Chapter 5 - Attacking a System Flashcards
Characteristics of LM Hashing
Splits the password up and all letters converted to uppercase. If it’s over 7 characters, it is padded to 14 characters and split 7 x 7. Easily cracked
What is the Ntds.dit ?
It’s a database file on the domain controller that stores passwords
What are the steps for Kerberos?
- Clinet asks Key Distribution Center (KDC) for ticket. 2. Server responsds with Ticket Granting Ticket (TGT). This is a secret key which is hashed and stored on server. 3. If client can decrypt it, the TGT is sent back to the server requesting a Ticket Granting Service (TGS) service ticket. 4. Server sends TGS service ticket which client uses to access resources,.
What tools can you use to crack Kerberos?
Kerbsniff, KerbCrack
HKEY_LOCAL_MACHINE (HKLM)
Information on hardware and software
HKEY_CLASSES_ROOT (HKCR)
Information oon file assocates and OLE classes
HKEY_CURRENT_USER (HKCU)
Profile information for the current user including preferences
HKEY_USERS (HKU)
Specific user configuration information for all currently active users
HKEY_CURRENT_CONFIG (HKCC)
Pointer to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current
What is the RID of the following: S-1-5 21-3623811015-3361044348-30300820 - 1013
1013 , RID is the Relative Identifier
/bin
Basic linux commands
/dev
Contains pointer locations to various storage and input/output systems
/etc
all admin files and passwords. Password and shadow files here
/home
holds user home directories
/mnt
holds the access locations you’ve mounted
/sbin
system binaries folder which holds more administrative commnds
/usr
holds almost all of the information, commands, and files unique to the users
Root has the UID and GID of what?
UID and GID of 0
The first user has the UID and GID of what?
UID and GID of 500
FAR vs FRR vs CER
False Acceptance Rate - Rate that a system accepts access for people that shouldn’t have it. False Rejection Rate (FRR) - Rate that a system rejects access for someone who should have it. Crossover Error Rate (CER) - Combination of the two; the lower the CER, the better the system
What are the system hacking goals?
- Gaining Access 2. Escalating Privilege 3. Executing Applications. 4. Hiding Files 5. Covering Tracks.
Password Attack: Non-electronic
Social engineering attacks - most effective.