Password cracking

Windows password recovery
  1. You have inadvertently forgotten your Windows password and can’t log in to your system. You really need to obtain access to your system. You also need to figure out passwords for others in the system. (The steps below will only work in the lab)

The windows image is available (only on campus) here.

After you have copied it, extract it, and open VirtualBox, create a new vm, DON’t add any disk to it. Then go into settings->storage->remove the sata controller. Add an IDE controller. Add the hard disk you just copied to the IDE controller. Make sure that windows boots, verify that the user joe is password protected, then shut it down normally.

You could probably guess a few passwords pretty easy, but let’s find a tool that will do a few things for us. The first tool we will use is a Hiren’s boot cd. Download. You can add this as optical storage in the VirtualBox storage settings. Now boot the vm. (You may have to double check that the boot order finds the optical disk prior to the hard disk under System Settings within VirtualBox)

Obviously you could do anything now that you are an administrator, but don’t. Let’s crack a few passwords.

First, login with the vagrant user. If you can’t guess the password, blank it out like you did with the joe user.

Windows password hash crack

It is fairly trivial to reset a users password as we did above, but what if you want to find out the password. As you are logged in as the vagrant user, you should see an ophcrack on the desktop. I have already downloaded a rainbow table in the Downloads directory that you could add. Add the local sam file, start the crack. See how many passwords you can find.

Take a screenshot.

Linux password recovery

For this assignment, we will make the assumption that you have physical access to a linux machine and that you have pulled off the /etc/passwd file and the /etc/shadow files and put them in the correct format so that your password cracking tool can work. This file is located at here (only on-campus)

  1. You are welcome to use any tools you can find. The objective is to retrieve passwords.

    • On an ubuntu system, sudo apt-get install john (this is also installed on oxygen and nitrogen)
    • The performance of running john on the virtual machines is poor, if install john on a real machine, you should have better performance.
    • You should do something like john and sit back and let john do its’ stuff.
    • I found that it was able to crack 2 of the passwords in less than 5 minutes. You could just leave the process running and come back in a day or so and see if you were able to crack some more. (When I came back the next day it had cracked an additional 2 passwords)
    • John didn’t alert me when it found a password, so I killed it after a few minutes and did john --show file_to_crack_2015.txt. And it showed me what it had found.
  2. Take a print screen of your cracking abilities. (I expect that you will have at LEAST 1 cracked password on the Linux machine)

Online password attack

I have a test machine set up at You should attack the ftp service using hydra to see if you can crack the password for steve and fred and betsy. (The last one is the hardest). You should use this password file. Please record a print screen of the ultimate password results. Hydra runs something like this:

    hydra -l username -P password_list.txt ftp

Your results should look something like this (though you WON’T have xxxx’s for the password):

[22][ssh] host: login: fred password: xxxxxxxxxxx [STATUS] attack finished for (waiting for children to finish)

Hydra is also installed on oxygen.

To Submit

Last Updated 01/19/2021