SlideShare a Scribd company logo

Password Security and Use of John the Ripper Tool

N
Neranjan Viduranga

Information security is one of the main concerns in modern society. Even though we have much more advanced methods to secure our data, good old passwords are the final security measurement standing between our information and the outside world. So, the security of passwords is very important for the overall security of a system, network, or application. In this paper, the learner discusses about John the ripper tool and its 4 different password cracking modes. Using Kali Linux operating system and John the ripper tool, learner demonstrates the Single crack mode by creating different passwords in different strength levels and cracking them. By analysing the time, which is taken to crack those passwords, learner is looking forward to gain knowledge about strong and weak passwords along with their characteristics. At last, learner discusses about major principles behind password policies to learn about good password construction and password management. By using that knowledge, learner creates an organizational password policy for “Rythmo Art Gallery”.

Technology
1 of 27
Download to read offline
W.A Neranjan Viduranga COL/A-069224 pg. 7 Password Security and Use of John the Ripper Tool Course Work Report – Cyber Security W.A Neranjan Viduranga Kingston University
W.A Neranjan Viduranga COL/A-069224 pg. 8 Abstract Information security is one of the main concerns in modern society. Even though we have much more advanced methods to secure our data, good old passwords are the final security measurement standing between our information and the outside world. So, the security of passwords is very important for the overall security of a system, network or application. In this course work, the learner discusses about John the ripper tool and its 4 different password cracking modes. Using Kali Linux operating system and John the ripper tool, learner demonstrates the Single crack mode by creating different passwords in different strength levels and cracking them. By analysing the time which is taken to crack those passwords, learner is looking forward to gain knowledge about strong and weak passwords along with their characteristics. At last, learner discusses about major principles behind password policies in order to learn about good password construction and password management. By using that knowledge, learner creates an organizational password policy for “Rythmo Art Gallery”.
W.A Neranjan Viduranga COL/A-069224 pg. 9 Table of Contents Introduction ........................................................................................................................... 11 Activity 01 .............................................................................................................................. 12 Part “A” ................................................................................................................................ 12 1] Navigating to the Desktop through the Terminal ..................................................... 12 2] Creating a MD5 hash value for “password1” and store it in a file named “md5hash.txt”. ................................................................................................................. 12 3] Creating five more hashing values using the same command............................... 12 4] Hash values of the created passwords..................................................................... 13 5] Cracking the MD5 hashes stored in the md5hash.txt file using John the Ripper tool. .................................................................................................................................. 13 6] Cracked and failed passwords. ................................................................................. 14 7] Analysis of password strengths and the time taken to crack them ........................ 15 Part “B” ................................................................................................................................ 16 1] Creating users. ........................................................................................................... 16 2] Contents of “passwd”. ................................................................................................ 18 3] Contents of “shadow”................................................................................................. 19 4] Copying the contents of “passwd” and “shadow” in to text files. ............................ 21 5] Unshadowing the contents in the text files in to “passwords.txt” file...................... 22 6] Cracking the passwords using John the Ripper tool. .............................................. 22 7] Cracked and failed passwords. ................................................................................. 23 8] Analysis of password strengths and the time taken to crack them ........................ 24 Activity 02 .............................................................................................................................. 25 Part “A” – John the Ripper Tool......................................................................................... 25 Different cracking modes in John the Ripper tool ........................................................ 25 Part “B” – Password policy and principles........................................................................ 27 Password Policy for Rythmo Art Gallery....................................................................... 27 Principles behind password policy ................................................................................ 30 Conclusion............................................................................................................................. 32 References............................................................................................................................. 33
W.A Neranjan Viduranga COL/A-069224 pg. 10 Table of figures Figure 1 - Navigating to the desktop.......................................................................................... 12 Figure 2 – Creating MD5 hash values......................................................................................... 12 Figure 3 – Creating more hash values........................................................................................ 13 Figure 4 - Hash values................................................................................................................ 13 Figure 5 - Cracking the MD5 hashes........................................................................................... 14 Figure 6 - Cracked and failed passwords.................................................................................... 14 Figure 7 - Creating users (01)..................................................................................................... 17 Figure 8 - Creating users (02)..................................................................................................... 17 Figure 9 - Contents of passwd (01) ............................................................................................ 18 Figure 10 - Contents of passwd (02) .......................................................................................... 19 Figure 11 - Contents of shadow (01).......................................................................................... 20 Figure 12 - Contents of shadow (02).......................................................................................... 21 Figure 13 - Copying passwd and shadow in to a .txt................................................................... 22 Figure 14 _ Unshadowing.......................................................................................................... 22 Figure 15 - Password cracking ................................................................................................... 23 Figure 16 - Cracked and failed passwords.................................................................................. 23 List of tables Table 1 - Analysis of password strengths ................................................................................... 15 Table 2 - User details................................................................................................................. 16 Table 3 - Analysis of password strengths ................................................................................... 24 Table 4 - Pre-defined incremental modes.................................................................................. 26 Key words Kali Linux, John the Ripper tool, Hashing, Single crack mode, Word List mode, Incremental mode, External mode, Password cracking, Password unshadowing, Password policy, Password principles
W.A Neranjan Viduranga COL/A-069224 pg. 11 Introduction This course work consists of two main parts (Activities) and four sub parts. The first activity includes,  Part “A”  Part “B” Part “A” is a practical work which consists of creating different passwords with different levels of strength and cracking them using “Single crack mode” of John the Ripper tool. The “B” part is also a practical work which works with the same single crack mode in john the ripper tool but bit more advanced than the part “A”. At the end of the both parts, learner put the analysis of password strengths with the time that they spend on cracking those passwords. The second activity is also consists of two sub parts named part “A” and “B”. Part “A” of second activity includes, a brief explanation about John the Ripper tool and its 4 password cracking modes. The “B” part includes a password policy for “Rythmo Art Gallery” created by the learner. At last, the learner discusses about major principles behind password policies and gives his conclusion about this course work and knowledge that he gained during this course work.
W.A Neranjan Viduranga COL/A-069224 pg. 12 Activity 01 Part “A” 1] Navigating to the Desktop through the Terminal cd Desktop Figure 1 - Navigating to the desktop 2] Creating a MD5 hash value for “password1” and store it in a file named “md5hash.txt”. echo -n “password1” | md5sum | tr -d “-” >> md5hash.txt Figure 2 – Creating MD5 hash values 3] Creating five more hashing values using the same command. echo -n “river” | md5sum | tr -d “-” >> md5hash.txt echo -n “bridge” | md5sum | tr -d “-” >> md5hash.txt echo -n “557” | md5sum | tr -d “-” >> md5hash.txt echo -n “neranjan123” | md5sum | tr -d “-” >> md5hash.txt echo -n “WAN@1999lanka” | md5sum | tr -d “-” >> md5hash.txt
W.A Neranjan Viduranga COL/A-069224 pg. 13 Figure 3 – Creating more hash values 4] Hash values of the created passwords. cat md5hash.txt Figure 4 - Hash values 5] Cracking the MD5 hashes stored in the md5hash.txt file using John the Ripper tool. john –format = Raw-MD5 md5hash.txt
