GAQM Exam CPEH-001 Topic 2 Question 81 Discussion

Actual exam question for GAQM's CPEH-001 exam

Question #: 81
Topic #: 2

One of your junior administrator is concerned with Windows LM hashes and password cracking. In your discussion with them, which of the following are true statements that you would point out?

Select the best answers.

AJohn the Ripper can be used to crack a variety of passwords, but one limitation is that the output doesn't show if the password is upper or lower case.

BBY using NTLMV1, you have implemented an effective countermeasure to password cracking.

CSYSKEY is an effective countermeasure.

DIf a Windows LM password is 7 characters or less, the hash will be passed with the following characters, in HEX- 00112233445566778899.

EEnforcing Windows complex passwords is an effective countermeasure.
Explanations:
John the Ripper can be used to crack a variety of passwords, but one limitation is that the output doesn't show if the password is upper or lower case. John the Ripper is a very effective password cracker. It can crack passwords for many different types of operating systems. However, one limitation is that the output doesn't show if the password is upper or lower case. BY using NTLMV1, you have implemented an effective countermeasure to password cracking. NTLM Version 2 (NTLMV2) is a good countermeasure to LM password cracking (and therefore a correct answer). To do this, set Windows 9x and NT systems to 'send NTLMv2 responses only'. SYSKEY is an effective countermeasure. It uses 128 bit encryption on the local copy of the Windows SAM. If a Windows LM password is 7 characters or less, the has will be passed with the following characters:
0xAAD3B435B51404EE
Enforcing Windows complex passwords is an effective countermeasure to password cracking. Complex passwords are- greater than 6 characters and have any 3 of the following 4 items: upper case, lower case, special characters, and numbers.

Show Suggested Answer

Suggested Answer: C

The order should be Passive information gathering, Network level discovery, Host scanning and Analysis of host scanning.

by Jesusita at Feb 13, 2024, 12:00 AM

Limited Time Offer

25%

16 days ago

I think option A is true because John the Ripper doesn't show if the password is upper or lower case.

upvoted 0 times

...