NETLAB+ Lab Information

The information provided below will be used to login to the Virtual Machines in
the NETLAB+ system.

Virtual Machine Username Password IP Address

Administrator P@ssw0rd 192.168.0.2

Windows Server
2016 + Clone (Clone)
Test Test123
192.168.0.3

Kali Linux kali kali 192.168.0.4

Module 06: System Hacking

Objective
The goal of system hacking is to gain access, escalate privileges, execute applications, and hide files.

The objective of this lab is to help students learn to monitor a system remotely and to extract hidden files and
other tasks that include:

• Extracting administrative passwords

• Hiding files and extracting hidden files
• Recovering passwords
• Monitoring a system remotely

Scenario
Password cracking is one of the crucial stages of system hacking. Hacking often begins with password
cracking attempts. A password is a key piece of information necessary to access a system. Consequently, most
attackers use password cracking techniques to gain unauthorized access. An attacker may either crack a
password manually by guessing it, or use automated tools and techniques such as a dictionary or a brute-force
method. Most password cracking techniques are successful because of weak or easily guessable passwords.

The labs in this module demonstrate just how easily hackers can gather password information from your
network, and describe password vulnerabilities that exist in computer networks, as well as countermeasures to
help prevent these vulnerabilities from being exploited on your systems.
Exercise 1: Auditing System Passwords Using L0phtCrack

Because security and compliance are high priorities for most organizations, Attacks on an organization's
computer systems take many different forms, such as spoofing, smurfing, and other types of Denial of Service
(DoS) attacks. These attacks are designed to harm or interrupt the use of your operational systems.

In this lab, we will look at what password cracking is, why attackers do it, how they achieve their goals, and
what you can do to do to protect yourself. Through an examination of several scenarios, in this lab, we
describe some of the techniques they deploy and the tools that aid them in their assaults and how password
crackers work both internally and externally to violate a company's infrastructure.

To be an expert ethical hacker and penetration tester, you must understand how to crack an administrator
password. In this lab, we crack system user accounts using L0phtCrack.

In this lab, being a security auditor, you will be running the L0phtCrack tool by giving the remote machine’s
administrator user credentials. User accounts passwords that are cracked in a short amount of time are
considered to be weak, and you need to take certain measures to make them stronger. The objective of this lab
is to help students learn how to:

• Use the L0phtCrack tool to attain user passwords that can be easily cracked

Lab Duration: 15 Minutes

1. Login to the Windows Server 2016 VM Administrator account.

2. In the Password field enter P@ssw0rd and press Enter to login.
3. Navigate to C:Users\Administrator\Desktop\CEH\System Hacking\Password Cracking
Tools\L0phtCrack. Double-click lc7setup_v7.0.15_Win64.exe.
 The application installer is launched, follow the wizard guided instructions to install the
application.

4. The L0phtCrack 7 - Trial window should open automatically after the setup is finished, click
Proceed with Trial.

5. Start your Windows Server 2016 Clone VM, enter ipconfig in the command prompt to determine
the IP address, which you will use later in this lab
6. Go back to the Windows Server 2016 VM
7. Click Password Auditing Wizard in L0phtCrack 7
8. LC7 Password Auditing Wizard window appears showing the Introduction section, click Next.

9. Choose Target System Type section appears, select the Windows radio-button and click Next.
10. Windows Import section appears, select A remote machine radio-button and click Next.

11. Windows Import from Remote Machine (SMB) section appears, fill in the following details:

In the Host: field type [IP Address of Windows Server 2016 Clone]
Select the Use Specific User Credentials radio-button
In the Credentials section type the following info in the respective fields:

Username: Administrator
Password: P@ssw0rd
Click Next.
 +
12. Choose Audit Type section appears, select Strong Password Audit radio-button and click Next.
13. Reporting Options section appears, check that Display passwords when audited and Display
encrypted password hashes options are selected and click Next.

14. Job Scheduling section appears, select Run this job immediately radio-button and click Next.
 15. Summary section appears, click Finish.

16. Perform Calibration? pop-up appears, click No.

17. Copying LC7 Agent window appears, click Yes.
18. L0phtCrack starts to crack the passwords, you can see the progress bar in the bottom of the
application window.
19. So, you have successfully attained weakly configured passwords. As a security
auditor/administrator, you need to enforce strong passwords for user accounts, to avoid passwords
being stolen.
20. After noting down all the cracked passwords for further use, close all the windows which were
open.

In this lab, you have learned how to:

• Use the L0phtCrack tool to attain user passwords which can be easily cracked
Exercise 2: Hiding Files Using NTFS Streams

Once the hacker has fully hacked the local system, installed their backdoors and port redirectors, and obtained
all the information available to them, they will proceed to hack other systems on the network. Most often, there
are matching service, administrator, or support accounts residing on each system that make it easy for the
attacker to compromise each system in a short amount of time. As each new system is hacked, the attacker
performs steps to gather additional system and password information. Attackers continue to leverage
information on each system until they identify passwords for accounts that reside on highly prized systems
including payroll, root domain controllers, and Web servers. To be an expert ethical hacker and penetration
tester, you must understand how to hide files using NTFS streams.

NTFS supersedes the FAT file system as the preferred file system for Microsoft Windows operating systems.
NTFS has several improvements over FAT and HPFS (High Performance File System), such as improved
support for metadata and the use of advanced data structures.

The objective of this lab is to help students learn how to hide files using NTFS streams. It will teach you how
to:

• Use NTFS streams

• Hide files

Lab Duration: 10 Minutes

1. Click Windows 2016 and click Ctrl+Alt+Delete.

2. In the Password field click P@ssw0rd and press Enter to login.
3. Make sure that the C:\ drive file system is of NTFS format. To check this, go to Computer, right-
click C:\, and click Properties.
4. The Local Disk (C:) Properties window appears; check for file system format. Observe that the
file system format is NTFS. Click OK.

5. Open Windows Explorer, copy calc.exe from C:\windows\system32

6. navigate to C: drive, create a new folder and name it magic and paste the calc.exe application in
this folder.

7. Right-click on the Start menu and select Command Prompt to launch a command line window.
8. Type cd C:\magic and press Enter. The command-prompt directory points to the C:\magic drive.

9. Type notepad readme.txt, and press Enter.

10. A Notepad pop-up appears; click Yes to create a new notepad file named readme.txt.
11. Type some random text in the notepad file (for instance, Hello World!!).

12. Go to File menu, and click Save to save the readme.txt notepad file.
13. Type dir in the command prompt and press Enter. This lists all the files present in the directory
along with the files’ sizes. Note the file size of readme.txt (in this case, 14 bytes).

14. Now hide calc.exe inside the readme.txt by typing the following in the command prompt:
type c:\magic\calc.exe > c:\magic\readme.txt:calc.exe
 Then press Enter.

15. Type dir in command prompt and note the file size of readme.txt. The size of the readme.txt file
should not change.

16. Type the following command in the command prompt:

 mklink backdoor.exe readme.txt:calc.exe, and press Enter.

17. Type backdoor.exe and press Enter. The Calculator application will be executed, as shown in the
screenshot.

18. Close all windows after the lab is done.

In this lab, you have learned how to hide files using NTFS streams.