All posts by admin

In-class Exercise 1: Cracking Passwords with John the Ripper

In-class Exercise 1: Cracking Passwords with John the Ripper (Sharon)

Password protection is important in any platform as is building robust passwords. You will need a copy of Kali Linux, as discussed previously, to perform this exercise. John and Ripper will be used to crack passwords. John performs different types of cracks: single mode; dictionary (wordlist mode), the one performed in this exercise, which applies a dictionary list of passwords for comparison; and brute-force (incremental) mode, which is the slowest of the three modes and attempts every combination of letters and numbers. You can download the Kali Linux and WinXP VMs at   http://ciswww.desu.edu/~xhei/

  • Start Kali virtual machine.
  • Login: root   Password:  SCIA472

Before attempting to crack the existing passwords, enter a few more users to see how fast the passwords can be cracked.

  • root@kali: adduser user1
  • set the password to password
  • root@kali: adduser  user2
  • set the password to P@ssw0rd
  • root@kali: adduser  user3
  • set the password to !P@ssw0rD1

After the three users have been added, you will want to execute John.

  • ApplicationsàBackTrack->Provilege Escalation->Password Attacks->Offline Attacks-> john the ripper
  • root@kali:/pentest/passwords/john#: john /etc/shadow
  • Give it time to see how long it takes for each password to be cracked. Record those times here: User1:______ User2:_______User3:______
  • Refection: Did you notice a correlation between the times it took to crack a password versus the complexity of the password? You should have seen that more complex passwords take longer to recover.
  • Write your comment to this exercise including what you have learned, more practices you can think of, and what can be improved about this exercise.
  • Turn it in Blackboard by Tonight.

2013(6)

  1. Emerging security Issues in wireless implantable medical devices
    Xiali Hei and Xiaojiang Du. Emerging Security Issues in Wireless Implantable Medical Devices.
  2. PIPAC Patient Infusion Pattern based Access Control Scheme for Wireless Insulin Pump System
    X. Hei, X. Du, S. Lin, and I. Lee, “PIPAC: Patient Infusion Pattern based Access Control Scheme for Wireless Insulin Pump System,” to appear in Proc. of IEEE INFOCOM 2013, Turin, Italy, Apr. 2013.
  3. Two Vulnerabilities in Android OS Kernel
    X.Hei, X.Du and S.Lin, “Two Vulnerabilities in Android OS Kernel,” to appear in Proc. of IEEE ICC 2013, Budapest, Hungry, June. 2013.
  4. Chapter: Implantable Medical Device Security
    Xiaojiang Du · Xiali Hei · Alexandru Samachisa · Marcin Lukowiak · Dong Zhang · Shuhui Li · Jie Wu · Daniel Phillips
    No preview · Chapter · Apr 2013
  5. PIPAC Patient Infusion Pattern based Access Control Scheme
  6. vulnerabilities2

Teaching

Teaching:

Spring 2016:  Topics in Ethical Hacking (tons of hands-on various hacking methods)
Spring 2016:   Advanced Computer Network (tons of new technology)
Fall 2015:  Advanced operating system
Fall 2015:  Operating system