LAB MANUAL

ON
PASSWORD CRACKING OF KALI LINUX
OPERATING SYSTEM

ESTABLISHMENT OF ADVANCED LABORATORY FOR CYBER SECURITY TRAINING TO

TECHNICAL TEACHERS
DEPARTMENT OF INFORMATION MANAGEMENT AND EMERGING ENGINEERING
MINISTRY OF ELECTRONICS AND INFORMATION TECHNOLOGY
GOVERNMENT OF INDIA
Principal Investigator: Prof. Maitreyee Dutta

Co Investigator: Prof. Shyam Sundar Pattnaik

PREPARED BY:

Prof. Maitreyee Dutta and Ms. Shweta Sharma (Technical Assistant)

i
 Table of Contents

INTRODUCTION TO KALI LINUX OPERATING SYSTEM ............................................................ 2

PASSWORD STORAGE IN KALI LINUX OPERATING SYSTEM .................................................... 2
PASSWORD CRACKING......................................................................................................... 3
PASSWORD CRACKING TECHNIQUES .................................................................................... 3
JOHN-THE-RIPPER TOOL....................................................................................................... 4
PASSWORD CRACKING WITH JOHN-THE-RIPPER TOOL ......................................................... 5
COUNTERMEASURES ......................................................................................................... 23
REFERENCES ...................................................................................................................... 24

ii
MANUAL-5:
PASSWORD
CRACKING OF
KALI LINUX
OPERATING
SYSTEM

1
 INTRODUCTION TO KALI
LINUX OPERATING SYSTEM
 Kali Linux is a Debian-derived Linux distribution operating
system which is designed for digital forensics and
penetration testing.
 Kali Linux operating system is maintained and funded by
Offensive Security.
 The first version (1.0) of Kali Linux operating system was
released in March 2013 [1].
 This operating system has over 600 pre-installed
penetration testing and security tools such as Nmap, John
the Ripper, Aircrack-ng, Hashcat, Metasploit framework,
and so on.

PASSWORD STORAGE IN KALI

LINUX OPERATING SYSTEM
 Passwords are used to protect the system from an
unauthorized access.
 Computers with Kali Linux operating system stores
password in /etc/shadow file in the form of Message Digest 5
2
(MD5)/ Blowfish/ Secure Hash Algorithm (SHA-256/ SHA-512)
hash.
 Passwords are stored in the form of hash due to its
irreversible property. This means that password in plaintext
can be converted to hash but a hash can’t be converted back
to plaintext.

PASSWORD CRACKING
 Password cracking in Kali Linux operating system is a
process to recover passwords from a shadow file.
 The purpose of password cracking is to recover forgotten
password. The forensic team can perform password cracking
on a computer system to recover the data after getting the
password.
 This is usually accomplished by recovering the passwords
from data stored in the shadow file in the form of a hash
value.

PASSWORD CRACKING
TECHNIQUES
The password cracking techniques are discussed as follows:
 BRUTE FORCE: A brute force technique is an attempt to
crack passwords using permutation and combination

3
approach. This method takes a lot of time and memory
consumption depending on the length and complexity of
password.
 DICTIONARY: A dictionary technique is an attempt to store
in-build passwords in a file known as dictionary. Instead of
trying all combination of passwords, it creates a word-list of
most common passwords and calculates the hash values
while cracking the passwords. It will only able to crack the
password if it is stored in dictionary file. This technique takes
less time as compared to brute-force technique to crack the
password.
 RAINBOW TABLES: This technique is same as dictionary,
but instead of calculating hash vales during password
cracking; it stores the in-built hash values of password in the
tables. Thus, this technique takes less time as compared to
brute-force and dictionary technique to crack the password.

JOHN-THE-RIPPER TOOL
 The John-the-ripper tool [2] is an open-source application
and post-exploitation Kali Linux operating system tool that
allows users to view authentication credentials.
 This tool provides hashes from shadow file of Kali Linux
operating system to users.

4
 Kali Linux store password data in a shadow file in the form
of a hash. The forensics team can use John-the-ripper tool to
get the password in plain text and pass it to the target
computer to login.

PASSWORD CRACKING WITH

JOHN-THE-RIPPER TOOL
The password in plaintext from hash can be recovered with
John-the-ripper tool with the following steps:
Step 1: Open Kali Linux operating system as shown in Figure
1.

