Ethical hacking assignment 2

Contents
1.0 Introduction............................................................................................................... 1
2.0 Operating system vulnerability........................................................................................ 2
2.1 Windows vulnerability.......................................................................................... 3
2.1.1 DoS vulnerability.................................................................................................. 3
2.1.2 Auto play vulnerability............................................................................................ 4
2.1.3 Clipboard vulnerability........................................................................................... 5
2.1.4 Register vulnerability.............................................................................................. 5
2.2 Linux vulnerability...................................................................................................... 6
2.2.1 Missing pointer checks............................................................................................ 6
2.2.2 Missing permission checks....................................................................................... 7
2.2.3 Buffer overflow..................................................................................................... 7
3.0 password cracking techniques......................................................................................... 8
3.0.1 Dictionary attack................................................................................................... 8
3.0.2 Brute forcing attack................................................................................................ 9
3.03 Hybrid Attack........................................................................................................ 9
3.0.4 Syllabus Attack................................................................................................... 10
3.0.5 Rule-Based Attack............................................................................................... 10
4.0 Tools for Hacking...................................................................................................... 11
4.0.1 Ophcrack........................................................................................................... 11
4.0.2 Offline NT password & Registry Editor.....................................................................12
4.0.3 Kon boot........................................................................................................... 13
4.0.4 Cain & Abel v4.9.56............................................................................................. 14
4.0.5 John the ripper password cracker.............................................................................. 15
5.0 Hacking Steps.......................................................................................................... 16
6.0 Demonstration.......................................................................................................... 18
7.0 Conculsion.............................................................................................................. 22
8.0 Referencing............................................................................................................. 23

Thinageran Rajenadran

Page 0

Ethical hacking assignment 2

1.0 Introduction.
Windows operating system is one of the well-known operating system in the world. It is
not just a well-known operating system but it is one of the wide used operating system as well.
This reason why windows as become this much popular among the user is because windows
operating system is one of the user friendly operating system and less expensive compare to the
other operating system. When compare the price of the operating system of course that the Linux
operating system is much cheaper than windows or it a free operating system. Although it a free
operating system but still it has fail to meet the requirement of the user friendly. Other than that
if we look at the percentage around 90% or the user uses the windows the preferable operating
system.

However now we that most of the user in world uses the windows but here is the question
is the windows operation system is safe to be used. As per research show that in 2002 the was
countless viruses such as Trojan, worm, and other else were found out. However according to the
research that most of the virus is design to attack the windows based operating system only.
Other than that, their also some study show that they a lot of security loop that are can be find in
the windows operating system.

Thinageran Rajenadran

Page 1

Ethical hacking assignment 2

2.0 Operating system vulnerability.

Operating system is something that is interacting between the hardware and the human
being. When it comes to the operating system there are many type of operating system that is
available in the market. The user has a wide Varity of choice on picking up the operating system
that their wanted to have. Even though there is wide range of operating system but still there is
only three type of operating system that dominates the world market operating system. There
three popular operating systems are known as the window operating system which the one of the
high used operating system compare to the others. The second operating system is Linux. The
Linux is a free operating system. The third operating system is known as the apple os. The apple
os is considered one of the one of the expensive operation system compare to the other two.
Other than that the apple os also is only compatible for apple product only.

Although this three operating system is the one that dominate the world but still there not
free from the vulnerability. However in this case each operating has its own vulnerability or
security flaws that can bring harm to own system. However when look into statistics it shows
that most usable operating system is the one that are having the most flaws or vulnerability that
could bring harm to the system.

Thinageran Rajenadran

Page 2

Ethical hacking assignment 2

2.1 Windows vulnerability

Windows is one of the ubiquitous operating system. According to the statistic most of end
user is prefer to use the windows platform as the operating system. Compare to the other two
major operating system windows are consider the most user friendly and lease expansive
operating system that are affordable and easy to use. Moreover unlike the apple operating
system, the widows operating are comparable with all type of hardware that is sold in the market.
Although the window operating system dominates the market but still it cant be specify as the
safes or zero vulnerability operating system. Yes most likely the all of the window operating
system in this world are designed which a few numbers of vulnerability that are needed to fix.
Some of most common vulnerability that can be found in from most of the windows operating
system is DoS, Remote Code Execution, Memory Corruption, Overflow, SQL Injection, XSS,
HTTP Response Splitting.