W.A Neranjan Viduranga COL/A-069224 pg. 14 Figure 5 - Cracking the MD5 hashes 6] Cracked and failed passwords. john –show –format = Raw-MD5 md5hash.txt Figure 6 - Cracked and failed passwords
W.A Neranjan Viduranga COL/A-069224 pg. 15 7] Analysis of password strengths and the time taken to crack them Table 1 - Analysis of password strengths Password No. of characters Password Strength Time taken to crack 01 password1 9 (8 lowercase letters and 1 digit) Low (Over 8 characters but commonly used. Not unique) Under 5 minutes 02 river 5 (5 lowercase letters) Low (Fewer characters. Not unique) Under 5 minutes 03 bridge 6 (6 lowercase letters) Low (Fewer characters. Not unique) Under 5 minutes 04 557 3 (3 digits) Low (Fewer characters. Not unique) Under 7 minutes 05 neranjan123 11 (8 lowercase letters and 3 digits) Medium (Over 8 characters and has letters plus digits) Failed to crack (15 minutes time frame) 06 WAN@1999lanka 13 (3 uppercase letters, 1 symbol, 4 digits and 5 lowercase letters) Strong (Unique combination. Doesn’t related to the user name) Failed to crack (15 minutes time frame) By the time of using John the Ripper tool, there was total of six hash values (passwords) in the md5hash.txt file. John the Ripper tool took 5 minutes to crack the first 3 passwords (“river”, “bridge”, “Password1”). Then it took additional 2 minutes to crack the fourth password which was “557”. After that the learner gave additional 15 minutes to crack the last 2 passwords (“neranjan123” and “WAN@1999lanka”) but the tool was unable to crack those passwords.
W.A Neranjan Viduranga COL/A-069224 pg. 16 As the fifth password, the learner gave his first name and three numbers (neranjan123) to the system hoping that the tool (John the Ripper) will be able to crack that password due to its simplicity. But it had total of 11 characters and those higher number of character combinations may cause the tool to fail. The sixth password (WAN@1999lanka) was a unique password with thirteen harder to guess character combinations. It was created using numbers, uppercases, lowercases and symbols in order to avoid cracking. So, the tool failed to crack the last password as the learner expected. By looking at those results, the learner came to a conclusion that, passwords with common use, fewer than 8 characters and single type of characters (uppercases only, lowercases only) are easy to crack. Even though, the 4th password (557) took additional 2 minutes to crack it cannot be considered as a strong password due to its minimum use of characters. Part “B” 1] Creating users. sudo adduser user01 sudo adduser user02 sudo adduser user03 Table 2 - User details User name Password Full name Room number Work phone Home phone Other Info/ correct (Y/N) user01 user01 Default Default Default default Default Yes user02 neranjan Default Default Default Default Default Yes user03 WAN@1999lanka Default Default default Default Default Yes
W.A Neranjan Viduranga COL/A-069224 pg. 17 Figure 7 - Creating users (01) Figure 8 - Creating users (02)
W.A Neranjan Viduranga COL/A-069224 pg. 18 2] Contents of “passwd”. cat /etc /passwd Figure 9 - Contents of passwd (01)
W.A Neranjan Viduranga COL/A-069224 pg. 19 Figure 10 - Contents of passwd (02) 3] Contents of “shadow”. cat /etc /shadow
W.A Neranjan Viduranga COL/A-069224 pg. 20 Figure 11 - Contents of shadow (01)
W.A Neranjan Viduranga COL/A-069224 pg. 21 Figure 12 - Contents of shadow (02) 4] Copying the contents of “passwd” and “shadow” in to text files. cp /etc /passwd passwd.txt sudo cp /etc/shadow shadow.txt
W.A Neranjan Viduranga COL/A-069224 pg. 22 Figure 13 - Copying passwd and shadow in to a .txt 5] Unshadowing the contents in the text files in to “passwords.txt” file. sudo chmod 777 shadow.txt unshadow passwd.txt shadow.txt > passwords.txt Figure 14 _ Unshadowing In here, the learner had to use additional command, “sudo chmod 777 shadow.txt”, which is used to change the permission in order to make the shadow.txt file readable. [Thornsby, J., 2020.] 6] Cracking the passwords using John the Ripper tool. john –format = sha512crypt passwords.txt
W.A Neranjan Viduranga COL/A-069224 pg. 23 Figure 15 - Password cracking 7] Cracked and failed passwords. john –show passwords.txt Figure 16 - Cracked and failed passwords
W.A Neranjan Viduranga COL/A-069224 pg. 24 8] Analysis of password strengths and the time taken to crack them Table 3 - Analysis of password strengths User Name Password No. of characters Password Strength Time taken to crack 01 user01 user01 6 (4 lowercase letters and 2 digits) Low (Usage of user name as the password and lower characters) One minute 02 user02 neranjan 8 (all lowercase letters) Medium (Has 8 characters and slightly unique. But contains only lowercases) Failed to crack (13 minutes time frame) 03 user03 WAN@1999lanka 13 (3 uppercase letters, 1 symbol, 4 digits and 5 lowercase letters) Strong (Unique combination. Doesn’t related to the user name) Failed to crack (13 minutes time frame) By the time of using John the Ripper tool, there was total of three passwords in the passwords.txt file. John the Ripper tool took only one minute to crack the first password which was “user01”. Then the learner gave another 12 minutes to crack the other passwords but the tool (John the Ripper) was unable to do that. As the second password, the learner gave his first name (neranjan) to the system hoping that the tool (John the Ripper) will be able to crack that password due to its simplicity. But it had total of 8 characters and those higher number of character combinations may cause the tool to fail. The sixth password (WAN@1999lanka) was a unique password with thirteen harder to guess character combinations. It was created using numbers, uppercases, lowercases
W.A Neranjan Viduranga COL/A-069224 pg. 25 and symbols in order to avoid cracking. It was successful and shows some of the characteristics that should be in a strong password. Activity 02 Part “A” – John the Ripper Tool John the Ripper tool is a password cracking tool which was released to the public in 1996 for UNIX based systems. John the ripper tool is designed to test different passwords for their strength, hashed passwords (Brute – Force encrypted passwords) and to crack passwords using dictionary attacks. Mainly, there are two versions of John the ripper tools are available. General Public Licenced (GNU/GPL) and Proprietary (Pro) versions. GNU/GPL versions are designed for light users like students while professionals like, cyber security engineers and penetration testers use the Pro version with more advanced features like multilingual wordlists and 64 bit architecture support. [Sharma, A., 2020.] Different cracking modes in John the Ripper tool 1. “Single Crack” mode Single crack mode is considered as the quickest password cracking mode in john the ripper tool. This mode uses the data and information from “passwd” files such as login names, GECOS or full name fields and user’s home directory names to crack passwords by guessing the password. This mode uses the collected information only to crack passwords which are related to those information. Because of that reason, this mode is way faster than other modes when it comes to password cracking. But, to successfully crack a password using this mode, the password must be based on commonly available phrases or combinations in the username that it related to. Also, it should not be an uncommon and strong password. Otherwise it will take much longer time or fail to crack the password. E.g.- admin123 / 1234 / kasun345 [Openwall.com. 2013.] 2. “Wordlist” mode Wordlist mode is considered as the simplest password cracking mode in John the ripper tool. That’s because, in this mode, the user only have to specify a wordlist and password files. (“Wordlist” is a text file which contains single word per line)
W.A Neranjan Viduranga COL/A-069224 pg. 26 This mode uses a user specified wordlist and password files to crack passwords by applying each passwords again and again until the correct password is found. In this mode, the user can enable “word managing rules” to modify or change the combinations of words in the specified wordlist in order to make new passwords. By enabling this feature, users can get multiple likely passwords per every line in the wordlist. So, it increases the chance of cracking password by multiple times. John the ripper tool does not contain the ability to sort wordlists due to the large quantity of resources that need. So, every wordlist that is intended to use on john the ripper must be sorted beforehand. Users can sort their wordlists by more likely passwords listed first or in the alphabetical order. Alphabetical order of a wordlist allows the tool to crack passwords that are longer than the maximum supported password length for the hash type that you are cracking. [Openwall.com. 2013.] 3. “Incremental” mode Incremental mode is considered as the most powerful password cracking mode in John the ripper tool. Although, technically this mode can try all possible phrases and character combinations as likely passwords, it is assumed that the incremental password cracking will never terminate due to the large number of possible character combinations. Due to that reason, incremental mode deals with different trigraph frequencies for each and every character positions and password lengths separately, in order to crack each possible password within a limited time frame. But, users can set this mode to terminate automatically by setting low password lengths or giving it a small charset to use. John the ripper tool provides some pre-defined incremental modes like ASCII, LM_ASCII, Alnum, Alpha, LowerNum, UpperNum, LowerSpace, Lower, Upper and Digits. (Below chart shows the content of above pre-defined incremental modes) Table 4 - Pre-defined incremental modes Pre-defined incremental mode Contents of the mode ASCII All of the 95 printable ASCII characters. LM_ASCII All the ASCII characters that are used in LM hashes. Alnum All of the Alphanumeric characters.
W.A Neranjan Viduranga COL/A-069224 pg. 27 Alpha All of the 52 letters. (Uppercase and Lowercase letters) LowerNum All of the lowercase letters with 0 to 9 digits (Total of 36 characters) UpperNum All of the uppercase letters with 0 to 9 digits (Total of 36 characters) LowerSpace All of the lowercase letters with the space. (Total of 27 characters) Lower All of the lowercase letters. Upper All of the uppercase letters. Digits Digits only. Apart from using pre-defined incremental modes, users can give specific parameters like password length limits and charset to create their custom incremental mode. [Openwall.com. 2013.] 4. “External” mode External mode allows the user to write their own rules for generating password guesses. By using this mode, users can define and create their own custom password cracking mode in john the ripper tool. [Clarke, M., 2015.] Part “B” – Password policy and principles Password Policy for Rythmo Art Gallery 1.0] Overview Information security is one of the major concerns of a modern company. Passwords hold the last standing protection against unauthorized access and resource exploitation of the company. To prevent that, all the employees and suppliers of “Rythmo Art Gallery” who