5
 Figure 1: Kali Linux operating system

Step 2: In Kali Linux operating system, open John-the-ripper

tool. Go to Applications-> Password attacks-> john as shown
in Figure 2.

6
 Figure 2: Opening John-the-Ripper tool

Step 3: A terminal with usage of John-the-ripper tool will

open as shown in Figure 3 and Figure 4.

7
 Figure 3: John-the-Ripper tool in Terminal

Step 4: Search the password wordlist by browsing Google

search engine as shown in Figure 5. Open the GitHub website
and download the ZIP file as shown in Figure 6.

8
Figure 4: John-the-Ripper tool in Terminal

Figure 5: Search password wordlist

9
 Figure 6: Download password wordlist

Step 5: Save and open the downloaded file as shown in

Figure 7. Open the “Real-Passwords” folder to see the
passwords wordlist as shown in Figure 8.

Figure 7: Password folder in downloaded file

Figure 8: Password wordlist

10
Step 6: Open any password wordlist (e.g., Top12Thousand-
probable-v2.txt file) as shown in Figure 9. Copy this file in
Home directory and rename as “wordlist.txt” as shown in
Figure 10.

Figure 9: Top 12 thousand most frequently used passwords

11
 Figure 10: Wordlist file in Home directory
Step 7: Add new users in kali Linux operating system as
shown in Figure 11, Figure 12, and Figure 13. Set a password
and press ‘Y’ while creating new users.

12
Figure 11: Adding new users in Kali Linux operating system

13
Figure 12: Adding new users in Kali Linux operating system

14
 Figure 13: Adding new users in Kali Linux operating system

Step 8: Go to Other Locations->Computer->etc folder to find

the shadow file as shown in Figure 14, Figure 15, and Figure
16.

15
Figure 14: Opening other locations in Kali Linux operating system

16
Figure 15: Opening etc folder in Kali Linux operating system

17
 Figure 16: Finding Shadow file

Step 9: Copy the shadow file and paste in Home directory as

shown in Figure 17.

18
 Figure 17: Copy of Shadow file and Wordlist in Home directory

Step 9: Rename the shadow file as shadow1 and open the

file to find the usernames and password in the form of hash
values as shown in Figure 18 and Figure 19.

19
Figure 18: Opening Shadow file

20
 Figure 19: Opening Shadow file

Step 10: Write the command “john --wordlist=/root/

wordlist.txt” to recover the hash of root and “john --show
shadow1” to display the passwords in plaintext as shown in
Figure 20.

21
 Figure 20: Cracking password of Root

Step 10: Write the command “john --wordlist=

/root/wordlist.txt --format=sha512crypt” to recover the hash
of other users and “john --show shadow1” to display the
passwords in plaintext as shown in Figure 21.
The passwords in plaintext are displayed in the Figure 21 and
highlighted in red rectangular box.

22
 Figure 21: Cracking password of other users

COUNTERMEASURES
The following countermeasures must be followed:
 Strong Passwords: Establish strong password using special
characters, numbers, and lower and upper case alphabets.
 Minimum Password Length: The length of the password
should be set to at least 14 characters. The long passwords
are harder to crack than the short ones.
 Dictionary words: Do not use dictionary words such as
password, qwerty, abc123, etc. These passwords can be
cracked easily with tools. Do not rely on similar looking
characters such as: 3  E , 5 S , !  1. These words are
also stored in dictionary.

23
  Minimum Password age: The users must change the
password after some time (90 days). This will reduce the risk
of password cracking.
 Stronger authentication method: Use stronger
authentication methods such as enable Gmail one time
password feature to login in a new device.
 Different passwords: Use different passwords for different
device or websites.
 Sharing passwords: Do not share passwords with anyone
or change password immediately after usage, if shared.
 Storing passwords: Avoid storing passwords in an
unsecured location such as desktop or mobile phones. An
attacker can access those passwords by hacking the device.
Try to remember the passwords.
 Personal Information: Do not use personal information
such as date of birth, pet names, vehicle number, etc. An
attacker can easily guess the password by knowing personal
details through social engineering.

REFERENCES
[1] O. S. Limited, “Official Kali Linux Releases,” 2020. https://www.kali.org/kali-linux-releases/
(accessed Apr. 15, 2020).

[2] O. S. Limited, “john Package Description,” 2020. https://tools.kali.org/password-attacks/john

(accessed May 20, 2020).

24