For this lab, you will be using your Kali Linux VM to crack the password to the various hashes that were obtained from a "vulnerable system" using a Dictionary attack with the rockyou wordlist (a 32 million RockYou password breach).

The tools you will use are:

Kali Linux john / johnny (GUI version) RockYou wordlist This lab has two sections:

LAB 01 PW Cracking (10 points) Report (10 points) The report will have 3 parts: Problem Statement, Analysis, and Recommendations Please follow the guide and when you crack the password make sure to put the item in section 1. Then for section 2, please use the report format and submit the report here. Make sure to change the name of the report file when saving and change / delete the text in red.

You will need to unzip the rockyou.txt.gz file in the /usr/share/wordlists/ directory

Use the command in a Terminal:

gunzip /usr/share/wordlists/rockyou.txt.gz This should uncompress the file into a .txt file

As well as install johnny if you plan on using the GUI version of John the Ripper.

Use the following command in Kali Terminal to install johnny:

apt-get install johnny -y The application should be located at: Applications > 05 - Password Attacks > johnny

Note: You will need to copy the hashes from the LAB 01 PW Cracking portion and save all the hashes in a text file.

Then either using john or johnny, you will need to open up the hashes text file you saved in Kali and then specify the word list location (/usr/share/wordlists/rockyou.txt) in the options.