Hands-on with Password Audits

This lesson provides the student with a basic understanding of how passwords are stored (hashes) and how attacks on user password hashes are carried out.  Additionally, students get some hands-on experience with a free, open source password cracking tool, i.e. John the Ripper.

This lesson includes a hands-on exercise in the Virginia Cyber Range. If instructors would like to have students complete the exercise, they should have requested an account at accounts@virginiacyberrange.org and had a course created for them. They should upload their student list to the course and prepare the exercise entitled ‘Cyber Basics – Introduction to Password Auditing Lab’ and download the lab document from the courseware repository.

Learning Objectives
  • Understand how passwords are stored on a modern operating system
  • Describe how attacks on user password hashes are carried out
  • Apply tools to attack password hash files
  • Describe why password complexity is important
Hands-on with Password Audits Lesson Plan

Log In
to download materials

* NICE Cybersecurity Workforce Framework KSAs Addressed
  • K0119: Knowledge of hacking methodologies in Windows or Unix/Linux environment.
  • K0129: Knowledge of Unix command line (e.g., mkdir, mv, ls, passwd, grep).
  • K0158: Knowledge of organizational information technology (IT) user security policies (e.g., account creation, password rules, access control).
* NSA/DHS Center of Excellence (CAE) KUs Addressed
  • Cyber Threats
  • System Administration
  • Operating Systems Hardening

* Most courseware content maps to NIST NICE Cybersecurity Workforce Framework (NCWF) Knowledge, Skills, and Abilities (KSAs) and/or NSA/DHS CAE Knowledge Units (KUs). For more information on KSAs and KUs, please visit:

KSAs: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-181.pdf

KUs: https://www.iad.gov/NIETP/documents/Requirements/CAE-CD_2019_Knowledge_Units.pdf