Electronic Books

In this example, I used W2KP.
Edit the last line to change the text to match the computer name as before.
This name should match the name as above. Click the Save The Options
And Lock The Computer button
.
Save The Options And Lock
The Computer
494
Practical Hacking Techniques and Countermeasures
The computer screen will now be ???Locked.??? Notice the username you
identified earlier is already filled in.
The user will enter his or her password.
Vulnerability Scanning
495
Even if the user enters the correct password, he or she will receive the
following error screen. Click OK.
The idea is to have a user with Administrative privileges log into the
computer to allow the user to reset his or her password since he or she has
apparently ???forgotten??? his or her password.
*Note: With remote Administrative applications in an abundant supply, this tool is
only effective if the user can get a user with Administrative privileges to log
in locally. In this example, the Administrative user is the Administrator.
496
Practical Hacking Techniques and Countermeasures
The Administrative user will now enter his or her password.
The Administrative user will receive the following caution message about
logging off the currently logged-in user. The user will click OK and log into
the computer. The moment the user logs in, a file will be created and saved
into the directory identified earlier (C:\pass.txt).
Vulnerability Scanning
497
At a later time (preferably when no one is around), the attacker can return
to the exploited computer and browse to the directory containing the password
file.


Pages:
152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176