W.A Neranjan Viduranga COL/A-069224 pg. 28 has the access to the system must take appropriate actions and actions as outlined below. 2.0] Purpose The main purpose of this password policy is to create and establish a well-managed, standard password policy in order to ensure the security of the system. This password policy will establish a standard to create strong passwords and frequent password changes. 3.0] Scope The scope of the password policy of “Rythmo Art Gallery” includes all of the employees, suppliers and people who have the authorized access to the company’s system, network or any kind of user account that belongs to the company. 4.0] Policy 4.1] General  All of the passwords must be changed after using for 90 days.  All of the passwords that were expired in last year cannot be reused again for next 2 years.  All of the expired passwords can be used again after 3 year time period but characters of every password must be rearranged.  Passwords or a part of a password must not be transmitted through any form of electronic communication media under any kind of circumstances.  All of the passwords must conform to the guidelines below. 4.2] Guidelines for password creation 1. A password must include minimum of 8 characters. 15 characters are recommended. 2. A password must not be same as the User ID or User name. 3. A password must not use birthdays, addresses or any kind of personal information. 4. A password must not be a dictionary word, common name or proper name. 5. A password must include uppercases, lowercases, digits and symbols. 6. A password must be changed after using for 90 days. 7. A password should not be identical to the previous passwords. 8. Ensure passwords must only be reset for authorized users.
W.A Neranjan Viduranga COL/A-069224 pg. 29 9. Do not use personal passwords as the work account passwords. 4.3] Guidelines for password protection 1. Do not use any kind of digital or electronical media to store your password without strong encryption. 2. Do not write down your password in a book, paper or any kind of a surface. 3. Do not share your password with your supervisor, co-workers or other employees. 4. Do not share your password with your family members. 5. Do not talk about your password in front of people. 6. Do not use your password in front of people (public) 7. Do not enable the “See password” option when you are logging in to the system/account. 8. Do not use “Remember password” or “Remember me” option on an application. 9. Do not reveal your password on questionnaires or security forms. 10. Do not use your password to log in to other applications that are suspicious. 11. Do not use the same password for different accounts. 12. If someone demands a password, please refer them to this document or the IT department. Security check-ups may be performed randomly by the information security officer. Users will be informed and require changing their passwords if a password is guessed or cracked during these security check-ups. 4.4] Guidelines for password deletion All of the passwords and accounts that are no longer needed must be deleted immediately. When an account no longer needed,  Employee should notify his/her superior officer.  Suppliers should notify the supply manager. After that, that supply manager or superior officer should notify IT department. The information security officer (of IT department) should delete the password and suspend the user account within the day. 4.5] Guidelines for application development To ensure the security of the system and information, application developers of the Rythmo Art Gallery must follow the guidelines in below.
W.A Neranjan Viduranga COL/A-069224 pg. 30 1. Applications should not show the passwords in clear text when logging in to the system. 2. User authentication should be done in individual basis, not the group basis. 3. Passwords should not be stored in clear text (in databases). All the stored passwords must be encrypted using a strong encryption method. 4. Some sort of role management should be provided. 4.6] Guidelines for remote access Remote access to the Rythmo Art gallery must be limited to fewer numbers of authorized employees. Remote access must be controlled by using a Virtual Private Network (VPN) / form of advanced authentication method (biometrics) or combination of both methods. 5.0] Penalties All the employees and suppliers of Rythmo Art Gallery should not violate this policy. Any employee, who violated this policy, may be subjected to disciplinary action or even termination of employment. Suppliers who violated this policy may be subjected to termination of supply contract. Principles behind password policy Above password policy (Password policy of Rythmo Art Gallery) is completely based on below principles in order to ensure the security of password as well as the system and information.  A password should be lengthy. Always, a password should have at least 8 different characters. Passwords, which consist of less than 8 characters, are easy to crack or guess using John the ripper tool or any other kind of password cracking tool. By increasing the characters and character combinations of a password, users can reduce the possibility of someone cracking their password. Even though 8 characters are safer, 15 characters are recommended in order to increase the security of a password further more.  A password should be unique and strange. Passwords should be as strange as possible to others. It should not consist of User ID, User name, nick name, birthday or your phone number. People, who are familiar with you, can easily get these data and use it to break or guess your
W.A Neranjan Viduranga COL/A-069224 pg. 31 password. Always should use unique and strange combinations without using any common phrases which are easy to guess.  A password should be complex. Always, a password should be complex enough that others cannot guess or crack it. This is the principle behind the use of uppercases, lowercases, digits and symbols as a combination. Passwords with pure numbers or letters can be easily cracked or guesses. So users should always use at least 3 of those different varieties of characters to construct their passwords. It turns the password in to a complex password while increasing the security of it.  Two passwords should not be similar. When using a digital media, internet or a computer, users required to have multiple accounts with multiple passwords. So, it’s easy to use the same password throughout different accounts and platforms. But, it is not a good practice. This principle shows that, the use of same password can compromise your security easily. If someone finds your password, he/she can get access to all of your sensitive data quite easily. But if you use different passwords for different accounts and applications, no one can steal all of your data easily.  A password should be changed regularly. This is one of the most important principles behind password policies. A good password should be changed regularly. Even though your password is strong and hard to crack, that doesn’t mean it couldn’t be cracked. Strength of a password is slowly decreasing as long as it’s used. To increase your security, passwords should be changed at least once per three months (90 days).  A system or application should not remember your password. Almost all of the modern day applications, websites and systems provide a option called “Remember me”. This option store your user name and password in order to provide speed login for their users. Most of the users are willing to use this option due to its convenience. But this practice is very dangerous. Hackers and outsiders can easily see those passwords as long as they have related viewing softwares. [Asunsoft.com. 2019.]
W.A Neranjan Viduranga COL/A-069224 pg. 32 Conclusion By doing this course work, learner has learnt to use “Kali Linux” operating system as well as “John the Ripper tool”. Also, this course work helped the learner to get a deep understanding of how password cracking works and how to construct stronger passwords in order to ensure the security of a password and information. The first part (Activity 01) of this course work encouraged the learner to do self-studies about “Kali Linux” and “John the Ripper” tool and helped to do practical work using “Single crack” mode of John the ripper tool. It showed the strength of different kinds of passwords and different combinations that can increase or compromise the security of a password. The second part (Activity 02) of this course work allowed the learner to explore the technical side of John the ripper tool. By doing research, the learner had been able to gain knowledge about different cracking modes of John the ripper tool and their uses. Also, in ths part, learner had to create a professional password policy for an organization. By doing that the learner gained the knowledge to create professional paper works and policies. Overall, learner had been able to gain new knowledge about password cracking, password construction, identify weak or strong passwords and organizational password policies. This new knowledge will be helpful for the learner in his future education and work life.
W.A Neranjan Viduranga COL/A-069224 pg. 33 References 1] Thornsby, J., 2020. Chmod 777: What Does It Really Mean? - Make Tech Easier. [online] Make Tech Easier. Available at: <https://www.maketecheasier.com/file-permissions-what-does- chmod-777-means/> [Accessed 17 December 2020]. 2] Sharma, A., 2020. John The Ripper Explained: An Essential Password Cracker For Your Hacker Toolkit. [online] CSO Online. Available at: <https://www.csoonline.com/article/3564153/john-the-ripper-explained-an-essential-password- cracker-for-your-hacker-toolkit.html> [Accessed 16 December 2020]. 3] Openwall.com. 2013. John The Ripper - Cracking Modes. [online] Available at: <https://www.openwall.com/john/doc/MODES.shtml> [Accessed 16 December 2020]. 4] Clarke, M., 2015. John The Ripper - External Mode - Recover Partially Remembered Password | Jumping Bean - We Build, We Support, We Train. [online] Jumpingbean.co.za. Available at: <https://www.jumpingbean.co.za/blogs/mark/john-the-ripper-partially-remembered- password#:~:text=External%20mode%20allows%20one%20to%20write%20rules%20for%20gene rating%20password%20guesses.> [Accessed 17 December 2020]. 5] Asunsoft.com. 2019. Ten Principles To Set A Secure Computer Password. [online] Available at: <https://www.asunsoft.com/password-management-and-protection/ten-principles-to-set-a-secure- computer-password.html> [Accessed 20 December 2020].

