Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

7. eCPPTv2 > Windows Passwords > Flashcards

Windows Passwords Flashcards

1
Q

Where are all Windows passwords (except DC) stored?

A
  • the SAM (Security Accounts Manager)
  • a database stored as a registry file
  • C:\Windows\System32\config
  • HKEY_LOCAL_MACHINE\SAM
  • not accessible while the OS is running
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the Windows password hashing formats?

A
  • LM

- NT (all passwords from Windows 2000 are stored as NT)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How can Windows passwords be Remotely dumped?

A
  • passwords are dumped from the memory of the remote system, by loading a password dumping program remotely
  • requires at least an administrative account
  • pwdump, fgdump, ophcrack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How can you use Metasploit to remote steal Windows hashes?

A
  • getuid

- run hashdump

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How can you steal Windows hashes locally?

A
  • requires physical access to the machine
  • 2 methods:
    • Running system: local admin; download hashes from memory
    • Off-line system: decrypt the SAM stored in SYSTEM file
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Off-line steal Windows hashes with Kali?

A
  • Boot Kali on the Windows system
  • Mount the partition where Windows is installed (/mnt/sda1/WINDOWS/system32/config)
  • samdump2 SAM syskey.txt > ourhashdump.txt
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are some tools to crack Windows hashes?

A
  • John the Ripper
  • ## ophcrack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

7. eCPPTv2 (3 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions