME  How to switch between users
o del USERNAME OR user del USERNAME  To delete user
o passwd USERNAME  To set new password of a user
o locate FILENAME OR FOLDERNAME  To locate a file or folder
o sudo apt-get install python OR firefox OR any file  To install an
application using command
o sudo apt-get update  To update the system
o reboot -f  To reboot the system

7. How to reset LINUX password?

There is a bootloader present in linux called GRUB i.e. Grand Unified
Bootloader.
STEPS 
Shut down linux
Start linux again
GRUB window will pop – up
o Select Advanced options for Kali GNU/LINUX
o Hit enter
o Select Kali GNU/LINUX, with Linux (recovery mode)
o Press e
o This will open a GRUB CODE made using SHELL
SCRIPTING
o Move down in the code using down – arrow
o Find a command starting with
 Linux /boot/vmlinux-4.6.0-kali-amd64
root=/dev/s\dal ro single initr=/install.initrd.gz
 In the above command remove
/boot/vmlinux-4.6.0-kali-amd64 root=/dev/s\dal ro
single initr=/install.initrd.gz
 Edit the command
/boot/vmlinux-4.6.0-kali-amd64 root=/dev/s\dal rw
init=/bin/bash
 To save the changes done press CNTRL+ X
o A terminal will open where type
 passwd root HIT ENTER
 ENTER PASSWORD TWICE
 Enter the command reboot -f to reboot the system to check the password
that was edited using previous steps.