GCIH - Book 4 Questions And Accurate Answers
Store only encrypted or hashed passwords - Answer Password representations
Windows stores passwords in the _________ database and in the _________ directory -
Answer SAM database and Active Directory
Linux systems typically store passwords in the. - Answer /etc/shadow file
Password spraying - Answer Attempting a couple common passwords on every possible
account.
THC Hydra - A Unix/Linux friendly password guessing tool. Supports dictionary based
guessing but not full brute force guessing and is able to guess passwords for more than
a dozen protocols
password cracking - The process of trying to guess or determine someone's plaintext
password when you have only their encrypted password
Dictionary Attack - Answer this is the quickest way. This is accomplished by trying all
words of a dictionary or word file against the password hashes.
Brute-Force attack - Answer: This is the most potent method to crack. It always
recovers the password but takes time. It tries every possible password until you
successfully crack it.
Hybrid Attack - An attack that expands on the dictionary attack method by adding
numerals and symbols to dictionary words.
, Hashcat - A very fast password cracker that leverages CUDA video drivers to
significantly enhance the speed of password cracking
Hybrid attacks are sometimes referred to as. - word mangling
John the Ripper - password cracker
By default, all Windows NT/2000/XP/2003 machines store two representations of each
password: - Answer LAMNAM hash and the NT hash
if an account has a password of 15 or more on Windows NT SP4+, 2000, XP and 2003,
the account won't have a LAMNAN hash - Answer True
No matter what the LANMAN hash is it can be cracked in BLANK days - Answer Five
Password salting-Answer is a random number used to seed the crypto algorithm.
Windows does not have this, though Linux does
Rainbow Tables-Answer Large pregenerated data sets of encrypted passwords used in
password attacks.
Cain and Abel-Answer a dynamic duo of security tools that you can use for either
attacking systems or administering them.
fgdump - Answer Briefly disables several anti-virus programs, dumps the password
hashes and then re-activates the AV program
Metasploit's hashdump - Answer grab hashes from the machine to pull hashes from the
registry or the run this command to pull the hashes from memory.
Store only encrypted or hashed passwords - Answer Password representations
Windows stores passwords in the _________ database and in the _________ directory -
Answer SAM database and Active Directory
Linux systems typically store passwords in the. - Answer /etc/shadow file
Password spraying - Answer Attempting a couple common passwords on every possible
account.
THC Hydra - A Unix/Linux friendly password guessing tool. Supports dictionary based
guessing but not full brute force guessing and is able to guess passwords for more than
a dozen protocols
password cracking - The process of trying to guess or determine someone's plaintext
password when you have only their encrypted password
Dictionary Attack - Answer this is the quickest way. This is accomplished by trying all
words of a dictionary or word file against the password hashes.
Brute-Force attack - Answer: This is the most potent method to crack. It always
recovers the password but takes time. It tries every possible password until you
successfully crack it.
Hybrid Attack - An attack that expands on the dictionary attack method by adding
numerals and symbols to dictionary words.
, Hashcat - A very fast password cracker that leverages CUDA video drivers to
significantly enhance the speed of password cracking
Hybrid attacks are sometimes referred to as. - word mangling
John the Ripper - password cracker
By default, all Windows NT/2000/XP/2003 machines store two representations of each
password: - Answer LAMNAM hash and the NT hash
if an account has a password of 15 or more on Windows NT SP4+, 2000, XP and 2003,
the account won't have a LAMNAN hash - Answer True
No matter what the LANMAN hash is it can be cracked in BLANK days - Answer Five
Password salting-Answer is a random number used to seed the crypto algorithm.
Windows does not have this, though Linux does
Rainbow Tables-Answer Large pregenerated data sets of encrypted passwords used in
password attacks.
Cain and Abel-Answer a dynamic duo of security tools that you can use for either
attacking systems or administering them.
fgdump - Answer Briefly disables several anti-virus programs, dumps the password
hashes and then re-activates the AV program
Metasploit's hashdump - Answer grab hashes from the machine to pull hashes from the
registry or the run this command to pull the hashes from memory.
