CEH LAB EXAM TWO 2025 WITH 100% ACCURATE
SOLUTIONS
8.1.4 Analyze a USB keylogger attack
The CEO of CorpNet.xyz has hired your firm to obtain some passwords
for their company. A senior IT network administrator, Oliver Lennon, is
suspected of wrongdoing and suspects he is going to be fired from the
company. The problem is that he changed many of the standard
passwords known to only the top executives, and now he is the only one
that knows them. Your company has completed the legal documents
needed to protect you and the company.
With the help of a CorpNet.xyz executive, you were allowed into the IT
Admin's office after hours. You unplugged the keyboard from the back
of the ITAdmin computer and placed a USB keylogger into the USB,
then plugged the USB keyboard into the keylogger. After a week, the
company executive lets you back into the IT Admin's office after hours
again.
In this lab, your task is to use the keylogger to recover the changed
passwords as follows:
Move - Precise Answer ✔✔Solution
Above the computer, select Back to view the back of the computer.
On the back of the computer, drag the USB Type A connector for the
keyboard to another USB port on the computer.
,Make sure to plug the keyboard back in.
On the Shelf, expand System Cases.
Drag the Laptop to the Workspace.
Above the laptop, select Back to view the back of the laptop.
From the computer, drag the keylogger to a USB port on the laptop.
Above the laptop, select Front to view the front of the laptop.
On the laptop, select Click to view Windows 10.
Press S + B + K to toggle from the keylogger mode to the flash drive
mode.
Select Tap to choose what happens with removable drives.
Select Open folder to view files.
Double-click LOG.txt to open the file.
In the top right, select Answer Questions.
,Answer the questions.
Select Score Lab.
Question 1: P@ssw0rd
Question 2: 4Lm87Qde
8.1.5 Analyze a USB keylogger attack 2
Recently, the administrative assistant found a foreign device connected
to the ITAdmin computer while updating some of their hardware. The
device was turned over to you, and you have determined that it is a
keylogger. You need to sift through the information on the keylogger to
find which accounts may be compromised.
In this lab, your task is to determine which corporate accounts have been
compromised as follows:
Plug the keylogger into ITAdmin's USB port.
Use the keyboard combination of SBK to toggle the USB keylogger
from keylogger mode to USB flash drive mode.
Open the LOG.txt file and inspect the contents.
Scan the document for corporate passwords or financial information.
Answer the questions. - Precise Answer ✔✔Solution
1. On the Shelf, expand Storage Devices.
, 2. From the shelf, drag the USB Keylogger to a USB port on ITAdmin.
3. On the monitor, select Click to view Windows 10.
4. Press S + B + K to toggle from the keylogger mode to the flash drive
mode.
5. Select Tap to choose what happens with removable drives.
6. Select Open folder to view files.
7. Double-click LOG.txt to open the file.
8. Maximize the window for easier viewing.
9. In the top right, select Answer Questions.
10. In the file, find which account passwords were captured.
11. In the file, find any compromised financial information.
12. Select Score Lab.
Question 1: email.com, amazon.com
Question 2: 4556358591800117
8.1.7 Crack a password with rainbow tables
While doing some penetration testing for your company, you captured
some password hashes. The password hashes are saved in the root user's
home directory /root/captured_hashes.txt. Now you want to hack these
passwords using a rainbow table. The password requirements for your
company are as follows:
The password must be 25 or more characters in length.
The password must include at least one upper and one lowercase letter.
SOLUTIONS
8.1.4 Analyze a USB keylogger attack
The CEO of CorpNet.xyz has hired your firm to obtain some passwords
for their company. A senior IT network administrator, Oliver Lennon, is
suspected of wrongdoing and suspects he is going to be fired from the
company. The problem is that he changed many of the standard
passwords known to only the top executives, and now he is the only one
that knows them. Your company has completed the legal documents
needed to protect you and the company.
With the help of a CorpNet.xyz executive, you were allowed into the IT
Admin's office after hours. You unplugged the keyboard from the back
of the ITAdmin computer and placed a USB keylogger into the USB,
then plugged the USB keyboard into the keylogger. After a week, the
company executive lets you back into the IT Admin's office after hours
again.
In this lab, your task is to use the keylogger to recover the changed
passwords as follows:
Move - Precise Answer ✔✔Solution
Above the computer, select Back to view the back of the computer.
On the back of the computer, drag the USB Type A connector for the
keyboard to another USB port on the computer.
,Make sure to plug the keyboard back in.
On the Shelf, expand System Cases.
Drag the Laptop to the Workspace.
Above the laptop, select Back to view the back of the laptop.
From the computer, drag the keylogger to a USB port on the laptop.
Above the laptop, select Front to view the front of the laptop.
On the laptop, select Click to view Windows 10.
Press S + B + K to toggle from the keylogger mode to the flash drive
mode.
Select Tap to choose what happens with removable drives.
Select Open folder to view files.
Double-click LOG.txt to open the file.
In the top right, select Answer Questions.
,Answer the questions.
Select Score Lab.
Question 1: P@ssw0rd
Question 2: 4Lm87Qde
8.1.5 Analyze a USB keylogger attack 2
Recently, the administrative assistant found a foreign device connected
to the ITAdmin computer while updating some of their hardware. The
device was turned over to you, and you have determined that it is a
keylogger. You need to sift through the information on the keylogger to
find which accounts may be compromised.
In this lab, your task is to determine which corporate accounts have been
compromised as follows:
Plug the keylogger into ITAdmin's USB port.
Use the keyboard combination of SBK to toggle the USB keylogger
from keylogger mode to USB flash drive mode.
Open the LOG.txt file and inspect the contents.
Scan the document for corporate passwords or financial information.
Answer the questions. - Precise Answer ✔✔Solution
1. On the Shelf, expand Storage Devices.
, 2. From the shelf, drag the USB Keylogger to a USB port on ITAdmin.
3. On the monitor, select Click to view Windows 10.
4. Press S + B + K to toggle from the keylogger mode to the flash drive
mode.
5. Select Tap to choose what happens with removable drives.
6. Select Open folder to view files.
7. Double-click LOG.txt to open the file.
8. Maximize the window for easier viewing.
9. In the top right, select Answer Questions.
10. In the file, find which account passwords were captured.
11. In the file, find any compromised financial information.
12. Select Score Lab.
Question 1: email.com, amazon.com
Question 2: 4556358591800117
8.1.7 Crack a password with rainbow tables
While doing some penetration testing for your company, you captured
some password hashes. The password hashes are saved in the root user's
home directory /root/captured_hashes.txt. Now you want to hack these
passwords using a rainbow table. The password requirements for your
company are as follows:
The password must be 25 or more characters in length.
The password must include at least one upper and one lowercase letter.
