Tải bản đầy đủ
Now die data (‘ My Swiss bank account number is 45656684512263 ”) is

Now die data (‘ My Swiss bank account number is 45656684512263 ”) is

Tải bản đầy đủ

Module 05 - System Hacking

readme2 - Notepad
File

Edit

Format

View

_



X

Help

H e l l o W o r ld !

(FIGURE
11.4: Contents of readme2.txt revealed with select all option

Lab Analysis
Analyze and document die results related to die lab exercise.

P L EA S E TALK TO Y OUR I N S T R U C T O R IF YOU HAVE Q U E S T I O N S
R E L A T E D T O T H I S L AB .

T o o l/U tility

In fo rm atio n C o lle cted /O b jec tiv es A chieved

Snow
Steganography

O u tp u t: You will see the hidden data inside N otepad

Lab Q uestions
1.

How would you lude die data of tiles widi secret data in other tiles?

2. Which encryption is used 111 Snow?
In te rn e t C o n n ectio n R eq u ired
□ Yes

0 No

P latform S upported
0 C lassroom

C E H L ab M an u al Page 373

0 !Labs

E th ical H a ck in g and C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 05 - System Hacking

Viewing, Enabling, and Clearing
the Audit Policies Using Auditpol
Ajidffpolis a con/n/andin Windons Server2012, Windons Server2008, and Windoirs Server
200J andis leqnhedforqueryingorconfgningan a!iditpolicyatthesnbcafespylevel
I CON KEY
I7 / Valuable
information
Test your
knowledge
** Web exercise
Workbook review

Lab Scenario
To be an expert ethical hacker and penetration tester, you must have sound
knowledge of footprinting, scanning, and enumeration. Tins process requires an
active connection to the machine being attacked. A hacker enumerates applications
and banners 111 addition to identifying user accounts and shared resources.
You should also have knowledge on gaining access, escalating privileges, executing
applications, luduig tiles, and covering tracks.

Lab Objectives
The objective o f tins lab is to help students learn:
‫י‬

How to set audit policies

Lab Environment
.^ T o o ls
dem onstrated in
this lab are
available in
D:\CEHTools\CEHv8
Module 05 System
Hacking

To earn‫ ־‬out the lab, you need:


Auditpol is a built-in com m and in Windows Server 2012



You can see the more audit commands from the following link:
h ttp :/ / technet.m icrosott.com /enus /library /cc731451 %28v=ws. 100/029.aspx for W indows Server 2012

‫י‬

Run diis on Windows Server 2012

Lab Duration
Time: 10 Minutes

C E H L ab M an u al Page

E th ica l H a ck in g and C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 05 - System Hacking

Overview of Auditpol
Aucftpd displays information
policies.

011

performance and functions to man^xiate audit

Lab Task
/get
Displays the current
audit policy.

1.

Select Start

2.

Administrator: A command prom pt will appears as shown 111 die following

Command Prompt.

figure.
‫־־‬

Administrator: Command Prompt

M ic r o s o f t Windows [U e r s io n 6 . 2 . 8 4 0 0 ]
2 012 M i c r o s o f t C o r p o r a t io n , f i l l r i g h t s r e s e r v e d .

/set
Sets the audit policy.

C :\U s e r s \A d m in i s t r a t o r >

/list
Displays selectable
policy elements.

FIGURE 12.1: Administrator Command Prompt in windows server 2012

3. To view all die audit policies, type die following command 111 die command
prompt:
/backup
Saves the audit policy to
a file.

C E H L ab M an u al Page 375

auditpol /get /category:*

4.

Press Enter.

E th ical H a ck in g and C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 05 - System Hacking

