The CEO of CorpNet.xyz has hired your firm to obtain some passwords for their company. A senior IT network administrator, Oliver Lennon, is suspected of
... [Show More] wrongdoing and suspects he is going to be fired from the company. The problem is that he changed many of the standard passwords known to only the top executives, and now he is the only one that knows them. Your company has completed the legal documents needed to protect you and the company.
With the help of a CorpNet.xyz executive, you were allowed into the IT Admin's office after hours. You unplugged the keyboard from the back of the ITAdmin computer and placed a USB keylogger into the USB, then plugged the USB keyboard into the keylogger. After a week, the company executive lets you back into the IT Admin's office after hours again.
In this lab, your task is to use the keylogger to recover the changed passwords as follows:
Move the keyboard USB connector to a different USB port on ITAdmin.
Remove the keylogger from ITAdmin.
Move the consultant laptop from the Shelf to the Workspace.
Plug the keylogger into the consultant laptop's USB drive.
Use the SBK key combination to toggle the USB keylogger from keylogger mode to USB flash drive mode.
Open the LOG.txt file and inspect the contents.
Find the olennon account's password.
Find the Administrator account's password.
Answer the questions.
Complete this lab as follows:
Above the computer, select Back to view the back of the computer.
On the back of the computer, drag the USB Type A connector for the keyboard to another USB port on the computer.
On the Shelf, expand System Cases.
Drag the Laptop to the Workspace.
Above the laptop, select Back to view the back of the laptop.
From the computer, drag the keylogger to a USB port on the laptop.
Above the laptop, select Front to view the front of the laptop.
On the laptop, select Click to view Windows 10.
Press S + B + K to toggle from the keylogger mode to the flash drive mode.
Select Tap to choose what happens with removable drives.
Select Open folder to view files.
Double-click LOG.txt to open the file.
In the top right, select Answer Questions.
Answer the questions.
Select Score Lab.
You are the IT administrator for a small corporate network, and you want to know how to find and recognize an ICMP flood attack. You know that you can do this using Wireshark and hping3.
In this lab, your task is to create and examine the results of an ICMP flood attack as follows:
From Kali Linux, start a capture in Wireshark for the esp20 interface.
Ping CorpDC at 192.168.0.11.
Examine the ICMP packets captured.
Use hping3 to launch an ICMP flood attack against CorpDC.
Examine the ICMP packets captured.
Answer the questions.
Complete this lab as follows:
From the Favorites bar, open Wireshark.
Under Capture, select enp2s0.
Select the blue fin to begin a Wireshark capture.
From the Favorites bar, open Terminal.
At the prompt, type ping 192.168.0.11 and press Enter.
After some data exchanges, press Ctrl + c to stop the ping process.
In Wireshark, select the red box to stop the Wireshark capture.
In the Apply a display filter field, type icmp and press Enter.Notice the number of packets captured and the time between each packet being sent.
Select the blue fin to begin a new Wireshark capture.
In Terminal, type hping3 --icmp --flood 192.168.0.11 and press Enter to start a ping flood against CorpDC.
In Wireshark, select the red box to stop the Wireshark capture.Notice the type, number of packets, and the time between each packet being sent.
In Terminal, type Ctrl + c to stop the ICMP flood.
In the top right, select Answer Questions.
Answer the questions.
Select Score Lab.
You are the IT security administrator for a small corporate network. Recently, some of your firm's proprietary data leaked online. You have been asked to use steganography to encrypt data into a file that will be shared with a business partner. The data will allow you to track the source if the information is leaked again.
In this lab, your task is to use OpenStego to hide data inside a picture file as follows:
Encrypt the user data found in John.txt into gear.png.
Save the output file into the Documents folder as send.png.
Password protect the file with NoMor3L3@ks! as the password.
Confirm the functionality of the steganography by extracting the data from send.png into the Exports folder and opening the file to view the hidden user data.
Complete this lab as follows:
Encrypt the user data into the file to be shared as follows:In the search field on the taskbar, type OpenStego.Under Best match, select OpenStego.In the Message File field, select the ellipses at the end of the field.Select John.txt.Select Open.In the Cover File field, select the ellipses at the end of the field.Select gear.png file.Select Open.In the Output Stego File field, select the ellipses at the end of the field.In the File name field, enter send.png.Select Open.
Password protect the file as follows:In the Password field, enter NoMor3L3@ks!In the Confirm Password field, enter NoMor3L3@ks!Select Hide Data.Select OK.
Extract the data and open the file as follows:Under Data Hiding, select Extract Data.In the Input Stego File field, select the ellipses.Select send.png file with the encryption.Select Open.In the Output Folder for Message File field, select the ellipses.Double-click Export to set it as the destination of the output the file.Click Select Folder.In the Password field, enter NoMor3L3@ks! as the password.Select Extract Data.Select OK.From the taskbar, open File Explorer.Double-click Documents to navigate to the folder.Double-click Export to navigate to the folder.Double-click John.txt to open the output file and verify that the decryption process was successful.
You are the IT security administrator for a small corporate network. You've received a zip file that contains sensitive password-protected files. You need to access these files. The zip file is located in the home directory.
