Question $5(2$ points$)$

The meterpreter "clearev" command $($meterpreter$>$ clearev$)$ will:

Clear the Application, System and Security logs on Windows systems

Clear the event logs on Linux and Unix systems

Clear the connection logs on Android systems

Clear the connection logs on Windows systems

Question $6(5$ points$)$

E

$7$

Run the $"$ps$"$ command $($meterpreter $>$ ps$)$ and locate the "winlogon.exe" process.

Migrate to the "winlogon.exe" process $($meterpreter $>$ migrate $[$winlogon$.$exe PID$])$

$($migrate $123$ for example$).$ Then run the "hashdump" command $($meterpreter $>$

hashdump$)$ to obtain the password hashes from the victim system. What is the hash

associated with the Administrator account?

Hint: if you receive an error when migrating to a winlogon PID, exit from the

meterpreter shell, re$-$exploit from msfconsole, and try migrating to another system$-$

level PID. Repeat until you're successful... if you're still failing after multiple, multiple

attempts, try restarting your Windows and Linux VMs within your VLE.

A

Question $7(5$ points$)$

Navigate to the C:$\backslash$Temp folder, locate and open the Temp$-$Hash.txt file and identify

the hash listed in the file.

Question $8(5$ points$)$

$$

Navigate to the C:$\backslash$users $\backslash$mbaldwin$\backslash$Documents folder, locate and open the

mbaldwin$-$hash.txt file and identify the hash listed in the

file.