Recommended

Jhon the ripper
Jhon the ripper Jhon the ripper
Jhon the ripper
Merve Karabudağ
 
Keyloggers
KeyloggersKeyloggers
Keyloggersnovacharter
 
Analysing Ransomware
Analysing RansomwareAnalysing Ransomware
Analysing Ransomware
Napier University
 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptx
Anurag Srivastava
 
password cracking using John the ripper, hashcat, Cain&abel
password cracking using John the ripper, hashcat, Cain&abelpassword cracking using John the ripper, hashcat, Cain&abel
password cracking using John the ripper, hashcat, Cain&abel
Shweta Sharma
 
Bypass_AV-EDR.pdf
Bypass_AV-EDR.pdfBypass_AV-EDR.pdf
Bypass_AV-EDR.pdf
Farouk2nd
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
Ernest Staats
 
Outlook and Exchange for the bad guys
Outlook and Exchange for the bad guysOutlook and Exchange for the bad guys
Outlook and Exchange for the bad guys
Nick Landers
 

Recommended

Jhon the ripper
Jhon the ripper Jhon the ripper
Jhon the ripper
Merve Karabudağ
 
Keyloggers
KeyloggersKeyloggers
Keyloggersnovacharter
 
Analysing Ransomware
Analysing RansomwareAnalysing Ransomware
Analysing Ransomware
Napier University
 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptx
Anurag Srivastava
 
password cracking using John the ripper, hashcat, Cain&abel
password cracking using John the ripper, hashcat, Cain&abelpassword cracking using John the ripper, hashcat, Cain&abel
password cracking using John the ripper, hashcat, Cain&abel
Shweta Sharma
 
Bypass_AV-EDR.pdf
Bypass_AV-EDR.pdfBypass_AV-EDR.pdf
Bypass_AV-EDR.pdf
Farouk2nd
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
Ernest Staats
 
Outlook and Exchange for the bad guys
Outlook and Exchange for the bad guysOutlook and Exchange for the bad guys
Outlook and Exchange for the bad guys
Nick Landers
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
Sagar Verma
 
Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defense
fantaghost
 
Registry Forensics
Registry ForensicsRegistry Forensics
Registry Forensics
Somesh Sawhney
 
John the ripper & hydra password cracking tool
John the ripper & hydra password cracking toolJohn the ripper & hydra password cracking tool
John the ripper & hydra password cracking tool
Md. Raquibul Hoque
 
Malware forensic
Malware forensicMalware forensic
Malware forensic
SumeraHangi
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
Cláudio André
 
seminar report on What is ransomware
seminar report on What is ransomwareseminar report on What is ransomware
seminar report on What is ransomware
Jawhar Ali
 
Metasploit
MetasploitMetasploit
Metasploit
henelpj
 
Threat modeling web application: a case study
Threat modeling web application: a case studyThreat modeling web application: a case study
Threat modeling web application: a case study
Antonio Fontes
 
The rise of malware(ransomware)
The rise of malware(ransomware)The rise of malware(ransomware)
The rise of malware(ransomware)
phexcom1
 
Detection and prevention of keylogger spyware attacks
Detection and prevention of keylogger spyware attacksDetection and prevention of keylogger spyware attacks
Detection and prevention of keylogger spyware attacks
IAEME Publication
 
Keyloggers.ppt
Keyloggers.pptKeyloggers.ppt
Keyloggers.ppt
Chetanmalviya8
 
Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringMalware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineering
bartblaze
 
Windows Registry Forensics with Volatility Framework
Windows Registry Forensics with Volatility FrameworkWindows Registry Forensics with Volatility Framework
Windows Registry Forensics with Volatility Framework
Kapil Soni
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques أحلام انصارى
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware Analysis
Albert Hui
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
Ankit Mistry
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
GIBIN JOHN
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 
Linux forensics
Linux forensicsLinux forensics
Linux forensicsSantosh Khadsare
 
Dreamweaver cs5 help
Dreamweaver cs5 helpDreamweaver cs5 help
Dreamweaver cs5 help
Php RedStorm
 
Dreamweaver cs5 help
Dreamweaver cs5 helpDreamweaver cs5 help
Dreamweaver cs5 helpok71
 

More Related Content

What's hot

Password Cracking
Password CrackingPassword Cracking
Password Cracking
Sagar Verma
 
Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defense
fantaghost
 
Registry Forensics
Registry ForensicsRegistry Forensics
Registry Forensics
Somesh Sawhney
 
John the ripper & hydra password cracking tool
John the ripper & hydra password cracking toolJohn the ripper & hydra password cracking tool
John the ripper & hydra password cracking tool
Md. Raquibul Hoque
 
Malware forensic
Malware forensicMalware forensic
Malware forensic
SumeraHangi
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
Cláudio André
 
seminar report on What is ransomware
seminar report on What is ransomwareseminar report on What is ransomware
seminar report on What is ransomware
Jawhar Ali
 
Metasploit
MetasploitMetasploit
Metasploit
henelpj
 
Threat modeling web application: a case study
Threat modeling web application: a case studyThreat modeling web application: a case study
Threat modeling web application: a case study
Antonio Fontes
 
The rise of malware(ransomware)
The rise of malware(ransomware)The rise of malware(ransomware)
The rise of malware(ransomware)
phexcom1
 
Detection and prevention of keylogger spyware attacks
Detection and prevention of keylogger spyware attacksDetection and prevention of keylogger spyware attacks
Detection and prevention of keylogger spyware attacks
IAEME Publication
 
Keyloggers.ppt
Keyloggers.pptKeyloggers.ppt
Keyloggers.ppt
Chetanmalviya8
 
Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringMalware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineering
bartblaze
 
Windows Registry Forensics with Volatility Framework
Windows Registry Forensics with Volatility FrameworkWindows Registry Forensics with Volatility Framework
Windows Registry Forensics with Volatility Framework
Kapil Soni
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware Analysis
Albert Hui
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
Ankit Mistry
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
GIBIN JOHN
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 

What's hot (20)

Password Cracking
Password CrackingPassword Cracking
Password Cracking
 
Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defense
 
Registry Forensics
Registry ForensicsRegistry Forensics
Registry Forensics
 
John the ripper & hydra password cracking tool
John the ripper & hydra password cracking toolJohn the ripper & hydra password cracking tool
John the ripper & hydra password cracking tool
 
