One important task that is conducted during a penetration test is an assessment of password strength, or simply, to crack passwords to allow for further access. This may take the shape of running a test against known passwords, or exploiting a vulnerability and stealing the password hashes and trying to crack them. In either case, the concept is the same; the difference is how the password hashes are obtained. There are many tools available to perform this task. To help give an understanding of these tools, this activity will have you explore some of these tools and analyze them to find the right fit for you and your organization.

Use RainbowCrack as one of the tools described in the Unit 4 Group Project.

Extract the password hashes from a machine. With the extracted password hashes, try to crack them using the program selected in the previous step.

Submit an obfuscated list of users and cracked passwords, or output generated from the program.