People's Public Security University of China
Chinese people’ public security university
cyber countermeasures
experimental report
Experiment 3 |
password cracking technology |
student name |
Zhang Jiuqi |
grade |
2015 |
District team |
5 |
mentor |
Takami |
School of Information Technology and Cyber Security
November 7 , 2016 _ _ _
General outline of experimental tasks
20 1 6 —20 1 7 First semester of the 7th grade
1. The purpose of the experiment
1. Deepen and digest the teaching content of this course, and review the Internet search skills, methods and techniques learned;
2. Understand and be familiar with Internet resources such as commonly used encryption algorithms, encryption and decryption tools, and cracking tools, and crack a given ciphertext, encrypted file, and system password;
3. To achieve the purpose of consolidating course knowledge and practical application.
2. Experimental requirements
1. Carefully read the content of each experiment. For topics that require screenshots, clear screenshots should be taken and the screenshots should be marked and explained.
2. The document requires a clear structure, accurate graphic and textual expression, and standardized labeling. The reasoning content is objective, reasonable and logical.
3. Software tools can use john the ripper or hydra, dictionary generator, pwdump7, etc.
4. After the experiment is over, keep the electronic documentation.
3. Experimental steps
1. Prepare
Prepare for the experiment in advance. Before the experiment, you should have a detailed understanding of the experimental purpose, experimental requirements and experimental content, be familiar with and prepare the software tools for the experiment, and prepare the experimental content in advance according to the experimental content and requirements.
2. lab environment
Describe the hardware and software environment (including various software tools) used in the experiment;
Boot and start the software office2003 or 2007, browser, encryption and decryption software.
3. experiment procedure
1) Start the system and start the tool software environment.
2) Use software tools to realize the experimental content.
4. experimental report
Write the experimental report according to the unified required experimental report format. Embed the document written according to the template format into the experimental report document, the document should be written according to the prescribed writing format, and the tables should have tables and graphs and pictures.
Tools are here (access on campus website)
http://121.194.212.168/eol/homepage/course/layout/page/index.jsp?courseId=14280
Teaching materials, related tools and samples on the left
Task (1)
1. Please decrypt the following string 35556C826BF3ADDFA2BB0F86E0819A6C. (with screenshot)
2.
This seems to be a piece of lyrics, please tell me the song name after decryption.
V2hlbiBJIGFtIGRvd24gYW5kLCBvaCBteSBzb3VsLCBzbyB3ZWFyeTsKV2hlbiB0cm91YmxlcyBjb21lIGFuZCBteSBoZWFydCBidXJkZW5lZCBiZTsKVGhlbiwgSSBhbSBzdGlsbCBhbmQgd2FpdCBoZXJlIGluIHRoZSBzaWxlbmNlLApVbnRpbCB5b3UgY29tZSBhbmQgc2l0IGF3aGlsZSB3aXRoIG1lLgpZb3UgcmFpc2UgbWUgdXAsIHNvIEkgY2FuIHN0YW5kIG9uIG1vdW50YWluczsKWW91IHJhaXNlIG1lIHVwLCB0byB3YWxrIG9uIHN0b3JteSBzZWFzOwpJIGFtIHN0cm9uZywgd2hlbiBJIGFtIG9uIHlvdXIgc2hvdWxkZXJzOwpZb3UgcmFpc2UgbWUgdXDigKYgVG8gbW9yZSB0aGFuIEkgY2FuIGJlLgpZb3UgcmFpc2UgbWUgdXAsIHNvIEkgY2FuIHN0YW5kIG9uIG1vdW50YWluczs=
Task (2)
Windows system password cracking
1. In the windows xp system, use net user gao gao123 /add to add the account of user gao and password gao123 (username and password can be set by yourself); and use the net user command to confirm that the user is added successfully.
2. Use the pwdump software to export the local sam file
The encrypted string of the newly added account and its password in the sam file
3. Use saminside software to import sam.txt and crack it, pay attention to configuring dictionary cracking and brute force cracking
If it takes a long time to crack the LM value of a complex password, you can use the online cracking method.
http://www.objectif-securite.ch/ophcrack.php
Task (3)
Memory password extraction
Set a strong password for the Administrator user in the system.
Use the minikatz tool to extract the system password, which involves two commands
The first item: privilege::debug //Elevate privileges The second item: sekurlsa::logonpasswords //Grab the password
Download minikatz:
https://pan.baidu.com/s/1n6WGubUCMPRsvtisY-jBpA
Task (4)
Remote service password cracking
The two students cooperated to complete. Student A built an FTP server, created a new user, and set a login password.
2.B classmates use hydra to crack the dictionary of the ftp user's password. There is a command syntax for using the software in hydra. The dictionary file needs to be generated by yourself .
Task (5)
App password cracking
Use Rar crack software to crack, give the password of the RAR target file, and view the contents of the compressed package
Both the cracked software and the RAR target are in the links given earlier.