Assignment Hippo Logo
LiveChat

Loading..

Cracking Apollo

Cracking Apollo – default settings stated it would take the time listed I the time left field to crack the single password.

Cracking Apollo – change to alpha numeric, lower and upper case – pwd length 1 – 8 character.  Did not register a time but was able to complete when the charset and length were changed.

Brute force remaining accts shown below.  Times were not different when doing one or three at a time.

This is the result of all brute force attacks.  Below is the result of doing a crack on all the accounts at the same time.  It was quick with the character set at alpha numeric and numbers. 

Results from Dictionary attack are shown below.  It was able to identify two passwords that used words on that list.  This did not take long to do and I was unable to capture overall time.

All Brute force and Dictionary attacks results – Cain main screen.  I ran a crack on all accounts at the same time which show how long it would take to go through every combination of the charset for passwords up to 8 characters

Results from Ophcrack.  It was able to crack the less complex passwords.

As you experiment with these password cracking tools, respond to the questions below as you share your findings in the project report.

  1. Which tool, on which operating system was able to recover passwords the quickest? Provide examples of the timing by your experimental observations. Ophcrack took less time overall 17 seconds however it did not identify the dictionary words. Cain took less time individually, and the dictionary ones were very quick. 
  2. Which tool(s) provided estimates of how long it might take to crack the passwords? What was the longest amount of time it reported, and for which username? Cain gives you an estimate of how long. Apollo 2.91528e+010 years. When the character set was changed and the passwd length was change to 8 it went almost immediately so did the rest of the accounts. 
  3. Compare the amount of time it took for three passwords that you were able to recover. Each of the 5 account that were cracked were to close for me to tell
  4. Compare the complexity of the passwords for those discussed in the last question. What can you say about recovery time relevant to complexity of these specific accounts? The smaller the password the faster the hack.  The dictionary hack tool very little time as well.  Both tools were unable to crack the more complex passwords.
  5. What are the 4 types of character sets generally discussed when forming strong passwords? How many of the 4 sets should you use, as a minimum?

Answer:  The 4 types of character sets generally discussed are uppercase and lowercase letters, numerals and special characters.  2 of each set is the standard minimum.

  1. What general rules are typically stated for minimum password length?

Answer:  As for a minimum, this varies per agency/organization.  A minimum of 6.  General rule is the longer the better, passwords of any size if salted would make rainbow tables (dictionary) attacks very unlikely.

  1. How often should password policies require users to change their passwords? Discuss the pros and cons of using the same username accounts and passwords on multiple machines.

Answer:  Standard password policies recommend anywhere between 30-60 days.  The pros for using the same password would be ease of access and laziness.  You only have to remember one password.  Cons are just the opposite, if the password was compromised, the username/password would work on all the accounts. 

  1. What are the ethical issues of using password cracker and recovery tools? Are there any limitations, policies or regulations in their use on local machines? Home networks? Small business local networks? Intranets? Internets? Where might customer data be stored?

Answer:  Ethical issues of using password cracker and recovery tools stem from intent.  If used for malicious activities they are bad.  There are no limitation, policies or regulations that limit these tools for use on privately owned machines or home networks.  In most businesses networks, intranets or internets the use of them is illegal if used for malicious intent.  Penetration testing teams sign rules of engagement before using these tools. 

  1. If you were using these tools for approved penetration testing, how might you get the sponsor to provide guidance and limitations to your test team?

Answer:  Before any penetration testing occurs, a rules of engagement must be completed by the sponsor and the security team doing the test. 

  1. Discuss any legal issues in using these tools on home networks in States, which have anti-wiretap communications regulations. Who has to know about the tools being used in your household?
  • The electronic Communications Privacy Act and the stored communications act make it illegal to intercept or gain unauthorized access to a spouse’s electronic media. Different states have different state laws. So in short, you can use them, but it is illegal to gain unauthorized access.

hihi


Want latest solution of this assignment

Want to order fresh copy of the Sample Template Answers? online or do you need the old solutions for Sample Template, contact our customer support or talk to us to get the answers of it.

Not the Exact Question you were looking for? Post your question for instant answers.
Make Money Online