Administrator: Command Prompt

si

M i c r o s o f t Windows [ U e r s i o n 6 . 2 . 8 4 0 0 ]
2 0 1 2 M i c r o s o f t C o r p o r a t i o n . A l l ;r i g h t s
C :\U sers\A d n in i s t r a t o r > a u d i t p o 1 / g e t
S ystem a u d i t p o l i c y
C ategory/S ubcategory
S y s te m
S e c u r i t y System E x t e n s i o n
S ysten I n t e g r i t y
IPsec D riv e r
O th er S y ste n E vents
S e c u r i t y S t a t e Ch an g e
L ogon/Logoff
Logon
Logoff
Account Lockout
I P s e c Main Mode
I P s e c Q u i c k Mode
I P s e c E x t e n d e d Mode
S p e c i a l Logon
O th er Logon/Logoff Events
Netw ork P o l i c y S e r v e r
U se r / D evice C la i n s
O bject Access
F i l e S ystem
R egistry
K ernel O bject
SAM
C e r tif ic a tio n S ervices
A p p lic a tio n G en erated
H an d le M a n i p u l a t i o n
P il e S hare
F i l t e r i n g P l a t f o r m P a c k e t D ro p
F i l t e r i n g P la tfo rm C onnection
O th er O b ject A ccess Events
D e ta ile d F i l e Share
R em o v ab l e S t o r a g e
C e n tra l P o lic y S ta g in g
P r i v i l e g e Use
Non S e n s i t i v e P r i v i l e g e Use
O t h e r P r i v i l e g e Use E v e n t s
S e n s i t i v e P r i v i l e g e Use
D e ta ile d T racking
P rocess C rea tio n
P ro ce ss T erm in atio n
DPAPI A c t i v i t y
RPC E v e n t s
P o l i c y Ch an ge
A u t h e n t i c a t i o n P o l i c y Ch an g e
A u t h o r i z a t i o n P o l i c y C han ge
MPSSUC R u l e - L e v e l P o l i c y C ha n ge
F i l t e r i n g P l a t f o r m P o l i c y Ch an ge
O t h e r P o l i c y C h an g e E v e n t s
A u d i t P o l i c y C h an g e
A c c o u n t M an ag em ent

/ restore
Restores the audit policy
from a file that was
previously created by
using auditpol /backup.

/ clear
Clears die audit policy.

/remove
Removes all per-user
audit policy settings and
disables all system audit
policy settings.

reserved.

H

/category:♦•
S ettin g
No
No
No
No
No

A uditing
A uditing
A uditing
A uditing
A uditing

No
No
No
No
No
No
No
No
No
No

A uditing
A uditing
A uditing
A uditing
A uditing
A uditing
A uditing
A uditing
A uditing
A uditing

No
No
No
No
No
No
No
No
No
No
No
No
No
No

A uditing
A uditing
A uditing
A uditing
A uditing
A uditing
A uditing
A uditing
A uditing
A uditing
A uditing
A uditing
A uditing
A uditing

No A u d i t i n g
No A u d i t i n g
No A u d i t i n g
No
No
No
No

A uditing
A uditing
A uditing
A uditing

No
No
No
No
No
No

A uditing
A uditing
A uditing
A uditing
A uditing
A uditing

<|____________________ hi____________________ ____ [>
FIGURE 12.2: Auditpol viewing die policies

5. To enable die audit policies, type die following command 111 die command
prompt:
auditpol /set /category:"system",'"account logon" /success:enable
/failureienable

6.

Press Enter.
A d m in is tra to r: C om m and P ro m p t

/ resourceSACL
Configures global
resource system access
control lists (SACLs).

D ir e c t o r y S e r v ic e C hanges
D ir e c to r y S e r v ic e R e p lic a t io n
D e t a ile d D ir e c to r y S e r v ic e R e p lic a t io n
D ir e c to r y S e r v ic e A c c e ss
A c c o u n t L ogon
K e r b e r o s S e r v i c e T ic k e t O p e r a t io n s
O th e r A cco u n t Logon E v e n ts
K erb eros A u th e n tic a tio n S e r v ic e
C r e d e n tia l U a lid a tio n

No
No
No
No

A
A
A
A

u d it in g
u d it in g
u d itin g
u d it in g

No
No
No
No

A
A
A
A

u d it in g
u d itin g
u d it in g
u d itin g

C : \U s e r s \ A d m in is t r a t o r > a u d it p o l / s e t / c a t e g o r y : " s y s t e m " ," a c c o u n t
:e n a b le / f a i l u r e : e n a b l e
T he com m and u a s s u c c e s s f u l l y e x e c u t e d .

lo g o n 1

): M i s e r s \ A d m i n i s t r a t o r >

FIGURE 12.3: Auditpol Local Security Policies in Windows Server 2012

C E H L ab M anual Page 376

E th ical H a ck in g and C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.