2.1.1 DoS vulnerability

Dos is stand for denial of service attack. Dos are types of attack that may interrupt of
suspend the services of the computer. Mostly the dos attack will launch to the network but it can
be used to float the CPU usage of the computer. According to the research the windows operating
system was found with few of software that install with the high potential of causing the Dos
attacks for example such as the MS14-006 update that was released in February 2015. According
to the Microsoft TechNet the update was released in order to fix the vulnerability of the ipv6 in
the windows 8, windows RT and windows server 2012 that can allow the denial of services
attack to the particular operating system.

Thinageran Rajenadran

Page 3

Ethical hacking assignment 2

2.1.2 Auto play vulnerability

Auto play is one type of features in the windows operating system. The auto play system
was introduced in windows xp operating system ever since that the auto play vulnerability take
place in the windows operating until this day. The auto play system was invented to make the life
of the end user to be easy. Basically the auto play is design to execute the code form the
removable device that has been plug into the computer. Actually it work in this way where when
the user plugs in the removable devices the system will automatically read the auto run script that
will tell the system what to execute form the removable device. Normally the auto run script will
written in the notepad file and it will be save as the hidden file into the removable devices such
as the once shown in figure 2.1.2a . Since the auto run script and the auto play function ha rights
to run without the knowledge of the user. The attacker can just write script to execute the file
content with the malicious program. One of the prefect examples that auto run script could affect
the computer with virus and malicious program is a virus that called as secure browsing. These
secure browsing viruses will automatic copy to the system when the user plugs in the infected
removable devices into the system. Basically the virus work in a simple way where the attacker
code a script into the auto run file in the removable device which will execute the virus when
auto play reads the file.

Figure 2.1.2a shows an example of auto run script.

Thinageran Rajenadran

Page 4

Ethical hacking assignment 2

2.1.3 Clipboard vulnerability

Clipboard is a type of software that has developed by windows operating system ad it

was install in the windows operating system as well. Clipboard is actually software that used to
data storage and transfer document or application via the copy and paste operations. According
the research the clipboard was confirmed as the zero day vulnerability in the windows kernel
system. According to security researcher this flaw was found in windows 7 window server 2008,
windows server 2003. According to the security research this clipboard can cause damage to the
operating system by having buffer overflows in windows kernel. The buffer overflows in kernel
can a result of elevation of privilege attacks to the system (jabulani leffall.2010).

2.1.4 Register vulnerability

Almost all of the windows configuration setting and option are stored in a hierarchical
database which the database is known as the windows registry. Window registry is considered as
the low level OS setting and it also used for the applications setting as well. As normal end user
the also able to access the registry and there can edit the setting of the operating system and also
the application that has been install thru the registry. However this registry editor program in the
window is not a secure program. The reason that put the program is not secure is the registry
program allow to edit the registry without the permissions of the user. Other that the registry files
also can be edit thru the cmd terminal. The only thing that the attacker need is windows install cd
to boot in the system and run the registry thru the cmd. As a result the attacker also can gain
privilege of the operating system thru the process and it also can post a serious threat to the end
user.

Thinageran Rajenadran

Page 5

Ethical hacking assignment 2

2.2 Linux vulnerability.

Linux is one of the operating system that is a similar to the UNIX. Compare to the
windows operating system Linux is less famous and it is prefer to be used by most of the end
user. Basically the Linux operating system is one of the open source operating system. When
come to open source operating system the end user who using the particular operating system
will be charge for the license of the product on the other word it free operating system. Other
than free operating system the Linux operating system also allows the user to modify the
operating system where the user can get access on the source code of the operating system. Even
though Linux is consider as free operating system and it also has no any type of virus for the
operating system but still it also offer a few vulnerability as well. Some of the common
vulnerability that are from the Linux operating system such as missing pointer checks, missing
permission check, integer overflows, uninitialized data, memory mismanagement, miscellaneous.

2.2.1 Missing pointer checks.

The missing pointer checker program normally comes from the Linux kernel. Mostly this type of
problem will occur at the kernel omits access ok check. By referencing to the research this
vulnerability may allow the denial of services attack to occur to the operating system. Other than
that this missing pointer checks also may cause the attacker to gain privilegas by leveraging a
bug. Normally his type problem will occur in operations like get_user. Which this does not
validate the value of the user.

Thinageran Rajenadran

Page 6

Ethical hacking assignment 2

2.2.2 Missing permission checks.
In this case the kernel must normally check on the operation and it also need to divide the
operation where only the privilege user can perform the operation. But in this case the kernel
fails to check the operation. Where the kernel performs the privilege operation without checking
and this may lead to the violation of kernel security. Whereby the attacker can exploit this
vulnerability and gain the access as the privilege user.

