You can use the echo command piped to md5sum to give you the md5 version of whatever string you like, such as creating an md5 of the string "mycode" by doing:

echo -n mycode | md5sum | cut -f1 -d" "

What is the md5 encoding of the string "password"?

How is the md5 encoded, and how many bits does this represent?

Create a file called hex.py in /root with the following EXACT contents.

Make the file executable.

This command, ./hex.py, takes 1 parameter. This is a hex encoded md5 password. Try running ./hex.py with the md5 hex from the question above where you calculated the md5 of "password".

How many tries did it take to crack the code?

Extend the search to try the dictionary words in hex.py but with the numbers 0-9 appended to them. So edit hex.py, and replace all lines after "count=1" with: line add:

Now try and break db0edd04aaac4506f7edab03ac855d56.

How many tries did it take to crack the code?

Extend the search to try the dictionary words in hex.py but with the numbers 0-999 appended to them. So edit hex.py, and change

Now try and break 3bf6cea68a85bf6104092fbbcdf9aea3

What is the password?

How many tries did it take to crack the code?

Assuming that you had a small dictionary of 20 words, and looked at the permutations of the password being any one of those words, either as it is or with numbers ranging from 0 to 9999, then consider the implications of this.

How many permutations would that be?

Consider the following:

A - extra complexity, permutations, case, dictionaries will not slow it down much.

B - huge ever expanding dictionaries and permutations do not scale.

C - All this needs is more memory to make it better.

D - Doubling the CPU speed makes this approach scalable.

E - Different approaches are needed for large search spaces.

Which of these is most true?

John The Ripper can be used to break a password of a windows SAM file.

First locate john's password.lst file. Use the find command for this. Note the "lst" is "L S T", and not a "one". If you find more than one, choose the SHORTEST path.

Examine the example1.sam file. What hashes does it contain?

Crack with John The Ripper the example1.sam file. Use it in "wordlist" mode, and use the full path of password.lst. Use the "lm" format, as this is faster to crack... Apply "john" to example1.sam.

Use "john --show example1.sam" and evaluate its attempt. Passwords are CASE SENSITIVE in the checks!

Switch to John The Ripper in "incremental" mode, and apply it to example1.sam. Use the show mode and identify the password of Administrator. Passwords are CASE SENSITIVE in the checks!

What is the password of "administrator"?

Target 1 lies somewhere in 192.168.1.1 - 192.168.1.254. This time use "ip route show" and find out the device name on your machine which would be used to handle packets going to target 1.

What is your machine's IP number on the target network?

Use nmap to sweep the target network, and identify the IP address of target 1.

Scan port 22 of the target using nmap in application fingerprinting mode.

We are going to use Hydra, but first we need to set up a password file for it. We are going to use /usr/share/wordlists/rockyou.txt.gz. However that file is currently compressed using gzip.

Uncompress rockyou.txt.gz then do "wc -l" on the file and see how many lines (passwords) are in the file.

Open Hydra-gtk. It is in Kali Linux > 5. Password Attacks > Online Attacks > Hydra-gtk.

Perform a single target attack against target 1. Use the ssh protocol (you can leave the port on 0 if you like and it will automatically select 22). Be verbose and show attempts...

Switch to the Passwords tab. Assuming you know the name of a user you want to try you would put it in here. In our case hack the "user" username. Use a password list ("/root/rockyou.txt"). Select both "try login as password" and "try empty password" (well why not!). Go to Tuning and set tasks to 1. Now go to the Start tab and Start.

What is the password for "user"?

Repeat the process, but this time crack the user account "klog".

What is the password for "klog"?

Perform a similar scan, but this time try and break the "sys" user. Increase the number of tasks to 5 in Tuning before pressing start... otherwise it could be a while. The answer is found in no more than 300 attempts.

What is the password for "sys"?

How many attempts dit it take to find the password?