A.3 TestOut Ethical Hacker Pro Certification Practice Exam (2)
You are the IT security administrator, and you are learning to use some ethical hacking tools. Your friend at a partner company asked you to scan his company's public-facing servers to see if they have any obvious vulnerabilities. The Partnernet servers are on the 73.44.216.0 network. In this lab, your task is to: Perform a Zenmap scan using the following information:Network address: 73.44.216.0Subnet mask: Class C Answer the questions.
Complete the following: From the Favorites bar, open Zenmap. At the prompt, type nmap 73.44.216.0/24. Select Scan. Find the network vulnerabilities in the output. In the top right, select Answer Questions. Answer the questions. Select Score Lab.
While working on your Linux server, you want to practice starting, stopping, and restarting a service using the systemctl command. You are logged in as root so the sudo command is not necessary. In this lab, your task is to: Use the systemctl command to start bluetooth.service. Use the systemctl command to stop bluetooth.service. Use the systemctl command to restart bluetooth.service. After each command, you can check the service status with the systemctl command.
Complete this lab as follows: At the prompt, type systemctl start bluetooth.service and press Enter to start bluetooth.service. Type systemctl stop bluetooth.service and press Enter to stop bluetooth.service. Type systemctl restart bluetooth.service and press Enter to restart bluetooth.service.
As an IT administrator, you need to know how security breaches are caused. You know that SMAC is used for MAC spoofing, so you are going to spoof your MAC address. In this lab, your task is to complete the following: On Office2 use ipconfig /all and find the IP address and MAC address. Spoof the MAC address on ITAdmin to that of Office2 using SMAC. Refresh your MAC and IP addresses to match the target machine.
Complete this lab as follows: Find the IP address and MAC address as follows:Right-click Start and select Windows PowerShell (Admin).At the command prompt, type ipconfig /all and press Enter.Find the MAC address and the IP address. Spoof the MAC address as follows:From the top navigation tabs, select Floor 1 Overview.Under IT Administration, select ITAdmin.In the search bar, type SMAC.Under Best match, right-click SMAC and select Run as administrator.In the New Spoofed Mac Address field, type 00:00:55:55:44:15 for the MAC address from Office2.Select Update MAC.Select OK to restart the adapter. Refresh your MAC and IP addresses as follows:Right-click Start and select Windows PowerShell (Admin).At the command prompt, type ipconfig /all to confirm the MAC address has been updated.Type ipconfig /renew to update the IP address.
You work for a penetration testing consulting company. During an internal penetration test, you find that VNC is being used on the network, which violates your company's security policies. It was installed to maintain access by a malicious employee. In this lab, your task is to complete the following: From the IT-Laptop, use Zenmap to scan all computers on the network to see if any devices have port 5900 (VNC) open. Answer Question 1. Go to the suspect computer and uninstall VNC. From the suspect computer, run netstat to verify the ports for VNC are closed.IP AddressComputer192.168.0.30Exec192.168.0.31ITAdmin192.168.0.32Gst-Lap192.168.0.33Office1192.168.0.34Office2192.168.0.45Support192.168.0.46IT-Laptop
Complete this lab as follows: Find the server that has port 5900 open.From the Favorites bar, open Zenmap.In the Command field, use nmap -p 5900 192.168.0.0/24.Select Scan.From the results, find the computer with port 5900 open.From the top right, select Answer Questions.Answer Question 1.Minimize the Lab Questions window. Uninstall VNC from the computer that has port 5900 open.From the top navigation tabs, select Floor 1 Overview.Find and select the computer that has port 5900 open. (Open the Question window if needed.)At the prompt, type netstat and press Enter to confirm the port is open on the machine.Type dnf list vnc and press Enter to find the package name.Type dnf erase libvncserver and press Enter.Press Y and press Enter to uninstall the package.Type netstat and press Enter to confirm the port has been closed on the machine.From the top right, select Answer Questions.Select Score Lab.