2.2.3 Buffer overflow

Buffer overflow occur to the operating system when the kernel incorrectly check the upper or
lower bound when accessing a buffer. Where the kernel will allocate a smaller buffer than what it
supposed to allocate. In this case, the attacker can exploit the vulnerability thru corrupting the
memory of the kernel. Other than that an adversary can mount privilege-escalation attacks by
overwriting nearby function pointers and subverting the kernels control flow integrity.

Thinageran Rajenadran

Page 7

Ethical hacking assignment 2

3.0 password cracking techniques

Password cracking is techniques that are used to find the password for the system. These
are the Normal classic way to gain access or to gain privileges to the computer system. There
few classic way to find out the password for the system, one of it can by guessing the password
that has been set by the user from known the about the user. Other than that according to research
that most of the people set their password by using the something that like the most for example
such as the name of someone that they like the most, car no, hand phone no. this are most type of
password that has been used by the user around. If these cases then guess the password for users
accounts will easy if the hacker knows the user well. Other than that there are also five types of
techniques that can be used to crack the password.

3.0.1 Dictionary attack

A dictionary attack is one of the ways to crack or break the password, or a way to break into a
password protected computer system. A dictionary attack also can be used to fine the key to
decrypt an encrypted document such the word document. Basically the dictionary attack work in
such way where the attack the based on a dictionary file. Whereby the dictionary file will loaded
into the cracking application that will run against the victim account. Normally the dictionary
will be filled with the list of word that can be possible password for that account. The cracking
application will run the word that contains in the dictionary file to find the password. Although
the dictionary attack is actually useful than brute force attack but still it can be used to attack the
system that uses the passphrases.

Thinageran Rajenadran

Page 8

Ethical hacking assignment 2

3.0.2 Brute forcing attack.

Brute force attack are simple process that can be understand and used the by the attacker easily
but protecting against the attack is not easily. The process of the brute force attack is stated by
RSA as exhaustive key search or as brute force search. This technique that brute force uses to
find the password is actually very easy where it tries every possible key by order until it find out
the correct key that matches the password. However since the brute force attack will use evert
single key to try to attack the system the brute force attack take a lot of time to break the
password. But still the process can speed up by using the grid computing system where by the
grid computing will speed up the cracking process by dividing the task.

3.03 Hybrid Attack

Hybrid attack is actually similar to the dictionary attack where by it also uses the dictionary file
to find out the password of the system. Even though it also use the dictionary file to attack but it
not fully some with the dictionary. Normally the dictionary attack will used to find out the
password for the system for first where the password was not been discover before. But the
hybrid attack normally it launched when the user change the password. But new password that
has been change by adding a new character only for example such the old password is pass and
the new password is pass2. This is when the hybrid attack is used to crack password. The hybrid
attack actually used the dictionary file to find one for one or two new character.

Thinageran Rajenadran

Page 9

Ethical hacking assignment 2

3.0.4 Syllabus Attack

Syllabus attack is one of the powerful attack compare to other attacking techniques. The syllabus
attack is a combination of the brute force attack which tried every single password for find the
matching password, and the dictionary attack which uses a word file to find out the password of
the system. Normally this type attack will be launched when the password is not an existing
word, whereby the attacker will use the dictionary and some other types of cracking techniques
to find out the password of the system.

3.0.5 Rule-Based Attack

Rule-based Attack is normally used when the attacker know some basic information on the
password that the victim has set. This rule based attack can considered as one of the powerful
attack as well due to the attacker knows the type of password that has been set for the system. An
example of the rule based is, when the attacker know the type of the password such password is
contain number and letter then the attacker can set the rules for type of the password the tool will
follow the techniques to crack the password.

Thinageran Rajenadran

Page 10

Ethical hacking assignment 2

4.0 Tools for Hacking

4.0.1 Ophcrack.
Ophcrack is one of the windows password cracking tools. Which according to the online
review the ophcrack is one of the best and fasters windows password cracking tools. Opcharck is
considered as one of the easy tools to crack the windows password. However the ophcrack is a
one of the free open source software. Normally all type of windows password will be stored in
LM hash key form which is one of the harder password to crack. However the ophcrack tools
used the rainbow tables as the main source to find the windows password. The program also
includes the ability to import the hash file that is from a wide range of format, which includes the
dumping directly for the window SAM files.

Most of the rainbow table for the LM hashes file can find for free. In this case the
ophcrack tool is included with the rainbow table that allows it to crack the password that is no
longer than 14 characters. Even though it is able to crack the password that is 14 character long
but still the password should be only build with alphanumeric characters. The ophcrack software
also is available in the live usb or live cd form as well. Where in this case the attacker do not
need to login in to system to crack the password the user can just boot up the cd or usb to run the
program.

