Tasks
Gain Access using Trojans
njRAT RAT Trojan
Use the Windows 11 machine (10.10.1.11) as the attacker machine and the Windows Server 2022 machine (10.10.1.22) as the victim machine. Run the njRAT Trojan from the attacker machine and gain control over the victim machine. What is the default port used for njRAT?
5552
Use the Windows 11 machine (10.10.1.11) as the attacker machine and the Windows Server 2022 machine (10.10.1.22) as the victim machine. Enter the Host Name of the victim machine displayed in njRAT Remote Shell.
Server2022
Hide Trojan
SwayzCryptor
On the Windows 11 machine, create a Trojan server using njRAT. Use SwayzCryptor to encrypt the Trojan server file and check if encryption makes the file undetectable to antivirus programs (answer “Yes” if SwayzCryptor makes the Trojan undetectable or “No” otherwise).
Yes
Theef RAT Trojan
Use the Windows 11 machine (10.10.1.11) as the attacker machine and the Windows Server 2022 machine (10.10.1.22) as the victim machine. Create a Trojan server using the Theef RAT Trojan to control the victim machine remotely. Run the Theef server on the victim machine and the Theef client on the attacker machine. The Theef client and server files are available in the directory E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Trojans Types\Remote Access Trojans (RAT)\Theef on the attacker machine. What is the default port used in Theef?
6703
Infect the Target System using a Virus
JPS Virus Maker Tool
In the Windows 11 machine, create a virus using the JPS Virus Maker tool and infect the Windows Server 2019 machine. What is the default custom website used by JPS Virus Maker 4.0?
Static Malware Analysis
Malware Scanning
Analyze malware using online Hybrid Analysis services. What the name of the Analysis Environment that was selected in this task?
Windows 7 64 bit
Analyze malware using online Hybrid Analysis services. Enter the name of the malicious file that was uploaded for analysis in this lab.
tini.exe
Strings Search
BinText
Perform a string search on the file face.exe located at E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Viruses\Klez Virus Live! on the Windows 11 machine. What is the size of the text detected in the file?
4240 bytes
Identify Packaging and Obfuscation Methods
PEid
Analyze the file face.exe located at E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Viruses\Klez Virus Live! on the Windows 11 machine to identify packaging and obfuscation methods. What is the subsystem found in the PEiD analysis for Face.exe?
Win32 GUI
Analyze ELF Executable File
Detect It Easy (DIE)
Detect a file’s compiler, linker, packer, etc. using Detect It Easy (DIE). Enter the name of the operating system that was detected from the ELF file in this task.
Red Hat Linux
Find the Portable Executable Information
PE Explorer
Use PE Explorer to analyze the file face.exe located at E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Viruses\Klez Virus Live! on the Windows 11 machine. What is the address of the entry point for the file face.exe?
00408458h
Identify File Dependencies
Dependency Walker
Use the Dependency Walker tool to analyze the executable snoopy.exe located in the directory E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Viruses\Klez Virus Live! on the Windows 11 machine and identify the file dependencies of the executable file. Apart from KERNEL32.DLL, ADVAPI32.DLL, and WS2_32.DLL, what is the fourth DLL dependency?
MPR.DLL
Perform Malware Disassembly
On the Windows 11 machine, use the IDA tool to analyze the file face.exe located in the directory E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Viruses\Klez Virus Live!. What is the first subroutine function identified by IDA?
sub_401000
Tools
IDA
OllyDbg
Ghidra
Use Ghidra to perform malware disassembly and find out the compiler ID of face.exe file.
windows
Dynamic Malware Analysis
Port Monitoring
Run njRAT from the attacker machine (Windows 11) and gain control over the victim machine (Windows Server 2022). On the Windows Server 2022 machine, use the TCPView tool to find the connections created by the Trojan. What is the remote port used by the Trojan server?
5552
Tools
TCPView
CurrPorts
Process Monitoring
Process Monitor
Run njRAT from the attacker machine (Windows 11) and gain control over the victim machine (Windows Server 2022). On the Windows Server 2022 machine, use Process Monitor to detect suspicious processes created by the Trojan server and identify the registry path of the Trojan executable. Flag submission is not required for this task, enter "No flag" as the answer.
No flag
Registry Monitoring
Reg Organizer
Use the registry monitoring tool Reg Organizer to scan the registry values for any changes. Flag submission is not required for this task, enter "No flag" as the answer.
No flag
Windows Services Monitoring
Windows Service Manager (SrvMan)
On the Windows 11 machine, use the Windows Service Manager (SrvMan) tool to check for suspicious windows services. Flag submission is not required for this task, enter "No flag" as the answer.
No flag
Startup Program Monitoring
Tools
Autoruns for Windows
WinPatrol
On the Windows 11 machine, use Autorun for the Windows and WinPatrol tools to monitor startup programs. Which tab in the WinPatrol tool shows all toolbars and links loaded in the system by IE or other Windows components?
IE Helpers
Installation Monitoring
Mirekusoft Install Monitor
On the Windows 11 machine, use the Mirekusoft Install Monitor tool to detect hidden and background installations. If a person uninstalls any application from the system but fails to delete it from the hard drive, will they be able to view the application in Mirekusoft Install Monitor? (Yes/No)
No
Files and Folder Monitoring
PA File Sight
Install PA File Sight’s central monitoring service on the Windows 11 machine and configure it to monitor file integrity on the Windows Server 2022 remote machine. What is the default port used by the central monitoring service?
8000
Device Driver Monitoring
Tools
DriverView
Driver Reviver
On the Windows 11 machine, use the tools DriverView and Driver Reviver to monitor device drivers. Flag submission is not required for this task, enter "No flag" as the answer.
No flag
DNS Monitoring
DNSQuerySniffer
On the Windows 11 machine, use DNSQuerySniffer to monitor DNS queries to a DNS server. Flag submission is not required for this task, enter "No flag" as the answer.
No flag
Last updated