Lab 4 – Password Cracking & John the Ripper
This lab really stuck out to me especially with my interest in Penetration Testing as a career.
In the lab it allowed me to explore how different password complexities impacts system security, and by using six different types of passwords with different varying password requirements. After setting the accounts up, I exported the password hashes and used John the Ripper to try and crack them.
Key Skills:
Some of the key skills that I was able to pick up and why I specifically chose this lab as my favorite.
User Management: Creating and managing different accounts using the Linux terminal.
Cryptographic Analysis: Exporting and handling password hashes to audit them.
Security Tooling: Using John the Ripper as well as rockyou.txt to use a dictionary-based attack.
One challenge I did end up facing was overserving how fast passwords can be compromised, many of the basic dictionary words and numeric passwords were basically cracked almost instantly, however using a mix of symbols and cases allowed it to last a while longer.
One thing I’ll be ableĀ to take away from this lab is the importance of passwords and how critical it is to have a secure password. For me, aspiring to be a Penetration Tester, having a understanding of how these tools work, like John the Ripper, allows me to identify the weaknesses in a system.