Malware forensic
Malware forensicMalware forensic
Malware forensic
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
 
seminar report on What is ransomware
seminar report on What is ransomwareseminar report on What is ransomware
seminar report on What is ransomware
 
Metasploit
MetasploitMetasploit
Metasploit
 
Threat modeling web application: a case study
Threat modeling web application: a case studyThreat modeling web application: a case study
Threat modeling web application: a case study
 
The rise of malware(ransomware)
The rise of malware(ransomware)The rise of malware(ransomware)
The rise of malware(ransomware)
 
Detection and prevention of keylogger spyware attacks
Detection and prevention of keylogger spyware attacksDetection and prevention of keylogger spyware attacks
Detection and prevention of keylogger spyware attacks
 
Keyloggers.ppt
Keyloggers.pptKeyloggers.ppt
Keyloggers.ppt
 
Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringMalware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineering
 
Windows Registry Forensics with Volatility Framework
Windows Registry Forensics with Volatility FrameworkWindows Registry Forensics with Volatility Framework
Windows Registry Forensics with Volatility Framework
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware Analysis
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 
Linux forensics
Linux forensicsLinux forensics
Linux forensics
 

Similar to Password Security and Use of John the Ripper Tool

Dreamweaver cs5 help
Dreamweaver cs5 helpDreamweaver cs5 help
Dreamweaver cs5 help
Php RedStorm
 
Dreamweaver cs5 help
Dreamweaver cs5 helpDreamweaver cs5 help
Dreamweaver cs5 helpok71
 
RDB Synchronization, Transcoding and LDAP Directory Services ...
RDB Synchronization, Transcoding and LDAP Directory Services ...RDB Synchronization, Transcoding and LDAP Directory Services ...
RDB Synchronization, Transcoding and LDAP Directory Services ...Videoguy
 
Web application security the fast guide
Web application security the fast guideWeb application security the fast guide
Web application security the fast guide
Dr.Sami Khiami
 
Bypass Windows Defender Attack Surface Reduction.pdf
Bypass Windows Defender Attack Surface Reduction.pdfBypass Windows Defender Attack Surface Reduction.pdf
Bypass Windows Defender Attack Surface Reduction.pdf
postfix
 
Expert oracle database architecture
Expert oracle database architectureExpert oracle database architecture
Expert oracle database architectureairy6548
 
Java Complete Reference Fifth Edition
Java Complete Reference Fifth EditionJava Complete Reference Fifth Edition
Java Complete Reference Fifth Editionumavanth
 
Investigation in deep web
Investigation in deep webInvestigation in deep web
Investigation in deep web
MichaelRodriguesdosS1
 
Java Security Overview
Java Security OverviewJava Security Overview
Java Security Overviewwhite paper
 
XAdES Specification based on the Apache XMLSec Project
XAdES Specification based on the Apache XMLSec Project XAdES Specification based on the Apache XMLSec Project
XAdES Specification based on the Apache XMLSec Project
Krassen Deltchev
 
Witsml core api_version_1.3.1
Witsml core api_version_1.3.1Witsml core api_version_1.3.1
Witsml core api_version_1.3.1Suresh Ayyappan
 
TDavis_SkynaxDataWebServicesGuide
TDavis_SkynaxDataWebServicesGuideTDavis_SkynaxDataWebServicesGuide
TDavis_SkynaxDataWebServicesGuideToni Davis
 
PeopleNet Enterprise Network Security Solution
PeopleNet Enterprise Network Security SolutionPeopleNet Enterprise Network Security Solution
PeopleNet Enterprise Network Security Solution
PeopleNet Security Technologies Co., Ltd.
 
Flash File Format Specification
Flash File Format SpecificationFlash File Format Specification
Flash File Format Specificationguest0ebe1e
 
AWS Pentesting
AWS PentestingAWS Pentesting
AWS Pentesting
MichaelRodriguesdosS1
 
Secure remote access in solaris 9
Secure remote access in solaris 9Secure remote access in solaris 9
Secure remote access in solaris 9Tintus Ardi
 

Similar to Password Security and Use of John the Ripper Tool (20)

Dreamweaver cs5 help
Dreamweaver cs5 helpDreamweaver cs5 help
Dreamweaver cs5 help
 
Dreamweaver cs5 help
Dreamweaver cs5 helpDreamweaver cs5 help
Dreamweaver cs5 help
 
RDB Synchronization, Transcoding and LDAP Directory Services ...
RDB Synchronization, Transcoding and LDAP Directory Services ...RDB Synchronization, Transcoding and LDAP Directory Services ...
RDB Synchronization, Transcoding and LDAP Directory Services ...
 
Web application security the fast guide
Web application security the fast guideWeb application security the fast guide
Web application security the fast guide
 
Bypass Windows Defender Attack Surface Reduction.pdf
Bypass Windows Defender Attack Surface Reduction.pdfBypass Windows Defender Attack Surface Reduction.pdf
Bypass Windows Defender Attack Surface Reduction.pdf
 
Expert oracle database architecture
Expert oracle database architectureExpert oracle database architecture
Expert oracle database architecture
 
Java Complete Reference Fifth Edition
Java Complete Reference Fifth EditionJava Complete Reference Fifth Edition
Java Complete Reference Fifth Edition
 
Silverlight
SilverlightSilverlight
Silverlight
 
Avg avbe user_manual_en
Avg avbe user_manual_enAvg avbe user_manual_en
Avg avbe user_manual_en
 
Investigation in deep web
Investigation in deep webInvestigation in deep web
Investigation in deep web
 
Java Security Overview
Java Security OverviewJava Security Overview
Java Security Overview
 
XAdES Specification based on the Apache XMLSec Project
XAdES Specification based on the Apache XMLSec Project XAdES Specification based on the Apache XMLSec Project
XAdES Specification based on the Apache XMLSec Project
 
Witsml core api_version_1.3.1
Witsml core api_version_1.3.1Witsml core api_version_1.3.1
Witsml core api_version_1.3.1
 
TDavis_SkynaxDataWebServicesGuide
TDavis_SkynaxDataWebServicesGuideTDavis_SkynaxDataWebServicesGuide
TDavis_SkynaxDataWebServicesGuide
 
PeopleNet Enterprise Network Security Solution
PeopleNet Enterprise Network Security SolutionPeopleNet Enterprise Network Security Solution
PeopleNet Enterprise Network Security Solution
 
Ebay News 1998 10 27 Earnings
Ebay News 1998 10 27 EarningsEbay News 1998 10 27 Earnings
Ebay News 1998 10 27 Earnings
 
Flash File Format Specification
Flash File Format SpecificationFlash File Format Specification
Flash File Format Specification
 
AWS Pentesting
AWS PentestingAWS Pentesting
AWS Pentesting
 
Secure remote access in solaris 9
Secure remote access in solaris 9Secure remote access in solaris 9
Secure remote access in solaris 9
 
B12303
B12303B12303
B12303
 

Recently uploaded

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 

Recently uploaded (20)

