How to solve these challenges:


Challenge #1

On Kali add a new user called admin and set its password as iloveyou!

Using John the Ripper try to crack the user’s password using this wordlist: /usr/share/metasploit-framework/data/wordlists/unix_passwords.txt

To add the user run useradd admin and to set its password run passwd admin

Are you stuck? Do you want to see the solution for this exercise? Click here.


Challenge #2

1. On Kali combine the following 3 wordlists into a single big file.

/usr/share/john/password.lst

/usr/share/dict/american-english

/usr/share/metasploit-framework/data/wordlists/unix_passwords.txt

2. Eliminate any possible duplicates from the big wordlist.

3. Check how many entries (words) are in the wordlist.

4. Run a dictionary attack against all passwords of the system using the big wordlist.

5. While the john is running, interrupt the cracking session.

6. Restore the interrupted session.

Are you stuck? Do you want to see the solution for this exercise? Click here.


Challenge #3

Run an incremental attack using John the Ripper against all passwords of the system.

Are you stuck? Do you want to see the solution for this exercise? Click here.


Challenge #4

Start a second VM that also runs Linux. There should be running both Kali and another Linux distribution.

1. Check the SSH connection from Kali to the second Linux VM. If it’s not working, troubleshoot it and make it work. After you can authenticate successfully from Kali to the second Linux VM using SSH and an unprivileged user, move to the next step.

2. Set the password of the unprivileged user of second Linux VM to Achilles (execute as root: passwd USERNAME)

3. From Kali start a dictionary attack on SSH that’s running on the second Linux VM using Hydra and this dictionary file: /usr/share/dict/american-english. Try to crack the password of the unprivileged user that is allowed to connect to SSH.

Are you stuck? Do you want to see the solution for this exercise? Click here.