As the IT security administrator for a small corporate network, you need to simulate a SYN flood attack using Metasploit so you can complete a penetration test. In this lab, your task is to perform and monitor a SYN flood attack using the following information: Use Zenmap to find the FTP port on CorpServer (192.168.0.10). Use Metasploit to send a SYN flood attack as follows:Remote host: 192.168.0.10Source host: 192.168.0.33Set the FTP port to match the FTP port used by CorpServer. Use Wireshark to capture the SYN flood on the enp2s0 network interface. Filter to show only TCP SYN packets. Find the MAC address of the computer causing the SYN flood. Answer the questions.
Complete this lab as follows: From Zenmap, use nmap to find the FTP port used on CorpServer as follows:From the Favorites bar, open Zenmap.In the Command field, type nmap -p 0-100 192.168.0.10Select Scan.CorpServer is using port 21 for FTP.Close Zenmap. Use Metasploit to send a SYN flood as follows:From the Favorites bar, open Metasploit Framework.At the prompt, type search synflood and press Enter to find a SYN flood Metasploit module.Type use auxiliary/dos/tcp/synflood and press Enter to select the SYN flood module.Type show options and press Enter to view the current options for the SYN flood module.Notice that RHOST and SHOST are unassigned and RPORT is set to port 80.Type set rhost 192.168.0.10 and press Enter to set the RHOST address.Type set shost 192.168.0.33 and press Enter to set the SHOST address.Type set rport 21 and press Enter to set the FTP port.Type show options and press Enter to view the new options for the SYN flood module.Notice that RHOST and SHOST have IP addresses assigned and RPORT is set to port 21 matching CorpServer. Capture SYN flood attacks on the CorpServer machine as follows:From the Favorites bar, open Wireshark.Under Capture, select enp2s0.In the Apply a display filter field, type host 192.168.0.10 and tcp.flags.syn==1Press Enter.Select the blue fin to begin a Wireshark capture.Notice that no packets are being captured. In Metasploit, type exploit and press Enter to start a SYN flood. Capture packets for a few seconds. In Wireshark, select the red box to stop the Wireshark capture.Notice the time between each packet sent to host 192.168.1.10. Notice that only SYN packets were captured. In the top right, select Answer Questions. Answer question 1. In the middle pane, expand Ethernet II.Notice the source MAC address of the computer sending the SYN flood. Answer question 2. Select Score Lab.
You are an ethical hacker consultant working for CorpNet. CorpNet wants you to discover weaknesses in their public-facing servers. From outside of the CorpNet network, you are able to deploy a Metasploit payload to one of their Windows servers named www3.corpnet.xyz. You are determining whether the Windows patches are up to date or if there is an unpatched vulnerability that could be exploited. In this lab, your task is to: Use the post/windows/gather/enum_patches exploit in Metasploit to enumerate the Windows patches that are missing or vulnerable. Answer the question. Metasploit has already been configured to exploit the payload that was deployed to www3.corpnet.xyz. This Meterpreter payload has already connected as session 1.
Complete this lab as follows: From the Favorites bar, open Metasploit Framework. At the prompt, type use post/windows/gather/enum_patches and press Enter to use the enumerate patches exploit. Type show options and press Enter to show the exploit options.Notice that the session option is absent. Type set session 1 and press Enter to specify the session. Type show options and press Enter.Notice that the session option has been set. Type run and press Enter to begin the exploit. In the top right, select Answer Questions. Answer the question. Select Score Lab.
You are the IT security administrator for a small corporate network. To protect your Bluetooth devices from hackers, you need to discover which Bluetooth devices are running in your company and gather information on each. In this lab, your task is to scan for Bluetooth devices using Terminal as follows: Use hciconfig to discover and enable the onboard Bluetooth adapter. Use hcitool to scan for Bluetooth devices and find the class ID. Use l2ping to determine if the Bluetooth device is alive and within range. Use sdptool to query Philip's Dell Laptop to determine the Bluetooth services available on the device. Answer the question.