In this lab, your task is to use John the Ripper to:
Crack the root password on Support.
Crack the password of the protected.zip file in the home directory on IT-Laptop.
After John the Ripper cracks the password, it won't crack it again. The results are stored in the john.pot file.
Complete this lab as follows:
Crack the root password on Support as follows:From the Favorites bar, open Terminal.At the prompt, type cd /usr/share/john and press Enter to change directories to the folder containing the John the Ripper password file.Type ls and press Enter to list the files in the directory.Type cat password.lst and press Enter to view the password list. This is an abbreviated list.Type cd and press Enter to go back to root.Type john /etc/shadow and press Enter to crack the Linux passwords.Notice that the root password of 1worm4b8 was cracked.Type john /etc/shadow and press Enter to attempt to crack the Linux passwords again.Notice that it does not attempt to crack the password again. The cracked password is already stored in the john.pot file.Type cat ./.john/john.pot and press Enter to view the contents of the john.pot file.Type john /etc/shadow --show and press Enter as an alternate method of viewing the previously cracked password.In the top right, select Answer Questions.In Terminal, find the root password and answer the question.
Crack the password of the protected.zip file as follows:From the top navigation tabs, select Floor 1 Overview.Under IT Administration, select IT-Laptop.From the Favorites bar, open Terminal.At the prompt, type ls and press Enter to view the contents of the home directory. Notice the protected.zip file you wish to crack.Type zip2john protected.zip > ziphash.txt and press Enter to copy the hashes to a text file.Type cat ziphash.txt and press Enter to confirm that the hashes have been copied.Type john --format=pkzip ziphash.txt and press Enter to crack the password.Notice that the password of p@ssw0rd was cracked.Type john ziphash.txt --show and press Enter to show the password.In the top right, select Answer Questions.In Terminal, find the password for the file and answer the question.Select Score Lab.
You are a cybersecurity consultant and have been asked to work with the ACME, Inc. company to ensure that their network is protected from hackers. As part of the tests, you need to clear a few log files.
In this lab, your task is to use Windows PowerShell (as Admin) to clear the following event logs:
Use get-eventlog to view the available event logs.
Use clear-eventlog to clear the Application and System logs.
Complete this lab as follows:
Right-click Start and select Windows PowerShell (Admin).
Maximize the window for easier viewing.
At the prompt, type Get-Eventlog -logname * and press Enter.In the Entries column, notice the number of entries for the logs.
Type Clear-Eventlog -logname Application and press Enter.
Type Clear-Eventlog -logname System and press Enter.
Type Get-Eventlog -logname * and press Enter.The log entries for Application is zero. The log entries for System is one because another event occurred between the times you cleared the log and viewed the entry list.
As the cybersecurity specialist for your company, you're performing a penetration test. As part of this test, you're checking to see if the Security Account Manager (SAM) passwords from a Windows system can be cracked using John the Ripper.
In this lab, your task is to crack the SAM passwords as follows:
On Office 1, use pwdump7 to export the contents of the SAM to SAMhash.txt. This machine has already been booted into a recovery mode, allowing you to use Troubleshoot > Advanced > Command Prompt to access the SAM file.
Copy the exported file to the thumb drive (g: drive) and then move the thumb drive to the IT-Laptop computer. After the thumb drive is inserted, it is automatically mounted to /media/root/ESD-USB/.
On IT-Laptop, crack the password using the echo and John the Ripper commands.Use the cat command to display the password hash file that was copied to the thumb drive. Do NOT run the echo or John the Ripper commands from the thumb drive.
Complete this lab as follows:
Use pwdump7 to create a text file containing the SAM password hashes and copy the new file to the thumb drive as follows:From the recovery dialog, select Troubleshoot.Select Advanced options.Select Command Prompt.Type pwdump7 > SAMhash.txt and press Enter.Type copy SAMhash.txt g: and press Enter.
Move the thumb drive from Office 1 to the IT-Laptop computer as follows:From the top navigation tabs, select Office 1.Select the USB Thumb Drive plugged into the front of the computer.Drag the USB Thumb Drive to the Shelf so you can access it later in the IT Administration office.From the top navigation tabs, select Floor 1 Overview.Under IT Administration, select Hardware.Above IT-Laptop, select Back to switch to the back view of the laptop.From the Shelf, drag the USB Thumb Drive to a USB port on the laptop computer.Above IT-Laptop, select Front to switch to the front view of the laptop.On the monitor, select Click to view Linux.
Create a new hash file that contains the hash to be cracked as follows:From the Favorites bar, open Terminal.Type cat /media/root/ESD-USB/SAMhash.txt and press Enter.Type echo.Press the space bar.In the Admin line of the output, select the hash in the fourth field. Each field is separated by a colon. This is the hash value that needs to be cracked.Right-click the hash in the fourth field of the Admin line.Notice that the hash was pasted into the command line.Press the space bar.Type > SAMhash.txt.Press Enter.
Use John the Ripper and the new hash file to crack the password as follows:Type john SAMhash.txt and press Enter.From the output, find the Admin's password.In the top right, select Answer Questions.Answer the questions.Select Score Lab. [Show Less]