Hands-on with Password Audits
This lesson provides the student with a basic understanding of how passwords are stored (hashes) and how attacks on user password hashes are carried out. Additionally, students get some hands-on experience with a free, open source password cracking tool, i.e. John the Ripper.
This lesson includes a hands-on exercise in the Virginia Cyber Range. If instructors would like to have students complete the exercise, they should have requested an account at firstname.lastname@example.org and had a course created for them. They should upload their student list to the course and prepare the exercise entitled ‘Cyber Basics – Introduction to Password Auditing Lab’ and download the lab document from the courseware repository.
- Understand how passwords are stored on a modern operating system
- Describe how attacks on user password hashes are carried out
- Apply tools to attack password hash files
- Describe why password complexity is important
- K0119: Knowledge of hacking methodologies in Windows or Unix/Linux environment.
- K0129: Knowledge of Unix command line (e.g., mkdir, mv, ls, passwd, grep).
- K0158: Knowledge of organizational information technology (IT) user security policies (e.g., account creation, password rules, access control).
- Cyber Threats
- System Administration
- Operating Systems Hardening