Complete this lab as follows: From the Favorites bar, open Terminal. At the prompt, type hciconfig and press Enter to view the onboard Bluetooth adapter. Type hciconfig hci0 up and press Enter to initialize the adapter. Type hciconfig and press Enter to verify that the adapter is up and running. Type hcitool scan and press Enter to view the detected Bluetooth devices and their MAC addresses. Type l2ping MAC address and press Enter to determine if the Bluetooth device is in range. Press Ctrl + c to stop the ping process. Repeat steps 6-7 for each device. Type sdptool browse B0:52:23:92:EF:CC and press Enter to view the details for Philip's Dell Laptop. Type hcitool inq and press Enter to determine the clock offset and class for each device. In the top left, select Answer Questions. Select the correct answer. Select Score Lab.
You are an ethical hacker consultant working for CorpNet. They want you to discover weaknesses in their network. From outside of the CorpNet network, you found their web server, www.corpnet.xyz, has an IP address of 198.28.1.1. You decide to perform several nmap scans using a few http scripts. In this lab, your task is to run the following nmap scripts on port 80 of 198.28.1.1: http-server-header.nse to display the HTTP server header. http-chrono.nse to measure the time a website takes to deliver a web page. http-headers.nse to perform a HEAD request for the root folder. http-errors.nse to crawl through the website and return any error pages. http-malware-host.nse to look for malware signatures of known server compromises. http-comments-displayer.nse to display HTML and JavaScript comments.
Complete this lab as follows: From the Favorites bar, open Terminal. At the prompt, type nmap --script=http-server-header -p80 198.28.1.1 and press Enter to run the http-server-header.nse script. In the top right, select Answer Questions. Answer question 1. Type nmap --script=http-chrono -p80 198.28.1.1 and press Enter to run the http-chrono.nse script. Type nmap --script=http-headers -p80 198.28.1.1 and press Enter to run the http-headers.nse script. Type nmap --script=http-errors -p80 198.28.1.1 and press Enter to run the http-errors.nse script. Under Lab Questions, answer question 2. Type nmap --script=http-malware-host -p80 198.28.1.1 and press Enter to run the http-malware-host.nse script. Type nmap --script=http-comments-displayer -p80 198.28.1.1 and press Enter to run the http-comments-displayer.nse script. Under Lab Questions, answer question 3. Click Score Lab.
You are the cypersecurity specialist for your company. You are conducting a penetration test to see if anyone is using FTP against company policy. In this lab, your task is to capture FTP packets as follows: Use Wireshark to capture packets for five seconds. Filter for FTP packets. Answer the questions.
Complete this lab as follows: From the Favorites bar, open Wireshark. Under Capture, select enp2s0. Select the blue fin to begin a Wireshark capture. Capture packets for five seconds. Select the red box to stop the Wireshark capture. In the Apply a display filter field, type ftp and press Enter. In the top right, select Answer Questions. Answer the questions. Select Score Lab.
You are the cybersecurity specialist for your company. You need to check to see if any clear text passwords are being exposed to hackers through an HTTP login request. In this lab, your task is to analyze HTTP POST packets as follows: Use Wireshark to capture all packets. Filter the captured packets to show only HTTP POST data. Examine the packets captured to find clear text passwords. Answer the questions.
Complete this lab as follows: From the Favorites bar, open Wireshark. Under Capture, select enp2s0. Select the blue fin to begin a Wireshark capture. Capture packets for five seconds. Select the red box to stop the Wireshark capture. Maximize Wireshark for easier viewing. In the Apply a display filter field, type http.request.method==POST and press Enter to show the HTTP POST requests. From the middle pane, expand HTML Form URL Encoded for each packet. Examine the information shown to find clear text passwords. In the top right, select Answer Questions. Answer the questions. Select Score Lab.
