Dumping sam hashes and using prorat tool lab

 Unlimited Attempts AllowedDetails

Virtual Labs:  Dumping and Cracking SAM Hashes to Extract Plain text Passwords

Consider what you have learned so far about Attack Vectors and Countermeasures as you review the objectives and scenario below.  Complete the 2 labs that follow on EC-Council’s website using the link below.

Objective Lab 1

The goal of system hacking is to gain access, escalate privileges, execute applications, and hide files. The objective of this lab is to help students learn to monitor a system remotely and to extract hidden files and other tasks that include:

  • Extracting administrative passwords
  • Hiding files and extracting hidden files
  • Recovering passwords
  • Monitoring a system remotely


Password hacking is one of the easiest and most common ways hackers obtain an unauthorized computer or network access. Although strong passwords that are difficult to crack (or guess) are easy to create and maintain, users often neglect this. Therefore, passwords are one of the weakest links in the information security chain.

Passwords rely on secrecy. After a password is compromised, its original owner isn’t the only person who can access the system with it. Hackers have many ways to obtain passwords. They can obtain passwords from local computers by using password-cracking software. To obtain passwords from across a network, they can use remote cracking utilities or network analyzers.

The labs in this module demonstrate just how easily hackers can gather password information from your network, and describe password vulnerabilities that exist in computer networks, as well as countermeasures to help prevent these vulnerabilities from being exploited on your systems.

Week 5 Lab Assignment 1: Dumping and Cracking SAM Hashes to Extract Plaintext Passwords

Lab Task:
The objective of this lab is to help students learn how to:

  • Use the pwdump7 tool to extract password hashes
  • Use the Ophcrack tool to crack the passwords and obtain plain text passwords

Lab Description:

The Security Account Manager (SAM) is a database file present on Windows machines that stores user accounts and security descriptors for users on a local computer. It stores users’ passwords in a hashed format (in LM hash and NTLM hash). Because a hash function is one-way, this provides some measure of security for the storage of the passwords.

In a system hacking life cycle, attackers generally dump operating system password hashes immediately after a compromise of the target machine. The password hashes enable attackers to launch a variety of attacks on the system, including password cracking, pass the hash, unauthorized access of other systems using the same passwords, password analysis, and pattern recognition, in order to crack other passwords in the target environment.

You need to have administrator access to dump the contents of the SAM file. Assessment of password strength is a critical milestone during your security assessment engagement. You will start your password assessment with a simple SAM hash dump and running it with a hash decryptor to uncover plaintext passwords.

Pwdump7 can also be used to dump protected files. You can always copy a used file by executing pwdump7.exe -d c:lockedfile.dat backup-lockedfile.dat. Rainbow tables for LM hashes of alphanumeric passwords are provided for free by the developers. By default, Ophcrack is bundled with tables that allow it to crack passwords not longer than 14 characters using only alphanumeric characters.

Rainbow tables for LM hashes of alphanumeric passwords are provided for free by the developers. By default, Ophcrack is bundled with tables that allow it to crack passwords not longer than 14 characters using only alphanumeric characters.

Objective Lab 2

With the help of malicious applications, attackers get access to stored passwords and can read personal documents, delete files, display pictures, and/or display messages on the screen.

According to a recent report by Symantec, more than 317 million new pieces of malware—computer viruses or other malicious software—were created in the year 2014. That means nearly one million new threats were released each day. Malware has the ability to perform various malicious activities that might range from simple email advertising to complex identity theft and password stealing. Malware programmers design code that:

  • Attacks browsers and track websites visited
  • Affects system performance, making it very slow
  • Causes hardware failure, rendering the computer inoperable
  • Steals personal information (including contacts, etc.)
  • Erases important information, resulting in potential huge loss of data
  • Attacks other computers from a single compromised system
  • Spams inboxes with advertising emails

The objectives of this lab include:

  • Creating a server and testing the network for attack
  • Detecting Malware
  • Attacking a network using sample Trojans and documenting all vulnerabilities and flaws detected


Malware poses a major security threat to information security. Malware writers explore new attack vectors to exploit vulnerabilities in information systems. This leads to ever more sophisticated malware attacks, including drive-by malware, “mal-advertising” (or “malvertising”), Advanced Persistent Threats, and so on. Though organizations try hard to defend themselves using comprehensive security policies and advanced anti-malware controls, the current trend indicates that malware applications are targeting the “lower-hanging fruit” of: under-secured smartphones, mobile applications, social media, and cloud services. The problem is further complicated because of threat predictions.