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 

Password Security and Use of John the Ripper Tool

  • 1. W.A Neranjan Viduranga COL/A-069224 pg. 7 Password Security and Use of John the Ripper Tool Course Work Report – Cyber Security W.A Neranjan Viduranga Kingston University
  • 2. W.A Neranjan Viduranga COL/A-069224 pg. 8 Abstract Information security is one of the main concerns in modern society. Even though we have much more advanced methods to secure our data, good old passwords are the final security measurement standing between our information and the outside world. So, the security of passwords is very important for the overall security of a system, network or application. In this course work, the learner discusses about John the ripper tool and its 4 different password cracking modes. Using Kali Linux operating system and John the ripper tool, learner demonstrates the Single crack mode by creating different passwords in different strength levels and cracking them. By analysing the time which is taken to crack those passwords, learner is looking forward to gain knowledge about strong and weak passwords along with their characteristics. At last, learner discusses about major principles behind password policies in order to learn about good password construction and password management. By using that knowledge, learner creates an organizational password policy for “Rythmo Art Gallery”.
  • 3. W.A Neranjan Viduranga COL/A-069224 pg. 9 Table of Contents Introduction ........................................................................................................................... 11 Activity 01 .............................................................................................................................. 12 Part “A” ................................................................................................................................ 12 1] Navigating to the Desktop through the Terminal ..................................................... 12 2] Creating a MD5 hash value for “password1” and store it in a file named “md5hash.txt”. ................................................................................................................. 12 3] Creating five more hashing values using the same command............................... 12 4] Hash values of the created passwords..................................................................... 13 5] Cracking the MD5 hashes stored in the md5hash.txt file using John the Ripper tool. .................................................................................................................................. 13 6] Cracked and failed passwords. ................................................................................. 14 7] Analysis of password strengths and the time taken to crack them ........................ 15 Part “B” ................................................................................................................................ 16 1] Creating users. ........................................................................................................... 16 2] Contents of “passwd”. ................................................................................................ 18 3] Contents of “shadow”................................................................................................. 19 4] Copying the contents of “passwd” and “shadow” in to text files. ............................ 21 5] Unshadowing the contents in the text files in to “passwords.txt” file...................... 22 6] Cracking the passwords using John the Ripper tool. .............................................. 22 7] Cracked and failed passwords. ................................................................................. 23 8] Analysis of password strengths and the time taken to crack them ........................ 24 Activity 02 .............................................................................................................................. 25 Part “A” – John the Ripper Tool......................................................................................... 25 Different cracking modes in John the Ripper tool ........................................................ 25 Part “B” – Password policy and principles........................................................................ 27 Password Policy for Rythmo Art Gallery....................................................................... 27 Principles behind password policy ................................................................................ 30 Conclusion............................................................................................................................. 32 References............................................................................................................................. 33
  • 4. W.A Neranjan Viduranga COL/A-069224 pg. 10 Table of figures Figure 1 - Navigating to the desktop.......................................................................................... 12 Figure 2 – Creating MD5 hash values......................................................................................... 12 Figure 3 – Creating more hash values........................................................................................ 13 Figure 4 - Hash values................................................................................................................ 13 Figure 5 - Cracking the MD5 hashes........................................................................................... 14 Figure 6 - Cracked and failed passwords.................................................................................... 14 Figure 7 - Creating users (01)..................................................................................................... 17 Figure 8 - Creating users (02)..................................................................................................... 17 Figure 9 - Contents of passwd (01) ............................................................................................ 18 Figure 10 - Contents of passwd (02) .......................................................................................... 19 Figure 11 - Contents of shadow (01).......................................................................................... 20 Figure 12 - Contents of shadow (02).......................................................................................... 21 Figure 13 - Copying passwd and shadow in to a .txt................................................................... 22 Figure 14 _ Unshadowing.......................................................................................................... 22 Figure 15 - Password cracking ................................................................................................... 23 Figure 16 - Cracked and failed passwords.................................................................................. 23 List of tables Table 1 - Analysis of password strengths ................................................................................... 15 Table 2 - User details................................................................................................................. 16 Table 3 - Analysis of password strengths ................................................................................... 24 Table 4 - Pre-defined incremental modes.................................................................................. 26 Key words Kali Linux, John the Ripper tool, Hashing, Single crack mode, Word List mode, Incremental mode, External mode, Password cracking, Password unshadowing, Password policy, Password principles
  • 5. W.A Neranjan Viduranga COL/A-069224 pg. 11 Introduction This course work consists of two main parts (Activities) and four sub parts. The first activity includes,  Part “A”  Part “B” Part “A” is a practical work which consists of creating different passwords with different levels of strength and cracking them using “Single crack mode” of John the Ripper tool. The “B” part is also a practical work which works with the same single crack mode in john the ripper tool but bit more advanced than the part “A”. At the end of the both parts, learner put the analysis of password strengths with the time that they spend on cracking those passwords. The second activity is also consists of two sub parts named part “A” and “B”. Part “A” of second activity includes, a brief explanation about John the Ripper tool and its 4 password cracking modes. The “B” part includes a password policy for “Rythmo Art Gallery” created by the learner. At last, the learner discusses about major principles behind password policies and gives his conclusion about this course work and knowledge that he gained during this course work.
  • 6. W.A Neranjan Viduranga COL/A-069224 pg. 12 Activity 01 Part “A” 1] Navigating to the Desktop through the Terminal cd Desktop Figure 1 - Navigating to the desktop 2] Creating a MD5 hash value for “password1” and store it in a file named “md5hash.txt”. echo -n “password1” | md5sum | tr -d “-” >> md5hash.txt Figure 2 – Creating MD5 hash values 3] Creating five more hashing values using the same command. echo -n “river” | md5sum | tr -d “-” >> md5hash.txt echo -n “bridge” | md5sum | tr -d “-” >> md5hash.txt echo -n “557” | md5sum | tr -d “-” >> md5hash.txt echo -n “neranjan123” | md5sum | tr -d “-” >> md5hash.txt echo -n “WAN@1999lanka” | md5sum | tr -d “-” >> md5hash.txt
  • 7. W.A Neranjan Viduranga COL/A-069224 pg. 13 Figure 3 – Creating more hash values 4] Hash values of the created passwords. cat md5hash.txt Figure 4 - Hash values 5] Cracking the MD5 hashes stored in the md5hash.txt file using John the Ripper tool. john –format = Raw-MD5 md5hash.txt
  • 8. W.A Neranjan Viduranga COL/A-069224 pg. 14 Figure 5 - Cracking the MD5 hashes 6] Cracked and failed passwords. john –show –format = Raw-MD5 md5hash.txt Figure 6 - Cracked and failed passwords
