Once a hacker has gained access to a system, they may be stuck, if their credentials don't have administrator access. In this video, Lisa Bock explores way to escalate the privileges of a user to gain additional access to a system. Understand some of the tools hackers use, to better protect your own systems. Explore commands to turn a normal user, into an administrator.
- [Voiceover] When conducting penetration testing, the ethical hacker will most likely obtain a password from a less-defended account. At this point, you'll need administrator privileges in order to do any real modification to the system. We'll most likely take advantage of a vulnerability. Then, once accomplished, gain full local access and take a look around and see what services are running. Once I get in, I want to take a look and see if I can modify the integrity of the system.
I'll look for weak passwords on the system. I'll also take a look at the password files. In Windows, I'll try to access the SAM file and obtain the LAN Management hashes. On Linux, I'll access the etc/passwd file. There are also some software tools available out there. I'm at password-changer.com, and here we can see Active@ Password Changer. This is a password-resetting tool. And we can get in and change passwords easily for local administrators and users on Windows.
This is, at it says, in case Administrator's password is forgotten or lost. I'm on trinityhome.org, and Trinity Rescue Kit here. This is actually a free distro for Linux, which specifically aims at recovery and repair operations on Windows machines, but also can be used for Linux recovery issues. And then this web page here, we see at technet.microsoft.com, the ERD Commander. And this is within the Microsoft Diagnostics and Recovery Toolset.
And here we can see some of the things we can do. Edit the registry, regain access to a system, or diagnose a system failure. I'm in Windows Server 2008. I've obtained the administrator's password, which was a weak password. Now, I'll take a look around. I'll go into the Command Prompt and Run as administrator. And once in, I'll take a look and see who's in the system. And here we can see, we have the Administrator, Guest, and Lisa Bock.
I'll clear the screen. Now, because I'm in here, I know the administrator has a weak password. What I'll probably want to do is change that password by one character just to give myself a little more time to look around. With that command, net user administrator with an asterisk, it'll ask me to type a password for the user. Again, just changing it by one character. Retype to confirm. And now I've changed the password.
I'll clear the screen. Now I'm in, let's take a look at the hostname. Okay, how about the firewall state? All right, great. We'll clear the screen. Last thing I'll do, I'll just take a look at what the operating system is. I have a suspicion, but let's confirm. All right, this is the command, and I'll check the operating system.
And we see it is Server 2008 Datacenter, Service Pack 1. And the last thing you should do is go back in and change the administrator password back to what it was after you've cleaned up and removed any evidence that you were there. And now we can exit the system.
These tutorials, along with the other courses featured in the Ethical Hacking series, will prepare students to pass the Certified Ethical Hacker exam and start a career in this in-demand field. Find out more about the exam at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- Acquiring passwords
- Generating rainbow tables
- Understanding where passwords are stored
- Defending against privilege escalation
- Understanding spyware
- Protecting against keylogging
- Detecting steganography
- How hackers cover their tracks