You are a cybersecurity consultant. The company hiring you suspects that employees are connecting to a rogue access point (AP). You need to find the name of the hidden rogue AP so it can be deauthorized. The computer suspected of using the rogue access point is Exec-Laptop. In this lab, your task is to complete the following: On IT-Laptop, use airmon-ng to put the wireless adapter in monitor mode. Use airodump-ng to find the hidden access point. On Exec-Laptop, connect to the rogue AP using the CoffeeShop SSID. Answer the question.
Complete this lab as follows: On IT-Laptop, configure the wlp1s0 card to run in monitor mode as follows:From the Favorites bar, open Terminal.At the prompt, type airmon-ng and press Enter to find the name of the wireless adapter.Type airmon-ng start wlp1s0 and press Enter to put the adapter in monitor mode.Type airmon-ng and press Enter to view the new name of the wireless adapter. Use airodump-ng to discover and isolate the hidden access point as follows:Type airodump-ng wlp1s0mon and press Enter to discover all of the access points.Press Ctrl + c to stop airodump-ng.Find the hidden access point ESSID <length : 0>.In the top right, select Answer Questions.Answer the question.In Terminal, type airodump-ng wlp1s0mon --bssid bssid_number and press Enter to isolate the hidden access point. Switch to the Exec-Laptop and connect to the Wi-Fi network as follows:From the top navigation tabs, select Floor 1 Overview.Under Executive Office, select Exec-Laptop.From the notification area, select the Wi-Fi network icon.Select Hidden Network.Select Connect.In the Enter the name (SSID) for the network field, type CoffeeShop.In a real environment, you'll only need to wait until the employee connects to the rogue access point again.Select Next.Select Yes.Under Lab Questions, select Score Lab.
You are the IT security administrator for a small corporate network. The HR director is concerned that an employee is doing something sneaky on the company's employee portal and has authorized you to hijack his web session so you can investigate. In this lab, your task is to hijack a web session as follows: On IT-Laptop, use Ettercap to sniff traffic between the employee's computer in Office1 and the gateway. Initiate a man-in-the-middle attack to capture the session ID for the employee portal logon. On Office1, log in to the employee portal on rmksupplies.com using Chrome and the following credentials:Username: bjacksonPassword: $uper$ecret1 On IT-Laptop, copy the session ID detected in Ettercap. On Office2, navigate to rmksupplies.com and use the cookie editor plug-in in Chrome to inject the session ID cookie. Verify that you hijacked the session.
Complete this lab as follows: On IT-Laptop, open Terminal from the sidebar. At the prompt, type host office1 and press Enter to get the IP address of Office1. Type route and press Enter to get the gateway address. Use Ettercap to sniff traffic between Office1 and the gateway as follows:From the Favorites bar, open Ettercap.Maximize the window for easier viewing.Select Sniff > Unified sniffing.From the Network Interface drop-down list, select enp2s0.Click OK.Select Hosts > Scan for hosts.Select Hosts > Host list.We want to target information between Office1 (192.168.0.33) and the gateway (192.168.0.5).Under IP Address, select 192.168.0.5.Select Add to Target 1.Select 192.168.0.33.Select Add to Target 2. Initiate a man-in-the-middle attack as follows:Select Mitm > ARP poisoning.Select Sniff remote connections.Click OK. You are ready to capture traffic. On Office1, log in to the employee portal on rmksupplies.com as follows:From the top navigation tabs, select Floor 1 Overview.Under Office 1, select Office1.From the taskbar, open Chrome.Maximize the window for easier viewing.In the URL field, enter rmksupplies.com.Press Enter.At the bottom of the page, select Employee Portal.In the Username field, enter bjackson.In the Password field, enter $uper$ecret1.Click Login.You are logged into the portal as Blake Jackson. On IT-Laptop, copy the session ID detected in Ettercap as follows:From the top navigation tabs, select Floor 1 Overview.Under IT Administration, select IT-Laptop.In the Ettercap console, find bjackson's username, password, and session cookie (.login) captured in Ettercap.Highlight the session ID.Press Ctrl + C to copy. On Office2, go to rmksupplies.com and use the cookie editor plug-in to inject the session ID cookie as follows:From the top navigation tabs, select Floor 1 Overview.Under Office 2, select Office2.From the taskbar, open Chrome.Maximize the window for easier viewing.In Chrome's URL field, enter rmksupplies.com.Press Enter.In the top right corner, select cookie to open the cookie editor.At the top, select the plus + sign to add a new session cookie.In the Name field, enter .loginIn the Value field, press Ctrl + V to paste in the session cookie you copied from Ettercap.Make sure rmksupplies.com is in the Domain field.Select the green check mark to save the cookie.Click outside the cookie editor to close the editor. At the bottom of the rkmsupplies page, select Employee Portal.You are now on Blake Jackson's web session.
