Activity 2-1: Testing the strength of passwords Objective: To develop awareness on how weak passwords can produce a vulnerability to any system. Description: Proactive Password Auditor helps network administrators to examine the security of their networks by executing an audit of account passwords. By exposing insecure passwords, Proactive Password Auditor demonstrates how secure a network is under attack. Through this tool, youll be able to brute force the password of any account found in your system. 1. Run the virtual machine (WinXPSecurity). 2. Install Proacve Password Auditor by launching the le ppa_setup_en which is located in your Desktop. 3. Create a user for windows by clicking on Startcontrol paneluser accountscreate a new account 4. Type your name as the new account then click next 5. Make the account as a computer admini rator then click create Account. 6. Click on the account you ju created and then click on create a password. 7. Type the new password as simple as possible (for example: 123456). 8. Re-type the same password you ju entered in the r box then click create password. 9. Run Proactive Password Auditor by clicking on Start all programsElcomsoft Password Recovery Proactive Password Auditor 10. click on project -new 11. make sure that the attack type is Brute-force 12. click on BruteForce attack tab 13. select All Printable 14. click on hashed tab 15. select Memory of local computer then click on Dumb 16. li all the users found with their passwords (including the one you created). Are you able to read the password? 17. Change the password of your user into something harder by clicking on Startcontrol panel user accounts. 18. click on your user account then click on change password. 19. Type a harder password (a combination of lower letters, capital letters, numbers, symbols) for example, CsEIs&434sec!@ 20. Re-type the same password and click change password. 21. Go back to the program (Proactive Password Auditor) Click on project new 23. Click on Bruteforce attack tab 24. Click on all Printable 25. In case you typed a password more than 14 characters, change the maximum length to be more than 14. 26. Click on Hashes 27. Click on Memory of local computer then click Dumb 28. Is the password of your user account visible? 29. In the same program, select your user then click on Recovery art recovery 30. Observe the changes in the password tab of your user account. Give it 5 minutes and wait for a change, if any. 31. What is the expected time to discover the whole password? 32. What if your password is short (5 characters) and has a combination of only letters and numbers, would it take the same time as the time you found in ep 30? Why? why not? 33. shut down the virtual machine (WinXPSecurity) and proceed to the next activity