As McAfee stated in its Threats Report published in February 2015, “Small nation-states and foreign terror groups will take to cyberspace to conduct warfare against their enemies. They will attack by launching crippling distributed denial of service attacks or using malware that wipes the master boot record to destroy their enemies’ networks.” Assessing an organization’s information system against malware threats is a major challenge today because of the quickly-changing nature of malware threats.

Defenders need to be well versed in the latest developments in this field and understand the basic functioning of malware, as well as have an ability to select and implement controls appropriate to your organization and its needs. The labs in this module will provide a first-hand experience with various techniques that attackers use to write and propagate malware. You will also learn how to effectively select security controls to protect your information assets from malware threats.

Week 5 Lab Assignment 2: Creating a Server using the ProRat Tool

Lab Task:

The objective of this lab is to help students learn to detect Trojan and backdoor attacks. The objectives of this lab include:

  • Creating a server and testing the network for attack
  • Detecting Malware
  • Attacking a network using sample Trojans and documenting all vulnerabilities and flaws detected


Lab Description:

ProRat is a remote administration tool (RAT) written in C programming language and is capable of working with all Windows operating systems. The main purpose of this RAT is to access one’s own computers remotely. As with other Trojan horses, ProRat uses a client and server. It opens a port on the computer, which allows the client to perform numerous operations on the server (the victim machine). 

Some of the ProRat’s malicious actions on the victim’s machine:

  • Logging keystrokes
  • Stealing passwords
  • Full control over files
  • Drive formatting
  • Open/close CD tray
  • Hide taskbar, desktop, and start button
  • View system information

decorative image

Access the lab here: EC-Council | iLabs (Links to an external site.)

Submit proof of this assignment completion by uploading and submitting a screenshot of the graded lab from EC-Council Labs.  Refer to the Course Projects page for more information on project submissions. 

Calculate the price of your order

Choose an academic level, add pages, and the paper type you want.
To reduce the cost of our essay writing services, select the lengthier deadline.
We can't believe we just said that to you.

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
The price is based on these factors:
Academic level
Number of pages
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more

Why is Purdue Papers the Most Helpful Essay Writing Service for You?

  1. Custom-written and plagiarism-free papers: Our authors create their work from scratch. Before presenting them to clients, we routinely verify them for signs of plagiarism. Our quality assurance group also double-checks and fixes any grammatical errors, assuring that all of our authors adhere to the same standards of writing.
  2. The significance of timely delivery cannot be overstated, and we consistently strive to meet or exceed our clients' deadlines. Regardless of the short time frame, you can count on our writers to get the job done. We always have a team of writers ready to go, even if the deadline is only six hours away.
  3. Customer Satisfaction: Our customer service representatives are the best in the business and have a wealth of knowledge in dealing with clients. All our customer service representatives are trained to listen and reply promptly until you are satisfied with their service. To ensure you're happy, our expert writers will strictly follow the criteria to generate a special report. Our customer service may be contacted by chat, email, or phone. In addition, we provide round-the-clock assistance to all of our clients.
  4. Confidentiality: Our systems are safe, and your information is always protected. We're constantly looking for new facts when it comes to finishing your work. We use a safe and secure payment channel. Since our ordering process is completely anonymous, you don't have to provide any credit card information to place a purchase with us.
  5. Highly Trained Authors: Our writers have received extensive training and are committed to delivering only the best papers. They are fluent in APA, MLA, HARVARD, IEEE, CHICAGO, and AMA referencing styles. To meet your expectations, our skilled writers always pay close attention to your instructions.
  6. Lowered prices: We have set prices that are already discounted. Our prices are the best and affordable for all our esteemed customers.

Let Professionals Take Care of your Academic Paper