My Experience on This Lab
In this lab, I created several Linux user accounts with different password complexity levels using commands like useradd, passwd, and sudo tail /etc/shadow to view their hashes. I then exported the hashes into a file using sudo cat /etc/shadow > dhill036.hash and used John the Ripper to test password strength. Running john --wordlist=/usr/share/wordlists/rockyou.txt dhill036.hash showed me how quickly simple passwords can be cracked compared to complex ones.
Key Concepts I learned
I learned how password hashes are stored in /etc/shadow and how tools like John the Ripper perform dictionary attacks. The lab demonstrated the importance of strong passwords, since basic dictionary words and short digit-only passwords were cracked almost instantly.
Challenges Faced
As a a first time user I found it challenging to export the hashes correctly and choose the right John the Ripper options. Ensuring each password met the required complexity also took careful attention. Seeing weak passwords crack immediately while stronger ones held up highlighted the importance of using complex passwords for security.