Old Dominion University

CYSE 301 Cybersecurity Techniques and Operations

Assignment #M4.2 Password cracking

Jacob Crabtree

UIN: 00825439

I opened a reverse shell connection between the internal kali and windows 7 using the exploit and reverse shell connection we learned for 3.2 lab and I successfully gained access to windows7. Once that was connected, I then began creating the 3 new users in windows7.

I created 3 new users in windows 7: mario, megaman, and luigi. I also assigned them passwords.

Mario: one23

Luigi: crabdad2

Megaman: apple23

Task A: Using John the ripper (35 points)

1. Collect the password hashes in the meterpreter shell (refer to Task C-4 in Assignment M3.2)

 2. Save the password hashes into a file called “your_midas.WinHASH” in Kali Linux, then display its content. (You need to replace the “your_midas” with your university MIDAS ID.

3. Run John the ripper for 10 minutes to crack the passwords (no need to crack all the passwords).

In order for me to run hashdump and have access to password hashes I had to runt he bypassuac exploit in order for it to allow me to see the hashes.

Once I ran the bypassuac exploit and then I accessed the password hashes, I then used gedit and saved the hashes in a file called “jcrab005.winhash”.

I ran john the ripper for several minutes to crack the user passwords and I was able to crack 3 passwords out of all the users. I used the jcrab005.winhash file I created and ran the command: john jcrab005.winhash –format=NT.

Task B: Using Cain and Abel (35 points)

1. Upload “Cain and Abel” to the target Windows 7 VM and install the password cracking tool via the remote desktop.

2. You need to implement both brute force attack and dictionary attack to crack the accounts you created in the previous step. You should leave the password cracker run for at least 10 minutes. (no need to crack all the passwords). How many passwords have been cracked?

 Logged into the windows7 shell from meterpreter and created a malicious user account that I could access windows 7 remotely from. Once that user was created, I then used it to log in remotely so I could upload and run the cain and abel program.

I had to upload the cain and abel file to windows 7 by using the command: upload /root/CYSE301/Module\ IV-Password\ Cracking/ca_setup.exe c:\\ . This uploaded the file onto windows 7 c drive.

I used the default wordlist provided on the system when I implemented the dictionary attack. I ran it or several minutes and I was able to crack 4 of the 6 passwords from the users.

I ran the brute force attack and it was able to crack 4 of the 6 passwords using the parameters of a min. of 6 characters and a max. of 12 characters but to crack all of them it was estimated to take years.

Task C: Cracking Hashes (30 points) 1. Find and use the proper format in John the ripper to crack the following MD5 hashes. Show your steps and results.

• 5f4dcc3b5aa765d61d8327deb882cf99 • 63a9f0ea7bb98050796b649e85481845

I took the two hashes and saved them in a file through gedit and named the file :newhash.winhash.

Once I created my hash file, I had to do some googling but I found the right command format to run john the ripper to crack the two hashes with md5 format. I used the “ john –show –format=raw-md5 newhash.winhash” and it cracked the two hashes to be “password” and the other to be “root”.