This is my last entry for the COMSEC1 Learning Log 😦 This maybe the last entry for this subject but I know we’re going to have another learning log in our COMSEC2 :)) I just hope that Sir Justin is our COMSEC2 professor next term because there is a possibility that another professor would take the COMSEC2 subject. I like Sir Justin’s way of teaching because not only the lessons are full of knowledge, but also he demonstrates to us on how to use the tools that are needed in our course. I learned many things from this course; Auto It, which lets the user to create a script that would automate some programs in Windows. Reconnaissance, gathering information about the target. Nmap, a useful tool to use in port scanning and network scanning, and also many other tools that we’ve tried and discussed during the period of this course.
After this two weeks, we learned about Gaining access and Maintaining access. Gaining access means that you try to access your target’s system. This could be done by trying numerous techniques to bypass the system. These techniques could be the following: guessing the password, using a keylogger to capture the password, and other methods that could help extract the password information from the user. After gaining access, there are some steps to follow to maintain access of the system. This is important because if the user wants to access the system in another given time, he/she should follow these steps so that he/she could still use the system. The first step is to elevate the privilege of the user’s account once you’ve gain access. The reason is that some features may be disabled on the normal user level and some features require administrator intervention so that the feature could proceed. After the user is turned into an administrator level account, the next step is to disable the firewall of the computer. With the firewall disabled, the attacker could now communicate with the bypassed system in any given time. At first, I thought that extracting the password from the users was difficult but after some demonstration from Sir Justin, I saw that there is an application where in it could extract the contents of the password file, and the name of the tool is pwdump. We tested pwdump on a Windows XP based computer and it successfully extracted the password hashes of the user accounts on Windows. I was excited to see the results and I wanted to do the next step which was converting the hash values of the password into readable output. Cool right? :))
Using john the ripper, a password cracker, uses the technique of hashing a guessed string of letters and numbers that could be the possible password into a hash value and then comparing it to the hash value of the password extracted from the password file. It repeats the process until it successfully matches the correct hashing value to the password hashed value. After this subject, I guess I’ll still explore more about the tools being used in the computer security section. Now that I have a Kali Linux running in my virtual machine, I could explore the different tools inside Kali. Even though our subject is about to end, I don’t know what awaits us in our COMSEC2 class because what we’ve discussed here in our COMSEC1 class is just a part of a much larger definition of security in computers. I can’t wait!! 🙂 Thanks for reading 🙂