Thinageran Rajenadran

Page 11

Ethical hacking assignment 2

4.0.2 Offline NT password & Registry Editor.
Offline NT password & Registry Editor is one of the tools that can be used to recover the
password for the windows operating system. However this program is design in way it will not
recover the password for the windows but instead of that it will delete the password of the
windows operating system. This is why that this cracking tools different than other cracking tools
such the ophcrack. The offline nt password & Registry editor tool can be download form the
website call pogostick.net. The tools will save in a zip file format where it needed to be extract
the iso file that are inside the zip file. This offline NT password &registry Editor is capable to
crack the password for the window 8(local account only).windows 7, windows vista, and
windows xp. However inorder to use the tool the tools must burn into a cd only. Which unlike
the ophcrack tool that can be used thru the live usb method.

Even though it only can be used if the tool is burn in cd but running the tool is similar to
the ophcrack tool. In-order to run this tool the need to boot into the victims personal computer.
However this tool is not included with the gui interface instead of that this tool is using the
normally command line terminal as the interface of the program.

Thinageran Rajenadran

Page 12

Ethical hacking assignment 2

4.0.3 Kon boot

Kon-boot is another windows password hacking tool that is the easiest and the fastest tool
to crack the windows password. However this tool is also one of the free version tools that can
be find and download thru online. This can tool is also available in this site www.piotrbania.com.
However the hacker also can learn how to use these tools from the site itself. Even though is
easy to use but still the download file of this tools will be in iso type file. The cons of the tool is
the tool only can use if the tool is burn into the cd. Where else it will not work if the tool is made
into the live usb.

However this tool is similar to the offline NT & registry editor tool where it will only
remove or reset the administrator password. This tool is also not similar to the ophcrack where it
does not have the option to recover the for the windows user. The interface of the tool is also
same with the offline NT password &registry editor tools where it also offers only the command
line interface. Although it offers the command line interface, the tool still has its own preset
option to select in order to perform the hacking process.

Thinageran Rajenadran

Page 13

Ethical hacking assignment 2

4.0.4 Cain & Abel v4.9.56

Cain & Abel is also a type of tool that can be used to crack the windows password.
Unlike the other tools the Cain &Abel are required to be installed in the operating system. In
order to do that the attacker need to have a work user account in the particular operating system.
In this way this tool is not consider as the best tools to hack the password for the windows
operating system for a hacker. If the person needs to retrieve or reset the password for their own
account then this tool is recommended to use.

However this tool can be installed in windows operating system as well the Linux
operating system. Plus this tool also can be downloaded for free thru the online from the website
oxide.net. even though this tools need to be install into the operating system but this tools still
offer the both option crack the password, which is the tool are able to reset the password as well
the tool is able recover the password by using the rainbow table. However the cons this tool is
the rainbow table is needed to download separately.

Thinageran Rajenadran

Page 14

Ethical hacking assignment 2

4.0.5 John the ripper password cracker.

John the ripper is also one of the types of tool that can be used to crack the windows
operating system password. The John the ripper tools are considers one of the popular tools that
can be used to crack the password. Other that this tool also is based on the open source code
where the user do not need to pay for the services. This john the ripper tool is man design for the
UNIX operating system. Other than that the john ripper tools also is install in some of the Linux
operating system as well such as the kali Linux which is design for penetration test.

However the john the ripper tools has a few type of password cracking techniques one of
it the dictionary attack where the john the ripper tool will use a dictionary file to find the
matching password for the system. Other than that john the ripper tools also offer the brute force
attack as well. Where it can be used to retrieve the password that uses the hash file.

Thinageran Rajenadran

Page 15

Ethical hacking assignment 2

5.0 Hacking Steps

Prepared tools to use to hack the windows 8.1 passwords is ophcrack.
Step 1 downloading the tools
The iso file of the ophcrack tools needed to be download form the ophrcrack website
After downloading the liv usb tools also need to be download to make the live usb or it can be
burn into the cd as well.
Step 2 making the bootable pen drive.
Once the live usb software is download run the application.
Once the application is run select the iso file and then insert the pendrive and run the software to
make the live usb.
Step 3 boots the tools into the system.
Insert the ophcrack live usb into the usb port and then restart the system.
Once you see the initial screen which the black screen that show before the windows start then
press on DEL button to interpret and enter into the setup mode.
Once you are in the setup mode select the usb storage as the boot up option. Then the ophcrack
tool will start boot up into the system.

Thinageran Rajenadran

Page 16

Ethical hacking assignment 2

Step 4 loads the tools and crack the password.
Once the boot option was selected as usd or cd then the tool will ask to choose the option to boot
into in this part we need choose the ophcrack graphic mode.
Then once the mode has been select the tool will automatically start to launched the attack and
try to find the password.

