Overview

Introduction

Welcome to the Performing Offline Attacks Practice Lab. In this module you will be provided with the instructions and devices needed to develop your hands-on skills.

Learning Outcomes

In this module, you will complete the following exercises:

  • Extracting Hashes from a System
  • Cracking Extracted Hashes
  • Cracking Passwords

After completing this lab, you will be able to:

  • Use Pwdump Tool to Extract a Hash
  • Use a Wordlist to Crack the Extracted Hash
  • Use a Password Cracking Tool to Crack the Password

Exam Objectives

The following exam objectives are covered in this lab:

  • CAS-003 2.2 Analyze a scenario to integrate security controls for host devices to meet security requirements.

Lab Duration

It will take approximately 1 hour to complete this lab.

Exercise 1 - Extracting Hashes from a System

Attackers use various offline attack techniques to hack the target systems. Offline password attack is one of the categories in offline attacks. In this type of attack, the attacker tries to extract the password hashes from database files such as the Security Accounts Manager (SAM) in the Windows operating system. SAM is a database file in Windows operating system where the local user credentials are stored in encrypted format.

In this exercise, you will learn to extract the encrypted hashes that are present in the SAM file. You will use the pwdump tool to perform the extraction.

Learning Outcomes

After completing this exercise, you will be able to:

  • Use Pwdump Tool to Extract a Hash

Exercise 2 - Cracking Extracted Hashes

To crack the extracted hashes, you will require a wordlist. A wordlist is basically a text file that contains a collection of words and is generally used in a dictionary attack.

In this exercise, you will learn to crack the hashes that were extracted in the previous exercise. You will use the default wordlist “rockyou.txt” that comes with Kali Linux. The “rockyou.txt” wordlist comes compressed by default with most popular passwords.

Learning Outcomes

After completing this exercise, you will be able to:

  • Use a Wordlist to Crack the Extracted Hash

Exercise 3 - Cracking Passwords

There are various tools available to crack passwords. The tool “John the Ripper” is one of the password-cracking tools used to crack passwords.

In this exercise, you will learn to crack the password of Student2 user account.

Learning Outcomes

After completing this exercise, you will be able to:

  • Use a Password Cracking Tool to Crack the Password

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.