...Running Head: Lab Assignment: Password Cracking Using Cain and Abel Lab Assignment 1: Password Cracking Using Cain University of Maryland University College Fall 2015 Lab Report Provided below is a table of the different generated user accounts and their accompanied passwords, along with the methodology used to crack each and either the time it took to reveal the password or estimated time provided by Cain and Abel to generate a successful solution. NTLM HASH | | Brute Force | Dictionary Attack | User 1 | No result, due to estimated time > 4yrs | Password cracked in < 1min | UUser 2 | No result, due to estimated time > 4yrs | Password cracked in < 1min | UUser 3 | No result, due to estimated time > 4yrs | No result. Estimated Time > 3hrs. | Table1: NTLM password cracking results LM HASH | | Brute Force | Dictionary Attack | User 1 | Password cracked in < 3min | Password cracked in < 2 min | User 2 | Password cracked in < 3min | Password cracked in < 1min | User 3 | No result, estimated time >3hrs | No result, I stopped it after 5 min. | Table2: LM password cracking results 1. Explain the two different types of attacks that can be performed in Cain and Abel to crack user account passwords. Which do you think is the most effective and why? A dictionary attack uses a file containing words, phrases, common passwords, and other strings that are likely to be used as a password. Each word in the file...
Words: 1638 - Pages: 7
...1) Explain the two different types of attacks that can be performed in Cain and Abel to crack user account passwords. Which do you think is the most effective and why? For the assignment we utilized Cain & Abel password recovery tool for Microsoft Operating Systems. For this lab assignment we utilized Brute Force NT LAN Manager (NTUM) and LAN Manager (LM) and Dictionary NTLM and LM hashes. (Features overview, n.d.) Brute Force is a password cracking -technique that tries every combination of numeric, alphanumeric, and special characters until the password is broken or the user is locked out. Dictionary is a technique that runs a given password against each of the words in a dictionary (file of words) until a match is found or the end of the dictionary is reached. (p. 13) Cain and Abel couples Brute Force and Dictionary with LM and NTLM hash. Based on my lab experience, my assessment is that the Dictionary NTLM Manager is the better of the processes. The table below reveals that Dictionary NTLM delivered more favorable results over LM because this process uncovered the passwords in the shortest amount of time and recovered the passwords in their entirety. Table | Brute Force LM | Brute Force NTLM | Dictionary LM | Dictionary NTLM | User1 | No password, 6-8 hours | No password, estimated time 10 years | yes, 75 seconds | yes, 40 | User2 | No password, 6-8 hours | No password, estimated time 10 years | yes, 30 | yes, 25 | User3 | No password, 6-8 hours...
Words: 971 - Pages: 4
...1. Explain the two different types of attacks that can be performed in Cain and Abel to crack user account passwords. Which do you think is the most effective and why? Answer: The two different types of attacks that can be performed in Cain and Abel are Brute Force attack and a Dictionary attack. The Brute Force attack is a method of breaking a cipher in a word through every possible key. The extent of breaking the password depends greatly on the length of the password. Within the program Cain and Abel, Brute Force will look at all possible combinations of characters within the password to try and recover or crack the password than the dictionary attack. Brute Force cracking can take forever to find the password but it will eventually lead to a password being cracked (Ducklin, 2013). Dictionary attacks, also known as wordlist attacks, is a simple and more efficient way to crack passwords. Many people tend to use words listed in the dictionary for passwords. The program uses multiple dictionaries as well as technical and foreign language dictionaries as support to enable the cipher to be cracked. The downside to this type of password cracking is that if a word contains complex symbols, uppercase, lowercase, and numbers that are not in the dictionary, then the dictionary attack can be beat (Gibson, 2011). With working with Cain and Abel in class, I felt that the dictionary attack was more efficient in finding the password due to real life scenarios where individuals set passwords...
Words: 1190 - Pages: 5
...University of Maryland University College Final Exam Question 1 a) If I were to engineer a product that could be used to spy on users, the first thing I would install would be a rootkit. A rootkit is a clandestine kind of software that is designed to conceal that fact that an operating system has been compromised. They ultimately allow viruses and malware to hide from usual methods of detection, and permits continued privileged access to a computer. Rootkits allow for full control over a system, which means that existing software can be modified including detection software. Rootkit detection is difficult because a rootkit is activated before the operating system boots up and is able to subvert the software intended to find it (Vacca, 2013, pp. 53-54). The next step would then be to install spyware and use the rootkit to disguise it as necessary files that anti-spyware software will overlook. Once a user purchases this product and it is connected, off-site agents will be able to start collecting files and data and have the ability to access and control the infected devices. b) As a technology procurer for an organization, it is very important to do your research on your vendors. The legitimacy of the vendor needs to be verified and their workforce, production lines and supply chains need to be checked to ensure they have appropriate security measures and monitoring in place to safeguard against malicious activity. A security vulnerabilities assessment needs to be...