You are a cybersecurity consultant and have been asked to work with the ACME, Inc. company to ensure their network is protected from hackers. As part of the tests, you need to disable logging on a Windows system. In this lab, your task is to use Windows PowerShell (as Admin) to: View the current audit policies on the system. Disable all audit policies. Confirm that all the audits were disabled.
Complete this lab as follows: Right-click Start and select Windows PowerShell (Admin). Maximize the window for easier viewing. At the command prompt, type auditpol /get /category:* and press Enter to view the current audit policies.Notice the different settings used for each system. Type auditpol /clear /y and press Enter to disable all audit policies. Type auditpol /get /category:* and press Enter to confirm that the audits were disabled.Notice that all of the polices are now set to No Auditing.
You are a cybersecurity consultant and have been asked to work with the ACME, Inc. company to ensure that their network is protected from hackers. As part of the tests, you need to clear a few log files. In this lab, your task is to use Windows PowerShell (as Admin) to clear the following event logs: Use get-eventlog to view the available event logs. Use clear-eventlog to clear the Application and System logs.
Complete this lab as follows: Right-click Start and select Windows PowerShell (Admin). Maximize the window for easier viewing. At the prompt, type Get-Eventlog -logname * and press Enter.In the Entries column, notice the number of entries for the logs. Type Clear-Eventlog -logname Application and press Enter. Type Clear-Eventlog -logname System and press Enter. Type Get-Eventlog -logname * and press Enter.The log entries for Application is zero. The log entries for System is one because another event occurred between the times you cleared the log and viewed the entry list.
You are the IT security administrator for a small corporate network. You are performing vulnerability scans on your network. Use the Security Evaluator tool to run a vulnerability scan on the CorpDC domain controller. In this lab, your task is to: Run a vulnerability scan for the CorpDC domain controller using the Security Evaluator on the taskbar. Remediate the vulnerabilities in the Default Domain Policy using Group Policy Management on CorpDC. Re-run a vulnerability scan to make sure all of the issues are resolved.
Complete this lab as follows: Run a Security Evaluator report as follows:From the taskbar, open Security Evaluator.Next to Local Machine, select the Target icon to select a new target.Select Domain Controller.From the Domain Controller drop-down list, select CorpDC as the target.Click OK.Select Status Run/Rerun Security Evaluation icon to run the security evaluation.Review the results to determine which issues you need to resolve on CorpDC. From the top navigation tabs, select Floor 1. Under Networking Closet, select CorpDC. Remediate password issues in Account Policies as follows:From Server Manager, select Tools > Group Policy Management.Maximize the window for easier viewing.Expand Forest: CorpNet.local.Expand Domains.Expand CorpNet.local.Right-click Default Domain Policy and select Edit.Maximize the window for easier viewing.Under Computer Configuration, expand Policies.Expand Windows Settings.Expand Security Settings.Expand Account Policies.Select Account Lockout Policy.In the right pane, right-click the policy and select Properties.Select Define this policy setting.Enter 60 minutes and then click OK.In the left pane, select Password Policy.In the right pane, right-click the policy and select Properties.Select Define this policy setting.Enter the password setting and then click OK.Repeat steps 4q-4s for each additional Password policy. Remediate Event Log issues as follows:In the left pane, select Event Log.In the right pane, right-click the policy and select Properties.Select Define this policy setting.Enter the password setting and then select OK.Repeat steps 5b-5d for each additional Event Log policy. Remediate System Services issues as follows:In the left pane, select System Services.In the right pane, right-click the policy and select Properties.Select Define this policy setting.Make sure Disabled is selected and then click OK.Repeat steps 6b-6d for each additional System Services policy. Verify that all the issues were resolved using the Security Evaluator feature on the ITAdmin computer as follows:From the top navigation tabs, select Floor 1.Select ITAdmin.In Security Evaluator, select Status Run/Rerun Security Evaluation icon to rerun the security evaluation.If you still see unresolved issues, select Floor 1, navigate to CorpDC, and remediate any remaining issues.
