Module 06: Network Penetration Testing Methodology-Internal /5

Exercise 5: Auditing a Machine for Weak Passwords Using L0phtCrack

Scenario

Since security and compliance are high priorities for most organizations, attacks on a company or organization's computer systems take many different forms, such as spoofing, smurfing, and other types of denial-of-service (DoS) attacks. These attacks are designed to harm or interrupt the use of your operational systems.

Password cracking is a term used to describe the penetration of a network, system, or resource with or without the use of tools to unlock a resource that has been secured with a password. In this lab, we will look at what password cracking is, why attackers do it, how they achieve their goals, and what you can do to do to protect yourself. Through an examination of several scenarios, in this lab, we describe some of the techniques they deploy and the tools that aid them in their assaults and how password crackers work both internally and externally to violate a company's infrastructure.

In order to be an Expert Penetration Tester or a Security Administrator, you must understand how to crack administrator passwords. In this lab, we crack the system user accounts using L0phtCrack.

In this lab, being a security auditor, you will be running the L0phtCrack tool by giving the remote machine’s administrator user credentials. User accounts' passwords that are cracked in a short amount of time are considered to be weak, and you need to take certain measures to make them stronger. The objective of this lab is to help students learn how to:

• Extract the Administrators password using L0phtCrack

Lab Duration: 20 Minutes

1. Windows Server 2012 (Internal Network), click Ctrl+Alt+Delete.
   
2. In the password field click Pa$$w0rd and press Enter.
   

   You can use the Type Password option from the Commands menu to enter the password.

   
3. In this lab, we are going to audit user accounts on a machine to check for weak passwords using L0phtCrack.
   To install L0phtCrack, navigate to E:\ECSAv10 Module 06 Network Penetration Testing Methodology-Internal\L0phtCrack and double-click lc7setup_v7.0.15_Win64.exe.
   An Open File -Security Warning pop-up appears; click Run.
   Follow the wizard-driven installation steps to install L0phtCrack.
   

   While installing the application, a Program Compatibility Assistant pop-up appears, click Close.

   
4. On the Completing L0phtCrack 7 (Win64) Setup page, ensure to check Run L0phtCrack 7 (Win64) and click Finish to launch the L0phtCrack tool.
   
5. L0phtCrack 7 - Trial window appears. Click Proceed with Trial button.
   
6. A L0phtCrack 7 pop up appears; select Password Auditing Wizard option.
   
7. In the Introduction page of LC7 Password Auditing Wizard, click Next.
   
8. In the Choose Target System Type window select Windows: radio button and click Next.
   
9. In the Windows Import window, select A remote machine radio button and click Next.
   
10. In the Host field of Windows Import From Remote Machine (SMB) window, provide the IP address of Advertisement Dept. Subnet Dmachine and click Next. Here, the IP address of Advertisement Dept. Subnet D is 172.20.20.9.
    
11. In the Choose Audit Type window, select Quick Password Audit option and click Next.
    
12. In the Reporting Options window, leave the options set to default and click Next.
    
13. In the Job Scheduling window, select Run this job immediately and click Next.
    
14. In the Summary window, read the summary and click Finish.
    
15. A Perform Calibration? pop-up appears, check the Don't ask this question again option and click Yes to perform calibration.
    
16. The Calibration process begins as shown in the screenshot. This process takes some time.
    
17. After the calibration process is finished, click OK.
    
18. A caution box appears regarding changed LC7Agent on the remote machine as shown in the screenshot. Click Yes.
    
19. L0phtCrack will begin to decode the hashes. You can see the Progress bar in the lower right-hand corner of the window.
    Once done with the password auditing, it displays the weak passwords set for the respective user accounts present in Advertisement Dept. Subnet D machine as shown in the screenshot.
    
20. Click Reports tab on the left-pane and click Export Accounts Table in the Report Types box.
    Select HTML (Hypertext Markup Language)under Format: box and provide a name for the file and click Run Report Immediately.
    

    After clicking the Run Report Immediately button, a Warning pop-up window appears. Click Yes.

    
21. To save this session, navigate to MENU icon at the top left corner of the window and click Save Session option.
    
22. A Save Session As window appears on the screen. Select the destination location (here, Desktop), specify the file name as Credentialsand click Save.
    Now close the L0phtCrack window.
    
23. To open the saved result, navigate to Desktopand double-click the Credentials.lcs file to view result.
    
24. A L0phtCrack 7 - Trial reminder pop-up appears, click the Proceed With Trial button.
    
25. Now you can see the saved result in the L0phtCrack window.
    
26. Close all the open windows.

In this lab you have learnt how to extract the Administrators password using L0phtCrack.