Words: 5301 - Pages: 22
...Lab Assignment 1 Questions 1. Explain the two different types of attacks that can be performed in Cain and Abel to crack user account passwords. Which do you think is the most effective and why? Cain and Abel is a MS operating password recovery instrument made for administrators and security professionals. Brute Force and Dictionary attacks through LM via Lan Manager and NTLM via NT LAN Manager hashes were used in the following assignment. Brute Force attack “is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies” (Rouse, 2006). This method is considered time consuming because it goes through all possible combinations of characters. Dictionary attack “is a method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password” (Rouse, 2005). In addition Cain and Abel has the ability to use Cryptanalysis attacks to break passwords, it is considered the fastest [time memory trade off method], being faster than brute force attacks while also not needing as much memory as dictionary attacks (Gates, 2006). During the lab assignment I found that Dictionary attack with NTLM was the most effective. It allows the user to select more search options like reverse, lowercase and uppercase…etc. It was the fastest method in cracking the passwords...
Words: 957 - Pages: 4
...that influence police conceptualizations of girls involved in prostitution in six U.S. cities and if the children are sexual exploitation victims or delinquents. It explains that sexually exploited children are vulnerable to this type of abuse. It explains that sexual exploitation of children (CSEC) as one of the most destructive forms of child abuse. It explains the international sexual trafficking of women and children. It includes data on the amount of women and children that are being trafficked and experiencing sexual exploitation. It includes a dissertation that includes an empirical study and a quantitative study. This study is the first of its kind to describe a sample of commercially, sexually exploited children in foster care. Empirical Peer Reviewed Articles Barnitz, Laura. (2001). Effectively responding to the commercial sexual exploitation of children: A comprehensive approach to prevention, protection, and reintegration services. Child Welfare: Journal of Policy, Practice, and Program, Vol 80(5), Special issue: International Issues in Child Welfare. pp. 597-610. This peer reviewed journal explains sexual exploitation of children (CSEC) as one of the most destructive forms of child abuse. The efforts that have been made by individuals to stop the trafficking...
Words: 3767 - Pages: 16
...Protecting Your Network UMUC CSEC 610 April 16, 2015 David Gianna Introduction According to Beaver (2010), to have a secure operating systems and applications, you need to have a secure network. Devices such as routers, firewalls, and even generic hosts (including servers and workstations) must be assessed as part of the ethical hacking process. There are thousands of possible network vulnerabilities, equally as many tools, and even more testing techniques. You probably don’t have the time or resources available to test your network infrastructure systems for all possible vulnerabilities, using every tool and method imaginable. Instead, you need to focus on tests that will produce a good overall assessment of your network. Beaver (2010), also states that when you assess your company’s network infrastructure security, you need to look at as the following: * Where devices, such as firewalls or IPS, are placed on the network and how they’re configured. * What external attackers see when they perform port scans, and how they can exploit vulnerabilities in your network hosts. * Network design, such as Internet connections, remote access capabilities, layered defenses, and placement of hosts on the network. * Interaction of installed security devices, such as firewalls, IPSes, antivirus, and so on. * What protocols are in use. * Commonly attacked ports that are unprotected. * Network host configurations. * Network monitoring and maintenance...
Words: 2274 - Pages: 10
...CSEC 610, University of Maryland University College July 12, 2014 Cybersecurity Vulnerabilities Facing IT Managers Cybersecurity Vulnerabilities Facing IT Managers Table of Contents Introduction ………………………………………………………………………………………………………………… 3 Types of Vulnerabilities ………………………………………………………………………………………………. 5 Important Vulnerability, Impact & Solutions ……………………………………………………………….. 8 References …………………………………………………………………………………………………………………… 12 Cyber-security demands are ever increasing in the field of Information Technology with the globalization of the internet. Disruptions due to cyber-attacks are affecting the economy, costing companies billions of dollars each year in lost revenue. To counter this problem corporations are spending more and more on infrastructure and investing to secure the cyber security vulnerabilities which range anywhere from software to hardware to networks and people that use them. Due to the complexity of information systems that interact with each other and their counter parts, the requirement to meet specific cyber security compliances have become a challenging issues for security professionals worldwide. To help with these issues, security professionals have created different standards and frameworks over the years for addressing this growing concern of vulnerabilities within enterprise systems and the critical information they hold (“Critical Security Controls,” n.d.). Before we get into the details let first examine what exactly...
Words: 2784 - Pages: 12
...iTrust Database Software Security Assessment Security Champions Corporation (fictitious) Assessment for client Urgent Care Clinic (fictitious) Amy Wees, Brooks Rogalski, Kevin Zhang, Stephen Scaramuzzino and Timothy Root University of Maryland University College Author Note Amy Wees, Brooks Rogalski, Kevin Zhang, Stephen Scaramuzzino and Timothy Root, Department of Information and Technology Systems, University of Maryland University College. This research was not supported by any grants. Correspondence concerning this research paper should be sent to Amy Wees, Brooks Rogalski, Kevin Zhang, Stephen Scaramuzzino and Timothy Root, Department of Information and Technology Systems, University of Maryland University College, 3501 University Blvd. East, Adelphi, MD 20783. E-mail: acnwgirl@yahoo.com, rogalskibf@gmail.com, kzhang23@gmail.com, sscaramuzzino86@hotmail.com and Chad.Root@gmail.com Abstract The healthcare industry, taking in over $1.7 trillion dollars a year, has begun bringing itself into the technological era. Healthcare and the healthcare industry make up one of the most critical infrastructures in the world today and one of the most grandiose factors is the storage of information and data. Having to be the forerunner of technological advances, there are many changes taking place to streamline the copious amounts of information and data into something more manageable. One major change in the healthcare industry has been the implementation...
Words: 7637 - Pages: 31