You are the IT security administrator for a small corporate network. You are performing vulnerability scans on your network. Mary is the primary administrator for the network and the only person authorized to perform local administrative actions. The company network security policy requires complex passwords for all users. It is also required that Windows Firewall is enabled on all workstations. Sharing personal files is not allowed. In this lab, your task is to: Run a vulnerability scan for the Office2 workstation using the Security Evaluator on the taskbar. Remediate the vulnerabilities found in the vulnerability report on Office2 as follows:Rename the Administrator account.Disable the Guest account.Set the password for the Mary account to expire.Require a strong password for the Mary account.Unlock the Susan account.Remove the Susan account from the Administrators group.Turn on Windows Firewall for all profiles.Remove the file share on the MyMusic folder. Re-run a vulnerability scan to make sure all of the issues are resolved.
Complete this lab as follows: Run a Security Evaluator report as follows:From the taskbar, open Security Evaluator.Next to Local Machine, select the Target icon to select a new target.Select Workstation.From the Workstation drop-down list, select Office2 as the target.Click OK.Select Status Run/Rerun Security Evaluation icon to run the security evaluation.Review the results to determine which issues you need to resolve on Office2. From the top navigation tabs, select Floor 1. Under Office 2, select Office2. On Office2, right-click Start and select Computer Management. Expand Local Users and Groups. Select Users. Rename a user account as follows:Right-click Administrator and select Rename.Enter a new name and press Enter. Disable the Guest account as follows:Right-click Guest and select Properties.Select Account is disabled and then click OK. Set a new password as follows:Right-click Mary and select Set Password.Select Proceed.Enter a new password (12 characters or more).Confirm the new password and then click OK.Click OK.Ideally, you should have created a policy that requires passwords with 12 characters or more. Set a password to expire as follows:Right-click Mary and select Properties.Deselect Password never expires.Select User must change password at next logon and then click OK. Unlock a user account and remove the user from a group as follows:Right-click Susan and select Properties.Deselect Account is locked out and then click Apply.Select the Member of tab.Select the Administrators.Select Remove.Click OK.Close Computer Management. Enable Windows Firewall for all profiles as follows:In the search field on the taskbar, enter Control Panel.Under Best match, select Control Panel.Select System and Security.Select Windows Firewall.Select Turn Windows Firewall on or off.Under Domain network settings, select Turn on Windows Firewall.Under Private network settings, select Turn on Windows Firewall.Under Public network settings, select Turn on Windows Firewall.Click OK.Close Windows Firewall. Remove a file share as follows:From the taskbar, open File Explorer.Browse to C:\\MyMusic.Right-click MyMusic and select Properties.Select the Sharing tab.Select Advanced Sharing.Deselect Share this folder.Click OK.Click OK. Use the Security Evaluator feature to verify that all of the issues on the ITAdmin computer were resolved as follows:From the top navigation tabs, select Floor 1.Select ITAdmin.In Security Evaluator, select Status refresh to rerun the security evaluation.If you still see unresolved issues, select Floor 1, navigate to the Office2 workstation, and remediate any remaining issues.
