1. (5 points) On your Linux VM, you will find a password cracking tool called John the...
Question:
1. (5 points) On your Linux VM, you will find a password cracking tool called “John the Ripper”.
Demonstrate that you are able to use this program by performing the following steps.
a. (1 points) Set up a new user account on your VM called _tocrack, with
password=ID>). You will need to set the password as root in
order to create this (weak) password. Output the contents of the /etc/shadow file and take
a snapshot that shows your newly created account.
b. (1 points) What is the password hash for your _tocrack account? You can
find it in the /etc/shadow file. Refer to this website to determine which part of the entry for
your user is the actual hash: https://www.2daygeek.com/understanding-linux-etc-shadow-
file-format/ .
• Note that there is one minor error in the above URL--- “hash_salt: This field is
contain encrypted password instead of actual password.” Should read
“hash_salt: this field contains the salt appended to the password prior to
hashing”.
c. (2 points) Crack the password using John the Ripper (the command is “john”, but you must
decide which options are the most sensible). Refer to the OpenWall website for
information about the different cracking modes:
http://www.openwall.com/john/doc/MODES.shtml .
i. (1 point) What command line options are optimal for guessing your password?
ii. (1 point) Use the optimal command line options from (i) above to run john, and
provide a screenshot of the full output that it produced (including timing
information). Make sure the output includes your cracked password.
d. (1 point) The password you were asked to choose in part (a) is obviously quite weak.
Password policies aim to prevent poor password choices by regular users and typically
specify a password must be >=8 characters in length. However, password crackers such as
Ophcrack and Rainbowcrack use rainbow tables and as such are very fast. Given the
rainbow tables that are available for purchase today (see http://project-
rainbowcrack.com/table.htm ), what would be a more prudent password policy?
2. (1.25 points) Set up auditing to monitor and report modifications from “Everyone” to the same Run
and RunOnce keys (if present) from Week 4 Tutorial Assignment Question 2. See the following
article (point #3: Registry auditing) for how to set this up: https://betanews.com/2015/11/18/how-
to-monitor-registry-changes/. Then add a subkey under one of the “RunOnce” keys, named
A5_ (e.g., for this course’s TA, it would be “A5_IsratJui”). Finally, open up the Event
Viewer and locate the registry logs related to the creation and/or access of this new key, and take a
screenshot showing at least one of these logs (the screenshot must show your new key name, which
contains your name).
Financial and Managerial Accounting the basis for business decisions
ISBN: 978-0078111044
16th edition
Authors: Jan Williams, Susan Haka, Mark Bettner, Joseph Carcello