CS166 Password Cracking Lab

Teodoro (Ted) Cipresso
Department of Computer Science
San Jose State University
teodoro.cipresso@sjsu.edu


Objective

The purpose of this lab is to understand the importance of using strong passwords.

This lab is based on a lab written by Andrew Kalafut.


Background

The program "John the Ripper" ("John" for short) is a popular program for cracking passwords.  You may download it here.

Turn in answers to all of the Checkpoint questions.

Disclaimer: This is an extra-credit assignment, therefore part of the assignment is figuring out how to get "John" working on your own computer hardware and operating system.  These instructions assume the Windows community-enhanced version John the Ripper 1.7.9-jumbo-5.  Archived here.


Part 1: Brute Force Cracking

  1. Download the password file part1.txt to <john_extract_dir>\run\. 
  2. Open a command prompt and change the current directory to <john_extract_dir>\run.
  3. Enter the following command: john --crack-status --pot="part1.pot" --session=john --incremental part1.txt
  4. Checkpoint 1: Provide the full console output showing the 5 cracked password and username combinations.

Part 2: Using Wordlists (Dictionaries)

  1. Download the password file part2.txt to <john_extract_dir>\run\.
  2. Open a command prompt and change the current directory to <john_extract_dir>\run\.
  3. Enter the following command: john --crack-status --pot="part2a.pot" --session=john --incremental part2.txt
  4. Obviously, incremental mode is not ideal for complex passwords.  To reduce the time needed to crack common/weak passwords, "John" has a wordlist (dictionary) mode.
  5. Enter the following command: john --crack-status --pot="part2b.pot" --session=john --wordlist=password.lst part2.txt
  6. Enter the following command: john --crack-status --pot="part2c.pot" --session=john --wordlist=password.lst --rules part2.txt



End of Document