Objective: The purpose of this lab is to gain an understanding of password strengths, and common tools used for offline password attacks
Grading: Each question in parts 1 and 2 are worth one point. Each question in part 3 is worth two points.
The program "John the Ripper" is a popular program for cracking passwords (It is available for free from www.openwall.com/john if you would like a copy on your own computer). Before using it, you must make a copy of its configuration files, which must be present in the directory you are running the program from. The configuration files are located in
/usr/local/john-1.8.0-jumbo-1/run/ on the eos computers. If you wanted to copy these to a directory called
john the command to use would be "
cp -r /usr/local/john-1.8.0-jumbo-1/run/ john". After making this copy, run all commands in this lab from the
What to turn in: Answers to the questions below.
Follow the steps below, answering the questons as you go:
Download the files part1.txt and part1a.txt. These files contain salted hashed md5 passwords, which is the format used to store them in many old Linux systems.
john --nolog --pot="john.pot" --session=john --incremental=alnum --max-run-time=180 part1.txt. How many passwords were cracked in 180 seconds? (if all were cracked, how long did this it take to crack all the passwords? )
john.conffile, edit the incremental alnum mode to only check passwords of length 1-5. Now, remove the john.pot file and run the same command again. How do your results differ?
=alnumfrom the command line, since we edited that to only work on short passwords). However, change the run time to be 5 minutes. This can be done by editing the max-run-time on the command line to say
--max-run-time="300". How many passwords was John able to crack in the new file?
password.lst, although other wordlists can be downloaded. The command to use wordlist mode on part2.txt is
john --nolog --pot="john.pot" --session="john" --wordlist part2.txt. Run the above command. How long does it take and how many passwords are found? Explain the difference between these results and those of the previous question.
--rulesoption to the command. How do the results form this command (time and number cracked) differ from the previous one? Should someone trying to crack passwords always use --rules with a wordlist? Explain.
--rules=myrules --config=rules.conf. Use John to try to crack more passwords, using these new rules. Are any more found? What are they? Why were these hard to find before?