Thinageran Rajenadran

Page 17

Ethical hacking assignment 2

6.0 Demonstration.

Figure 6.0 a show to burn the tool into a cd.

Once the iso file for the tools has been finish insert a blank CD then use the window dise image
burner to burn the tool in to the CD.

Thinageran Rajenadran

Page 18

Ethical hacking assignment 2

figure 6.0 B
Once the tool has finished burn into the CD drive then we need to restart the system. To run the
tool.

Figure 6.0 C.
Once the system has reboot press on the f9 button to choose on the boot option.
Once you are in the boot option select on the internal cd drive to run the live cd.

Thinageran Rajenadran

Page 19

Ethical hacking assignment 2

Figure 6.0 D
Once boot up is complete the system will ask to select the mode that you wanted to enter into in
this part need select on the ophcrack graphical mode automatic to run the hacking tools.

Thinageran Rajenadran

Page 20

Ethical hacking assignment 2

Figure 6.0 E
Once the program start it will start cracking the password the administrator account in the
windows.

Figure 6.0 F
Once the software finish cracking the password then the system will automatically show the
password for the local administrator account.

Thinageran Rajenadran

Page 21

Ethical hacking assignment 2

7.0 Conculsion
In conclusion, there many type of tool that are available online that can be used to crack
the password not just for the operating system but the for other application as well. However
they is no any type operating system or application that are free form vulnerability or on the
word all software and operating system are created with the unknown vulnerability. But it
doesnt mean that the vulnerability will not be found of fix. However to reduce the vulnerability
as well to reduce the risk to get hack extra precocious needed to be take. such setting a strong
password could one, the reason of setting a strong password may avoid from getting hack is by
setting the strong password it will take a longer time to hack into the system.

Thinageran Rajenadran

Page 22

Ethical hacking assignment 2

8.0 Referencing
Jabulani Leffall. 2010. Zero-Day Windows Kernel Flaw Linked to Clipboard. [ONLINE]
Available at: http://mcpmag.com/articles/2010/08/09/zero-day-windows-kernel-flaw-linked-toclipboard.aspx. [Accessed 03 April 15].

Chin-Tser Huang. 2007. denial of service attack. [ONLINE] Available at:

http://www.cs.utexas.edu/users/chuang/dos.html. [Accessed 03 April 15].

Nicolas Economou. 2014. MS14-006: Microsoft Windows TCP IPv6 Denial of Service
Vulnerability. [ONLINE] Available at: https://blog.coresecurity.com/2014/03/25/ms14-006microsoft-windows-tcp-ipv6-denial-of-service-vulnerability/. [Accessed 03 April 15].

swiat. 2010. Registry vulnerabilities addressed by MS10-021. [ONLINE] Available at:

http://blogs.technet.com/b/srd/archive/2010/04/12/registry-vulnerabilities-addressed-by-ms10021.aspx. [Accessed 03 April 15].

cobb.m. 2007. How secure is the Windows registry?. [ONLINE] Available at:
http://searchsecurity.techtarget.com/answer/How-secure-is-the-Windows-registry. [Accessed 04
April 15].

Yarden .j. 2007. Be aware of this Windows registry vulnerability. [ONLINE] Available at:
http://www.techrepublic.com/article/be-aware-of-this-windows-registry-vulnerability/. [Accessed
04 April 15].

Thinageran Rajenadran

Page 23

Ethical hacking assignment 2

anon. 2007. conman vulnerability . [ONLINE] Available at: http://cve.mitre.org/cgibin/cvename.cgi?name=CVE-2010-4258. [Accessed 04 April 15].

anon. 2011. WINDOWS OPERATING SYSTEM VULNERABILITIES. [ONLINE] Available

at: http://www.ijccr.com. [Accessed 04 April 15].

margaret.r. 2005. what is dictionary attack. [ONLINE] Available at:

http://searchsecurity.techtarget.com/definition/dictionary-attack. [Accessed 04 April 15].

johan .l. 2013. brute force attack. [ONLINE] Available at:

http://www.howtogeek.com/166832/brute-force-attacks-explained-how-all-encryption-isvulnerable/. [Accessed 04 April 15].

Nakib Momin . 2014. 6 Most Common Password Cracking Methods And Their
Countermeasures. [ONLINE] Available at: http://www.coolhackingtrick.com/2014/01/6-mostcommon-password-cracking-methods.html. [Accessed 04 April 15].

Thinageran Rajenadran

Page 24