05 - System Hacking

The goal of system hacking is to gain access, escalate privileges, execute applications, and hide files.

Module Objective

The objective of this lab is to help students learn to monitor a system remotely and to extract hidden files and other tasks that include:

  • Extracting administrative passwords
  • Hiding files and extracting hidden files
  • Recovering passwords
  • Monitoring a system remotely

Scenario

Password hacking is one of the easiest and most common ways hackers obtain unauthorized computer or network access. Although strong passwords that are difficult to crack (or guess) are easy to create and maintain, users often neglect this. Therefore, passwords are one of the weakest links in the information security chain. Passwords rely on secrecy. After a password is compromised, its original owner isn’t the only person who can access the system with it. Hackers have many ways to obtain passwords. Hackers can obtain passwords from local computers by using the password-cracking software. To obtain passwords from across a network, hackers can use remote cracking utilities or network analyzers. This chapter demonstrates just how easily hackers can gather password information from your network and describes password vulnerabilities that exist in computer networks and countermeasures to help prevent these vulnerabilities from being exploited on your systems.

I. Extracting Administrator Passwords Using LCP

Hackers can break weak password storage mechanisms by using cracking methods that outline in this chapter. Many vendors and developers believe that passwords are safe from hackers if they don’t publish the source code for their encryption algorithms. After the code is cracked, it is soon distributed across the Internet and becomes public knowledge. Password-cracking utilities take advantage of weak password encryption. These utilities do the grunt work and can crack any password, given enough time and computing power. In order to be a security expert and penetration tester, you must understand how to crack administrator passwords.

Lab Objectives

The objective of this lab is to help students learn how to crack administrator passwords for ethical purposes. In this lab you will learn how to:

  • Use an LCP tool
  • Crack administrator passwords