LAB 3: Cracking Windows Passwords
The purpose of this exercise is to use password cracking tools to identify weak passwords.
Materials Needed:
4) Computer running either Windows or Linux/Unix
5) Internet connection
6) SamInside (http://www.insidepro.com/eng/saminside.shtml) and LC4 (http://www.net-security.org/software.php?id=17) software for Windows; John the Ripper for Linux (http://www.openwall.com/john/)
PART I: Cracking Passwords
1) Create several accounts with passwords
i. Robot C3PO
ii. Star WARS
iii. ME 1234
iv. YOU YOU
v. Darth Anakin-Skywalk3r
2) The first step in determining user passwords is acquiring the list of usernames and the corresponding encrypted passwords.
3) LC4 (limited version): Once you have obtained the encrypted passwords, you need to decode them into plaintext. [This should only be done with permission!]
· Install LC4
· Run LC4 (Start|Programs|LC4) with the evaluation version
i. Retrieve from the local machine
ii. Select Strong Password Audit
iii. Select all Reporting Styles
4) SAMInside (limited version): Once you have obtained the encrypted passwords, you need to decode them into plaintext. [This should only be done with permission!]
· Install SAMInside
· Run SAMInside
· Click on the people icon to import the local users on the machine
· Click on the run attack icon to start the password scan. Note that the boxes next to the usernames become unchecked once the password is discovered
5) John the Ripper: Once you have obtained the encrypted passwords, you need to decode them into plaintext. [This should only be done with permission!]
· Install John the Ripper (john.ini must be placed in the /etc directory)
· Change to the /etc subdirectory (location of the john.ini)
· Run john the ripper by specifying the command followed by the password file e.g. #john /etc/passwd [replace with /etc/shadow if the passwords are shadowed]
· Let the program run for a few minutes; it should crack the shorter/simpler passwords.
PART II: Setting Password Policy (in Windows)
Post-assignment: Answer the following questions -