In the left pane of Computer Management, click the Check the " Password never expires" box.Clear the " User must change password at next logon" box.Password: Put your own name here with enough added characters to make it at least 20 characters long.In the "New User" box, enter these values, as shown below: In Computer Management, in the left pane, expand the Impossible to recover from password hashes. The password will be 20Ĭharacters long, which makes it difficult or Windows target remotely and steal the password You will use a Java attack to take control of a Windows stores the passwords of currently logged-on Will steal the password right off the machine.ĭon't do this to anyone without permission, WARNING This is a really powerful attack-you You could use an earlier version, such as Windows XP, by omitting the bypassuac step. A BackTrack 5 R3 Linux machine, real or virtual.Try searching through the files for images.Project 5x: Stealing Windows Passwords Remotely (15 pts.) Project 5x: Stealing Windows Passwords Remotely (15 pts.) What You Need This is a strong point of Autopsy: it findsĪll four timestamps, while FTK finds only In the search results page, at the upper right, clickĪt the top left of the next screen, click the Save the image with the filename " Your Name Proj 16". YOU MUST SUBMIT A WHOLE-DESKTOP IMAGE FOR FULL CREDIT. Make sure your screen shows an obviously incriminatingĬlick in the host system, on the taskbar.Ĭapture the whole desktop with the PrintScrn button. When you find an incriminating email message, Item they aren't grouped into the 22 files for you the wayįTK did, and the preview is poorly formatted so you can only seeĮven with those inconveniences, you should be able toįind the incriminating email message you found in the FTK Notice how clumsy this is-you need to use the mouse to click each On the left side, click the first few blue Ascii links to see the details of the hits in the right pane, as shown below. It finds "120 hits", as shown below on this page: In the search box, type anon as shown below. In the next window, click the "Keyword Search" tab. The "Select a volume to analyze or add a new image file" window appears, as shown below on this page. The next screen shows the MD5 hash, ending in 4419, In the "Image File Details" section, click the " Calculate the hash value for this image" button, as shown below. In the "Add a New Image" window, enter in these options, as shown below on this page: In the next window, click the " Add Image File" button. In the "Adding host" window, click the " Add Image" button. In the "Add a New Host" window, accept the default options and click the " Add Host" button. In the "Creating Case" window, click the " Add Host" button. Replacing "Your-Name" with your own name. In the Autopsy window, click the " New Case" button. You will see a warning that Javascript is enabled. Autopsy opens, as shown below on this page. Known file database, and the second answer isįrom the BackTrack menu, click Applications, Internet, " Firefox Web Browser". Now answer two questions: the first answer Now find the directory that contains autopsy with We solved that problem with this process inįirst execute this command to install autopsy: Troubleshooting: On some older versions ofīackTrack, Autopsy won't launch this way. The program launches, printing the text shown below on this page. The MD5 should match the value shown below, 001įile extension, and calculate the MD5 hash of the evidence They download the file, extract it, rename it to remove the. In the Linux VM, open a Terminal window and execute these commands. Log in with a user name of root and a password of toorĮnter this command, followed by the Enter key: You could also use DEFT or Kali Linux, but make sure you are using an installed VM, not a boot disk. CNIT 121 Proj 16: Sleuthkit and Autopsy (15 pts.) CNIT 121 Proj 16: Sleuthkit and Autopsy (15 pts.) What You Need for This Project
0 Comments
Leave a Reply. |