Scribd Logo
Upload

Welcome to Scribd!

  • Lab 4

    Uploaded by

    Manar A.A
    32 views3 pages

    Original Title

    Lab 4(1)

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    32 views3 pages

    Lab 4

    Uploaded by

    Manar A.A

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    University of Bahrain

    College of Information Technology

    Department of Computer Engineering

    ITNE341 EXP. 4
    Attack tools
    - Task 1: Use a Software Keylogger

    A keylogger program captures everything that a user enters on a computer keyboard. In this
    project, you will download and use a software keylogger.
    The purpose of this activity is to provide information regarding how these programs function
    in order that adequate defenses can be designed and implemented. These programs should
    never be used in a malicious fashion against another user.
    1. Open your web browser and enter the URL: https://www.spyrix.com/download.php The
    location of content on the Internet may change without warning. If you are no longer able to
    access the program through the
    above URL, use a search engine to search for “Spyrix Personal Monitor”.
    2. Click products and compare the features of the different Spyrix products.
    3. Click download.
    4. Under Spyrix Free Keylogger click Free Download.
    5. When the file finishes downloading, install Spyrix and follow the default installation
    procedures.
    6. Click Finish to launch Spyrix.
    7. Click Skip to skip the wizard of set the program settings.
    8. Spyrix application in going to start, make sure to enable the logging.
    9. Now use your computer for several minutes as you normally would.
    10. Click the Spyrix icon in your system tray
    11. Under Events click ALL EVENTS to view everything that has been done on the
    computer. (Snapshot)
    12. Click Screenshots to show screen shots for the computer application and activities.
    (Snapshot)
    13. Click Program Activity to view the programs that you were using. (Snapshot)
    14. click keylogger to see the logged keyboard strokes. (Snapshot)
    14. Select several other options to view the keylogging and spy features of this program.
    15. Click Stop and then Exit.
    16. Enter your password and click OK.
    17. Close all windows.

    18. remove the Spyrix application.

    -Write a conclusion that talks about the best practice to prevent getting caught by keylogers.

    - Task 2: Use an Online Rainbow Table Cracker


    Although brute force and dictionary attacks were once the primary tools used by attackers to
    crack stolen digest passwords, more recently attackers have used rainbow tables. Rainbow
    tables make password attacks easier by creating a large pregenerated data set of candidate
    digests. In this project, you will create a hash on a password and then crack it with an online
    rainbow table cracker to demonstrate the speed of using rainbow tables.
    1. The first step is to use a general-purpose hash algorithm to create a password hash. Use
    your web browser to go to http://www.fileformat.info/tool/hash.htm
    The location of content on the Internet may change without warning. If you are no longer
    able to access the program through the above URL, use a search engine and search for
    “Fileformat.info”.
    2. Under String hash, enter the simple password apple123 in the Text: line.
    3. Click Hash.
    4. Scroll down the page and copy the MD4 hash of this password to your Clipboard by
    selecting the text, right-clicking, and choosing Copy. (Snapshot)
    5. Open a new tab on your web browser.
    6. Go to https://crackstation.net/
    7. Paste the MD4 hash of apple123 into the text box beneath Enter up to 10 non-salted
    hashes:.
    8. In the RECAPTCHA box, enter the current value being displayed in the box that says
    Type the text.
    9. Click Crack Hashes.
    10. How long did it take this online rainbow table to crack this hash? (Snapshot)
    11. Click the browser tab to return to FileFormat.Info.
    12. Click the browser tab to return to FileFormat.Info and experiment by entering new
    passwords, computing their hash, and testing them in the CrackStation site. If you are bold,
    enter a string hash that is similar to a real password that you use. Use a complex password
    that contains special characters, upper and lower characters, numbers
    Ex: Test@uob+20152675. (Snapshot)
    13. Go back to https://crackstation.net/
    14. Paste the MD4 hash of apple123 into the text box beneath Enter up to 10 non-salted
    hashes:.
    15. In the RECAPTCHA box, enter the current value being displayed in the box that says
    Type the text.
    16. Click Crack Hashes.
    17. How long did it take this online rainbow table to crack this hash? (Snapshot)

    18. What does this tell you about the speed of rainbow tables? What does it tell you about
    how easy it is for attackers to crack weak passwords?
    19. Close all windows.

    -Write a paragraph that talks about different types of password cracking attack types and what are
    the best practice to mitigate their risks.

    You might also like