Password Cracking
In cybersecurity, it is important to know the tactics of bad actors when trying to keep a network or systems secure. So while learning some of the same various skills that hackers have, I have learned how to crack passwords using John the Ripper. Initially, I created six demo users and then I created generic passwords for them, ranging in difficulty. I then made a copy of the shadow file where the hashed passwords are stored and placed them into a file so that I was able to run the passwords through John the Ripper. John the Ripper used a predefined dictionary of passwords, and with that, it was able to crack one of the users’ passwords after 10 minutes of running it. Dictionary attacks can take many days depending on the difficulty of the passwords and the length of the hacker provided dictionary. This lab showed the importance of having a strong password in order to safeguard against hackers.
Below is a PDF to a lab where John the Ripper is used to conduct a dictionary attack.
File Pemissions
Another Linux-based skill that I acquired is setting file permissions. To demonstrate this skill, I performed a lab where I created three groups using the groupadd command. I then assigned home directories to all users within these groups and created generic passwords for each user. Next, I established a new group and designated it as a secondary group for all three previously created demo users. Following this, I created a directory to serve as a shared space for collaboration among users. I then adjusted the file permissions to restrict access to this directory to only members of the designated group. This exercise illustrated how to create a shared directory for collaborative purposes while implementing file permissions to enhance security. By configuring file permissions, I learned to safeguard the integrity, confidentiality, and availability of the contents within the directory, thereby ensuring secure collaboration among users. Below is a link to the project.
Shell Scripting
I engaged in a task involving shell scripting to streamline routine processes. Task A involved the creation of script code utilizing an if-else statement. The script ensured that user input was transformed into lowercase and fell within the range of 4 to 8 characters. If the input failed to meet these criteria, an error message was generated. This exercise honed my proficiency in scripting fundamentals, particularly in implementing conditional statements to enforce input validation and error handling. Task B further expanded my scripting prowess by focusing on directory manipulation. The script code facilitated the creation of new directories using an if-else statement. The script first checked for the pre-existence of the directory. If the directory already existed or if it was identified as a regular file, the script displayed the contents of the file. Conversely, if the directory did not exist, a new directory was created. This task exemplified my ability to leverage scripting for file system management and automation of routine administrative tasks. By practicing shell scripting techniques, I acquired a valuable skill set essential for automating repetitive tasks and optimizing operational efficiency in cybersecurity operations. These tasks not only solidified my understanding of scripting fundamentals but also underscored the significance of automation in streamlining cybersecurity workflows and enhancing overall productivity. Below the lab is attached.