Attempt to switch to the root user via the su command. Explain why this attempt fails.

Use sudo to gain root privilege. Explain, with reference to the /etc/sudoers file, why this succeeds.

Examine the /etc/shadow file. What does this contain? Using information from the shadow manual page, what does the ! in many of the lines from /etc/shadow mean?

Copy the /etc/passwd and /etc/shadow files to the l33t user’s home directory and exit your root shell.

Attempt to combine the information in your copies of the passwd and shadow files into one file using the unshadow command (which comes with John the Ripper). Explain, with reference to specific Unix permissions, why you receive a Permission denied error.

Change the permissions of shadow to allow unshadow to succeed and output the results into a new file.

What three characters does each of these password hashes start with? Using man 5 crypt, what does this signify?

Copy all of the additional password hash files contained in /usr/local/share/password-hashes into your home directory.

Copy the RockYou wordlist from /usr/share/wordlists to your home directory and extract it into a .txt file. How many passwords does it contain?

On this system, the hashcat tool has been compiled to avail of your GPU (an nVidia Quadro P400). Run hashcat in its benchmarking mode (see man hashcat) to evaluate how many hashes it can check per second with the following hash-type:

Copy the unshadowed password file into a new file called hashes.txt. Edit this file so that it contains only password hashes (i.e., no usernames, UIDs, shells, etc.), and that all the hashes are of the same type (since hashcat can’t crack more than one hash type at a time). When you’re done, there should be no colon (:) characters in the file. Or you could do this with a one-line awk script…​

Crash the hashes in hashes.txt using the hashcat tool, which on this system has been compiled to avail of your GPU (an nVidia Quadro P400). You may find the -O and -r options to be helpful…​ try looking at some of the rulesets in /usr/share/hashcat/rules. Leave this tool running while you proceed to the next part of the lab; at the end of the lab report how many hashes hashcat was able to crack (and what they were). You should find your cracking results in ~/.local/share/hashcat/hashcat.potfile.

Run John the Ripper (john) against the Windows NT password file (ntlm.txt). Use the RockYou wordlist (using the --wordlist argument to john). You may need to use the --format=XXXX argument to help John interpret the hash, as it doesn’t include information about its format (e.g., $6$). See man john, john --help and john --list=formats to find out how john describes the NTLM (Windows NT LAN Manager) hash format.

Use the hashid tool to identify the possible hash algorithms for each password hash in each of the hashN.txt files that you copied from /usr/share/password-hashes. Crack each password. You may benefit from the --session argument to john when running multiple instances at the same time.

Use zip2john together with john to crack the password for secure.zip.

Use rar2john together with john to crack the password for secure.rar.

Use ssh2john together with john to crack the passphrase for the SSH public key id_rsa.