Scribd
Upload
24 views5 pages

Experminent 6

The document outlines an experiment aimed at evaluating the effectiveness of John The Ripper for cracking passwords in RAR/ZIP archives and Linux systems. It discusses the theory behind password cracking techniques, the advantages of using John The Ripper, and the procedure for conducting the experiment. The goal is to enhance security awareness, identify weaknesses in password protection, and improve incident response strategies in cybersecurity.

Uploaded by

Varad Kulkarni
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
24 views5 pages

Experminent 6

The document outlines an experiment aimed at evaluating the effectiveness of John The Ripper for cracking passwords in RAR/ZIP archives and Linux systems. It discusses the theory behind password cracking techniques, the advantages of using John The Ripper, and the procedure for conducting the experiment. The goal is to enhance security awareness, identify weaknesses in password protection, and improve incident response strategies in cybersecurity.

Uploaded by

Varad Kulkarni
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

SEMESTER-II (24-25)

CLASS: SUBJECT: Cyber Forensic Engineering

Name of the student: DATE:

EXPERIMENT NO. 6

" Exploring Password Cracking Techniques with John The Ripper Linux Passwords"

AIM: The aim of this experiment is to assess the effectiveness of John The Ripper in
cracking passwords for RAR/ZIP archives and Linux systems. By employing this wide
password-cracking tool, we aim to gauge its efficiency and reliability in breaking into
encrypted files and user accounts. Through systematic testing, we seek to understand the
strengths and limitations of John The Ripper in different password-cracking scenarios,
including varying levels of complexity and encryption methods.

Objective: this experiment is to evaluate the effectiveness of John The Ripper in cracking
passwords for RAR/ZIP archives and Linux systems. By employing John The Ripper, we aim
to analyze the speed and accuracy of password cracking for both file formats, shedding light
on their susceptibility to brute-force attacks. Through systematic testing, we seek to identify
common patterns and weaknesses in password protection, thereby informing strategies for
enhancing security measures.

Theory: Password cracking is a crucial aspect of cybersecurity, aimed at uncovering


vulnerabilities in cryptographic protection mechanisms. One of the most widely used tools
for this purpose is John the Ripper, renowned for its effectiveness in deciphering passwords
encrypted with various algorithms. This experiment focuses on the application of John the
Ripper to crack passwords specifically within RAR/ZIP archives and Linux systems.

RAR and ZIP files are commonly employed to compress and encrypt sensitive data, making
them prevalent targets for attackers seeking unauthorized access. Understanding the
vulnerabilities within these archives is paramount for security professionals to reinforce their
defenses effectively. Similarly, Linux systems, being prevalent in both personal and
enterprise environments, are often targeted by malicious actors. By investigating the
password cracking techniques applicable to Linux, this experiment delves into the security
implications for a widely-used operating system.

The theory behind password cracking with John the Ripper revolves around its utilization of
various methods such as dictionary attacks, brute force attacks, and hybrid attacks. Dictionary
attacks involve systematically trying a list of commonly used passwords or words found in
dictionaries. Brute force attacks, on the other hand, exhaustively try every possible
combination of characters until the correct password is found. Hybrid attacks combine
elements of both dictionary and brute force techniques, leveraging known patterns and
common variations of words.

Moreover, the success of password cracking depends on factors such as password length,
complexity, and the computational resources available. Understanding these factors aids in
devising robust password policies and implementing effective security measures to mitigate
the risks associated with password vulnerabilities.

1
Advantages of John The Ripper Tool:
Wireshark boasts numerous advantages that make it a go-to tool for network analysis and
troubleshooting:

1. Enhanced Security Awareness: Conducting password cracking experiments with


John the Ripper on RAR/ZIP and Linux passwords enhances security awareness
among cybersecurity professionals. By actively engaging in the process of cracking
passwords, security practitioners gain insights into common vulnerabilities and can
better understand the potential threats faced by their systems.

2. Identifying Weaknesses: The experimentation process helps in identifying


weaknesses in password protection mechanisms employed in RAR/ZIP archives and
Linux systems. By uncovering these weaknesses, organizations can take proactive
measures to strengthen their security posture, such as implementing stronger
password policies or utilizing additional layers of authentication.

3. Testing Defense Mechanisms: Password cracking experiments with John the Ripper
serve as a valuable tool for testing the effectiveness of existing defense mechanisms.
By simulating real-world attack scenarios, security professionals can assess how well
their systems withstand password-cracking attempts and identify any gaps that need to
be addressed.

4. Educational Purposes: These experiments provide valuable educational


opportunities for cybersecurity students and professionals. By engaging in hands-on
exercises with password cracking tools like John the Ripper, individuals can deepen
their understanding of cryptographic principles, password security best practices, and
the importance of robust authentication mechanisms.

5. Improving Incident Response: Understanding how passwords can be cracked using


tools like John the Ripper enables organizations to better prepare for and respond to
security incidents. By anticipating potential attack vectors, security teams can develop
more effective incident response plans and mitigation strategies to minimize the
impact of breaches.

6. Compliance and Regulation Adherence: By actively testing password security


measures, organizations can ensure compliance with industry regulations and
standards that mandate strong authentication practices. Conducting password cracking
experiments helps demonstrate due diligence in protecting sensitive data and
mitigating security risks.

2
Procedure:
1. Gather Password Hashes:
 Obtain the password hashes that you intend to crack. These hashes can be extracted
from various sources such as RAR/ZIP archives or Linux system files containing
password hashes (e.g., /etc/shadow).

2. Format Conversion

 If the password hashes are stored in a format that John the Ripper does not recognize,
convert them to a compatible format using tools like rar2john or zip2john for
RAR/ZIP archives, and unshadow for Linux password files.

3
3. Run John the Ripper:

 Launch John the Ripper with the appropriate command-line options and arguments.
Specify the path to the password hashes file and the wordlist to be used for the
cracking attempt. For example:
john --format=format_type hash_file

4. How to crack hash files using John the Ripper:


 Create the MD5 hash file using https://www.md5hashgenerator.com/ this website
 Create or Download wordlist
 Run the terminal and follow the following steps

Step 1

4
Step 2: Enter this command

Reference:
https://greenorangge1.medium.com/john-the-ripper-f157699593d5
Refer to this website for more information about John the Ripper

Conclusion:

You might also like