  • 9. W.A Neranjan Viduranga COL/A-069224 pg. 15 7] Analysis of password strengths and the time taken to crack them Table 1 - Analysis of password strengths Password No. of characters Password Strength Time taken to crack 01 password1 9 (8 lowercase letters and 1 digit) Low (Over 8 characters but commonly used. Not unique) Under 5 minutes 02 river 5 (5 lowercase letters) Low (Fewer characters. Not unique) Under 5 minutes 03 bridge 6 (6 lowercase letters) Low (Fewer characters. Not unique) Under 5 minutes 04 557 3 (3 digits) Low (Fewer characters. Not unique) Under 7 minutes 05 neranjan123 11 (8 lowercase letters and 3 digits) Medium (Over 8 characters and has letters plus digits) Failed to crack (15 minutes time frame) 06 WAN@1999lanka 13 (3 uppercase letters, 1 symbol, 4 digits and 5 lowercase letters) Strong (Unique combination. Doesn’t related to the user name) Failed to crack (15 minutes time frame) By the time of using John the Ripper tool, there was total of six hash values (passwords) in the md5hash.txt file. John the Ripper tool took 5 minutes to crack the first 3 passwords (“river”, “bridge”, “Password1”). Then it took additional 2 minutes to crack the fourth password which was “557”. After that the learner gave additional 15 minutes to crack the last 2 passwords (“neranjan123” and “WAN@1999lanka”) but the tool was unable to crack those passwords.
  • 10. W.A Neranjan Viduranga COL/A-069224 pg. 16 As the fifth password, the learner gave his first name and three numbers (neranjan123) to the system hoping that the tool (John the Ripper) will be able to crack that password due to its simplicity. But it had total of 11 characters and those higher number of character combinations may cause the tool to fail. The sixth password (WAN@1999lanka) was a unique password with thirteen harder to guess character combinations. It was created using numbers, uppercases, lowercases and symbols in order to avoid cracking. So, the tool failed to crack the last password as the learner expected. By looking at those results, the learner came to a conclusion that, passwords with common use, fewer than 8 characters and single type of characters (uppercases only, lowercases only) are easy to crack. Even though, the 4th password (557) took additional 2 minutes to crack it cannot be considered as a strong password due to its minimum use of characters. Part “B” 1] Creating users. sudo adduser user01 sudo adduser user02 sudo adduser user03 Table 2 - User details User name Password Full name Room number Work phone Home phone Other Info/ correct (Y/N) user01 user01 Default Default Default default Default Yes user02 neranjan Default Default Default Default Default Yes user03 WAN@1999lanka Default Default default Default Default Yes
  • 11. W.A Neranjan Viduranga COL/A-069224 pg. 17 Figure 7 - Creating users (01) Figure 8 - Creating users (02)
  • 12. W.A Neranjan Viduranga COL/A-069224 pg. 18 2] Contents of “passwd”. cat /etc /passwd Figure 9 - Contents of passwd (01)
  • 13. W.A Neranjan Viduranga COL/A-069224 pg. 19 Figure 10 - Contents of passwd (02) 3] Contents of “shadow”. cat /etc /shadow
  • 14. W.A Neranjan Viduranga COL/A-069224 pg. 20 Figure 11 - Contents of shadow (01)
  • 15. W.A Neranjan Viduranga COL/A-069224 pg. 21 Figure 12 - Contents of shadow (02) 4] Copying the contents of “passwd” and “shadow” in to text files. cp /etc /passwd passwd.txt sudo cp /etc/shadow shadow.txt
  • 16. W.A Neranjan Viduranga COL/A-069224 pg. 22 Figure 13 - Copying passwd and shadow in to a .txt 5] Unshadowing the contents in the text files in to “passwords.txt” file. sudo chmod 777 shadow.txt unshadow passwd.txt shadow.txt > passwords.txt Figure 14 _ Unshadowing In here, the learner had to use additional command, “sudo chmod 777 shadow.txt”, which is used to change the permission in order to make the shadow.txt file readable. [Thornsby, J., 2020.] 6] Cracking the passwords using John the Ripper tool. john –format = sha512crypt passwords.txt
  • 17. W.A Neranjan Viduranga COL/A-069224 pg. 23 Figure 15 - Password cracking 7] Cracked and failed passwords. john –show passwords.txt Figure 16 - Cracked and failed passwords
  • 18. W.A Neranjan Viduranga COL/A-069224 pg. 24 8] Analysis of password strengths and the time taken to crack them Table 3 - Analysis of password strengths User Name Password No. of characters Password Strength Time taken to crack 01 user01 user01 6 (4 lowercase letters and 2 digits) Low (Usage of user name as the password and lower characters) One minute 02 user02 neranjan 8 (all lowercase letters) Medium (Has 8 characters and slightly unique. But contains only lowercases) Failed to crack (13 minutes time frame) 03 user03 WAN@1999lanka 13 (3 uppercase letters, 1 symbol, 4 digits and 5 lowercase letters) Strong (Unique combination. Doesn’t related to the user name) Failed to crack (13 minutes time frame) By the time of using John the Ripper tool, there was total of three passwords in the passwords.txt file. John the Ripper tool took only one minute to crack the first password which was “user01”. Then the learner gave another 12 minutes to crack the other passwords but the tool (John the Ripper) was unable to do that. As the second password, the learner gave his first name (neranjan) to the system hoping that the tool (John the Ripper) will be able to crack that password due to its simplicity. But it had total of 8 characters and those higher number of character combinations may cause the tool to fail. The sixth password (WAN@1999lanka) was a unique password with thirteen harder to guess character combinations. It was created using numbers, uppercases, lowercases
  • 19. W.A Neranjan Viduranga COL/A-069224 pg. 25 and symbols in order to avoid cracking. It was successful and shows some of the characteristics that should be in a strong password. Activity 02 Part “A” – John the Ripper Tool John the Ripper tool is a password cracking tool which was released to the public in 1996 for UNIX based systems. John the ripper tool is designed to test different passwords for their strength, hashed passwords (Brute – Force encrypted passwords) and to crack passwords using dictionary attacks. Mainly, there are two versions of John the ripper tools are available. General Public Licenced (GNU/GPL) and Proprietary (Pro) versions. GNU/GPL versions are designed for light users like students while professionals like, cyber security engineers and penetration testers use the Pro version with more advanced features like multilingual wordlists and 64 bit architecture support. [Sharma, A., 2020.] Different cracking modes in John the Ripper tool 1. “Single Crack” mode Single crack mode is considered as the quickest password cracking mode in john the ripper tool. This mode uses the data and information from “passwd” files such as login names, GECOS or full name fields and user’s home directory names to crack passwords by guessing the password. This mode uses the collected information only to crack passwords which are related to those information. Because of that reason, this mode is way faster than other modes when it comes to password cracking. But, to successfully crack a password using this mode, the password must be based on commonly available phrases or combinations in the username that it related to. Also, it should not be an uncommon and strong password. Otherwise it will take much longer time or fail to crack the password. E.g.- admin123 / 1234 / kasun345 [Openwall.com. 2013.] 2. “Wordlist” mode Wordlist mode is considered as the simplest password cracking mode in John the ripper tool. That’s because, in this mode, the user only have to specify a wordlist and password files. (“Wordlist” is a text file which contains single word per line)
  • 20. W.A Neranjan Viduranga COL/A-069224 pg. 26 This mode uses a user specified wordlist and password files to crack passwords by applying each passwords again and again until the correct password is found. In this mode, the user can enable “word managing rules” to modify or change the combinations of words in the specified wordlist in order to make new passwords. By enabling this feature, users can get multiple likely passwords per every line in the wordlist. So, it increases the chance of cracking password by multiple times. John the ripper tool does not contain the ability to sort wordlists due to the large quantity of resources that need. So, every wordlist that is intended to use on john the ripper must be sorted beforehand. Users can sort their wordlists by more likely passwords listed first or in the alphabetical order. Alphabetical order of a wordlist allows the tool to crack passwords that are longer than the maximum supported password length for the hash type that you are cracking. [Openwall.com. 2013.] 3. “Incremental” mode Incremental mode is considered as the most powerful password cracking mode in John the ripper tool. Although, technically this mode can try all possible phrases and character combinations as likely passwords, it is assumed that the incremental password cracking will never terminate due to the large number of possible character combinations. Due to that reason, incremental mode deals with different trigraph frequencies for each and every character positions and password lengths separately, in order to crack each possible password within a limited time frame. But, users can set this mode to terminate automatically by setting low password lengths or giving it a small charset to use. John the ripper tool provides some pre-defined incremental modes like ASCII, LM_ASCII, Alnum, Alpha, LowerNum, UpperNum, LowerSpace, Lower, Upper and Digits. (Below chart shows the content of above pre-defined incremental modes) Table 4 - Pre-defined incremental modes Pre-defined incremental mode Contents of the mode ASCII All of the 95 printable ASCII characters. LM_ASCII All the ASCII characters that are used in LM hashes. Alnum All of the Alphanumeric characters.
  • 21. W.A Neranjan Viduranga COL/A-069224 pg. 27 Alpha All of the 52 letters. (Uppercase and Lowercase letters) LowerNum All of the lowercase letters with 0 to 9 digits (Total of 36 characters) UpperNum All of the uppercase letters with 0 to 9 digits (Total of 36 characters) LowerSpace All of the lowercase letters with the space. (Total of 27 characters) Lower All of the lowercase letters. Upper All of the uppercase letters. Digits Digits only. Apart from using pre-defined incremental modes, users can give specific parameters like password length limits and charset to create their custom incremental mode. [Openwall.com. 2013.] 4. “External” mode External mode allows the user to write their own rules for generating password guesses. By using this mode, users can define and create their own custom password cracking mode in john the ripper tool. [Clarke, M., 2015.] Part “B” – Password policy and principles Password Policy for Rythmo Art Gallery 1.0] Overview Information security is one of the major concerns of a modern company. Passwords hold the last standing protection against unauthorized access and resource exploitation of the company. To prevent that, all the employees and suppliers of “Rythmo Art Gallery” who