You are the IT security administrator for a small corporate network. You're scanning your local network to determine potential vulnerabilities. In this lab, your task is to complete the following: Use Zenmap to determine the operating system of the hosts on your network. On ITAdmin, use net view to check for shared folders on CorpFiles12 and CorpFiles16. Map the H: drive to the Confidential folder on CorpFiles16. View the files in the Employee Records folder. Answer the questions.
Complete this lab as follows: Scan for operating systems on the network as follows:From the Favorites bar, open Zenmap.In the Command field, type nmap -O 192.168.0.0/24.Select Scan to scan the local subnet.In the nmap scan, find the identified operating systems.In the top right, select Answer Questions.Answer question 1.The nmap -O command may have a hard time recognizing the Windows OS, but can easily detect Linux. View the shared folders on CorpFiles12 and CorpFiles16 as follows:From top navigation tabs, select IT Administration.On the ITAdmin monitor, select Click to view Windows 10.Right-click Start and select Windows PowerShell (Admin).At the prompt, type net view corpfiles12 and press Enter.Type net view corpfiles16 and press Enter. Map the H: drive to the Confidential folder on CorpFiles16 as follows:Type net use \\corpfiles16\confidential h: and press Enter.Type h: and press Enter to change to the H: drive. View the files in the Employee Records folder as follows:Type dir and press Enter to view the folders available on the drive.Type cd Employee Records and press Enter.Type dir and press Enter to view the employee records.Answer question 2.Select Score Lab.
As the cybersecurity specialist for your company, you're performing a penetration test. As part of this test, you're checking to see if the Security Account Manager (SAM) passwords from a Windows system can be cracked using John the Ripper. In this lab, your task is to crack the SAM passwords as follows: On Office 1, use pwdump7 to export the contents of the SAM to SAMhash.txt. This machine has already been booted into a recovery mode, allowing you to use Troubleshoot > Advanced > Command Prompt to access the SAM file. Copy the exported file to the thumb drive (g: drive) and then move the thumb drive to the IT-Laptop computer. After the thumb drive is inserted, it is automatically mounted to /media/root/ESD-USB/. On IT-Laptop, crack the password using the echo and John the Ripper commands.Use the cat command to display the password hash file that was copied to the thumb drive. Do NOT run the echo or John the Ripper commands from the thumb drive.
Complete this lab as follows: Use pwdump7 to create a text file containing the SAM password hashes and copy the new file to the thumb drive as follows:From the recovery dialog, select Troubleshoot.Select Advanced options.Select Command Prompt.Type pwdump7 > SAMhash.txt and press Enter.Type copy SAMhash.txt g: and press Enter. Move the thumb drive from Office 1 to the IT-Laptop computer as follows:From the top navigation tabs, select Office 1.Select the USB Thumb Drive plugged into the front of the computer.Drag the USB Thumb Drive to the Shelf so you can access it later in the IT Administration office.From the top navigation tabs, select Floor 1 Overview.Under IT Administration, select Hardware.Above IT-Laptop, select Back to switch to the back view of the laptop.From the Shelf, drag the USB Thumb Drive to a USB port on the laptop computer.Above IT-Laptop, select Front to switch to the front view of the laptop.On the monitor, select Click to view Linux. Create a new hash file that contains the hash to be cracked as follows:From the Favorites bar, open Terminal.Type cat /media/root/ESD-USB/SAMhash.txt and press Enter.Type echo.Press the space bar.In the Admin line of the output, select the hash in the fourth field. Each field is separated by a colon. This is the hash value that needs to be cracked.Right-click the hash in the fourth field of the Admin line.Notice that the hash was pasted into the command line.Press the space bar.Type > SAMhash.txt.Press Enter. Use John the Ripper and the new hash file to crack the password as follows:Type john SAMhash.txt and press Enter.From the output, find the Admin's password.In the top right, select Answer Questions.Answer the questions.Select Score Lab.
