Exam (elaborations)
GCIH - Book 4 Questions And Accurate Answers
- Course
- Institution
GCIH - Book 4 Questions And Accurate Answers...
[Show more]
Content preview
GCIH - Book 4 Questions And Accurate AnswersStore only encrypted or hashed passwords - Answer Password representations
Windows stores passwords in the _________ database and in the _________ directory -
Answer SAM database and Active Directory
Linux systems typically store passwords in the. - Answer /etc/shadow file
Password spraying - Answer Attempting a couple common passwords on every possible
account.
THC Hydra - A Unix/Linux friendly password guessing tool. Supports dictionary based
guessing but not full brute force guessing and is able to guess passwords for more than
a dozen protocols
password cracking - The process of trying to guess or determine someone's plaintext
password when you have only their encrypted password
Dictionary Attack - Answer this is the quickest way. This is accomplished by trying all
words of a dictionary or word file against the password hashes.
Brute-Force attack - Answer: This is the most potent method to crack. It always
recovers the password but takes time. It tries every possible password until you
successfully crack it.
Hybrid Attack - An attack that expands on the dictionary attack method by adding
numerals and symbols to dictionary words.
, Hashcat - A very fast password cracker that leverages CUDA video drivers to
significantly enhance the speed of password cracking
Hybrid attacks are sometimes referred to as. - word mangling
John the Ripper - password cracker
By default, all Windows NT/2000/XP/2003 machines store two representations of each
password: - Answer LAMNAM hash and the NT hash
if an account has a password of 15 or more on Windows NT SP4+, 2000, XP and 2003,
the account won't have a LAMNAN hash - Answer True
No matter what the LANMAN hash is it can be cracked in BLANK days - Answer Five
Password salting-Answer is a random number used to seed the crypto algorithm.
Windows does not have this, though Linux does
Rainbow Tables-Answer Large pregenerated data sets of encrypted passwords used in
password attacks.
Cain and Abel-Answer a dynamic duo of security tools that you can use for either
attacking systems or administering them.
fgdump - Answer Briefly disables several anti-virus programs, dumps the password
hashes and then re-activates the AV program
Metasploit's hashdump - Answer grab hashes from the machine to pull hashes from the
registry or the run this command to pull the hashes from memory.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Stetson. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
62890 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now