  • 22. W.A Neranjan Viduranga COL/A-069224 pg. 28 has the access to the system must take appropriate actions and actions as outlined below. 2.0] Purpose The main purpose of this password policy is to create and establish a well-managed, standard password policy in order to ensure the security of the system. This password policy will establish a standard to create strong passwords and frequent password changes. 3.0] Scope The scope of the password policy of “Rythmo Art Gallery” includes all of the employees, suppliers and people who have the authorized access to the company’s system, network or any kind of user account that belongs to the company. 4.0] Policy 4.1] General  All of the passwords must be changed after using for 90 days.  All of the passwords that were expired in last year cannot be reused again for next 2 years.  All of the expired passwords can be used again after 3 year time period but characters of every password must be rearranged.  Passwords or a part of a password must not be transmitted through any form of electronic communication media under any kind of circumstances.  All of the passwords must conform to the guidelines below. 4.2] Guidelines for password creation 1. A password must include minimum of 8 characters. 15 characters are recommended. 2. A password must not be same as the User ID or User name. 3. A password must not use birthdays, addresses or any kind of personal information. 4. A password must not be a dictionary word, common name or proper name. 5. A password must include uppercases, lowercases, digits and symbols. 6. A password must be changed after using for 90 days. 7. A password should not be identical to the previous passwords. 8. Ensure passwords must only be reset for authorized users.
  • 23. W.A Neranjan Viduranga COL/A-069224 pg. 29 9. Do not use personal passwords as the work account passwords. 4.3] Guidelines for password protection 1. Do not use any kind of digital or electronical media to store your password without strong encryption. 2. Do not write down your password in a book, paper or any kind of a surface. 3. Do not share your password with your supervisor, co-workers or other employees. 4. Do not share your password with your family members. 5. Do not talk about your password in front of people. 6. Do not use your password in front of people (public) 7. Do not enable the “See password” option when you are logging in to the system/account. 8. Do not use “Remember password” or “Remember me” option on an application. 9. Do not reveal your password on questionnaires or security forms. 10. Do not use your password to log in to other applications that are suspicious. 11. Do not use the same password for different accounts. 12. If someone demands a password, please refer them to this document or the IT department. Security check-ups may be performed randomly by the information security officer. Users will be informed and require changing their passwords if a password is guessed or cracked during these security check-ups. 4.4] Guidelines for password deletion All of the passwords and accounts that are no longer needed must be deleted immediately. When an account no longer needed,  Employee should notify his/her superior officer.  Suppliers should notify the supply manager. After that, that supply manager or superior officer should notify IT department. The information security officer (of IT department) should delete the password and suspend the user account within the day. 4.5] Guidelines for application development To ensure the security of the system and information, application developers of the Rythmo Art Gallery must follow the guidelines in below.
  • 24. W.A Neranjan Viduranga COL/A-069224 pg. 30 1. Applications should not show the passwords in clear text when logging in to the system. 2. User authentication should be done in individual basis, not the group basis. 3. Passwords should not be stored in clear text (in databases). All the stored passwords must be encrypted using a strong encryption method. 4. Some sort of role management should be provided. 4.6] Guidelines for remote access Remote access to the Rythmo Art gallery must be limited to fewer numbers of authorized employees. Remote access must be controlled by using a Virtual Private Network (VPN) / form of advanced authentication method (biometrics) or combination of both methods. 5.0] Penalties All the employees and suppliers of Rythmo Art Gallery should not violate this policy. Any employee, who violated this policy, may be subjected to disciplinary action or even termination of employment. Suppliers who violated this policy may be subjected to termination of supply contract. Principles behind password policy Above password policy (Password policy of Rythmo Art Gallery) is completely based on below principles in order to ensure the security of password as well as the system and information.  A password should be lengthy. Always, a password should have at least 8 different characters. Passwords, which consist of less than 8 characters, are easy to crack or guess using John the ripper tool or any other kind of password cracking tool. By increasing the characters and character combinations of a password, users can reduce the possibility of someone cracking their password. Even though 8 characters are safer, 15 characters are recommended in order to increase the security of a password further more.  A password should be unique and strange. Passwords should be as strange as possible to others. It should not consist of User ID, User name, nick name, birthday or your phone number. People, who are familiar with you, can easily get these data and use it to break or guess your
  • 25. W.A Neranjan Viduranga COL/A-069224 pg. 31 password. Always should use unique and strange combinations without using any common phrases which are easy to guess.  A password should be complex. Always, a password should be complex enough that others cannot guess or crack it. This is the principle behind the use of uppercases, lowercases, digits and symbols as a combination. Passwords with pure numbers or letters can be easily cracked or guesses. So users should always use at least 3 of those different varieties of characters to construct their passwords. It turns the password in to a complex password while increasing the security of it.  Two passwords should not be similar. When using a digital media, internet or a computer, users required to have multiple accounts with multiple passwords. So, it’s easy to use the same password throughout different accounts and platforms. But, it is not a good practice. This principle shows that, the use of same password can compromise your security easily. If someone finds your password, he/she can get access to all of your sensitive data quite easily. But if you use different passwords for different accounts and applications, no one can steal all of your data easily.  A password should be changed regularly. This is one of the most important principles behind password policies. A good password should be changed regularly. Even though your password is strong and hard to crack, that doesn’t mean it couldn’t be cracked. Strength of a password is slowly decreasing as long as it’s used. To increase your security, passwords should be changed at least once per three months (90 days).  A system or application should not remember your password. Almost all of the modern day applications, websites and systems provide a option called “Remember me”. This option store your user name and password in order to provide speed login for their users. Most of the users are willing to use this option due to its convenience. But this practice is very dangerous. Hackers and outsiders can easily see those passwords as long as they have related viewing softwares. [Asunsoft.com. 2019.]
  • 26. W.A Neranjan Viduranga COL/A-069224 pg. 32 Conclusion By doing this course work, learner has learnt to use “Kali Linux” operating system as well as “John the Ripper tool”. Also, this course work helped the learner to get a deep understanding of how password cracking works and how to construct stronger passwords in order to ensure the security of a password and information. The first part (Activity 01) of this course work encouraged the learner to do self-studies about “Kali Linux” and “John the Ripper” tool and helped to do practical work using “Single crack” mode of John the ripper tool. It showed the strength of different kinds of passwords and different combinations that can increase or compromise the security of a password. The second part (Activity 02) of this course work allowed the learner to explore the technical side of John the ripper tool. By doing research, the learner had been able to gain knowledge about different cracking modes of John the ripper tool and their uses. Also, in ths part, learner had to create a professional password policy for an organization. By doing that the learner gained the knowledge to create professional paper works and policies. Overall, learner had been able to gain new knowledge about password cracking, password construction, identify weak or strong passwords and organizational password policies. This new knowledge will be helpful for the learner in his future education and work life.
  • 27. W.A Neranjan Viduranga COL/A-069224 pg. 33 References 1] Thornsby, J., 2020. Chmod 777: What Does It Really Mean? - Make Tech Easier. [online] Make Tech Easier. Available at: <https://www.maketecheasier.com/file-permissions-what-does- chmod-777-means/> [Accessed 17 December 2020]. 2] Sharma, A., 2020. John The Ripper Explained: An Essential Password Cracker For Your Hacker Toolkit. [online] CSO Online. Available at: <https://www.csoonline.com/article/3564153/john-the-ripper-explained-an-essential-password- cracker-for-your-hacker-toolkit.html> [Accessed 16 December 2020]. 3] Openwall.com. 2013. John The Ripper - Cracking Modes. [online] Available at: <https://www.openwall.com/john/doc/MODES.shtml> [Accessed 16 December 2020]. 4] Clarke, M., 2015. John The Ripper - External Mode - Recover Partially Remembered Password | Jumping Bean - We Build, We Support, We Train. [online] Jumpingbean.co.za. Available at: <https://www.jumpingbean.co.za/blogs/mark/john-the-ripper-partially-remembered- password#:~:text=External%20mode%20allows%20one%20to%20write%20rules%20for%20gene rating%20password%20guesses.> [Accessed 17 December 2020]. 5] Asunsoft.com. 2019. Ten Principles To Set A Secure Computer Password. [online] Available at: <https://www.asunsoft.com/password-management-and-protection/ten-principles-to-set-a-secure- computer-password.html> [Accessed 20 December 2020].