1604 In Class Activity 2

In-Class Activity 2: Password cracking

Note:
 This lab deliberately does not give you all the information you need to complete it.
 You are expected to do the appropriate research and reading to get the information you need
to complete the lab.

Objective:
1. Creating accounts to be cracked
2. Cracking passwords by Brute Force
3. Cracking passwords by Dictionary

The Lab Activities

Part 1: Am I Cracked?
Take a screenshot.
Before looking at cracking passwords you may be wondering if anyone has possibly cracked your passwords,
or at least, got a hold of your personal data in some fashion. Another way to ask that question is to ask
yourself: “Have I been pwned?”

If you do not know what ‘pwn’ means, have a look at the definition: https://en.wikipedia.org/wiki/Pwn

If you really want to know, one way to check this is to go to the following website… you may be surprised:
https://haveibeenpwned.com/

Part 2: Creating User Accounts

Before we can look at cracking passwords, first we need to create some user accounts. On your
Windows VM create the following accounts with the associated passwords:

Account Password
ISN1604_user1 xyz@
ISN1604_user2 qazw42
ISN1604_user3 password
ISN1604_user4 rain

Part 3: Cracking Passwords – Local Microsoft System Passwords

In this part of the lab you will be using Cain and Abel to crack passwords. Cain and Abel can do a
lot more than just crack passwords, though for lab that is all we are going to use it for.

Page 1 of 4
1604 In Class Activity 2

Note: Before you start this part of the assignment there are a number of things you need to
ensure:
 You are logged into the Administrator account. This just makes the lab a little simpler to do.
 Find Cain and Abel and install it. https://www.filehorse.com/download-cain-and-abel/
 That security is disabled for the duration of this activity. Turn off the firewall to download
and install the file (otherwise, virus scanner will prevent it from installing). 
 At the end of installation, it might say that it uses Winpcap v4.1.3 and ask if you want to
install it. If installation failed on your computer (error message saying that it isn’t supported
by your version of Windows), Cane will be installed but will not run without this. You can go
to www.winpcap.org and install Winpcap v4.1.3. Launching Cane after this should work with
no addition installation required for it.
 That ‘Abel’ has been installed into the correct directory (check the manual to find the correct
directory). https://www.scribd.com/doc/80896201/Cain-Abel-Manual
 That the Abel service is ‘started’.
Note:
In Cain, there is a drop-down list with predefined character sets. In real scenario, you as an
attacker don't know what the password and you need to go with the more expanded character sets
and yes it takes time. In our cases, it takes even longer since we don't have a good processor
speeds for such activity and virtual machines make it even slower. Thus, in this assignment since
you already know what the password is, you can make a shortcut and set the character sets
accordingly.
Set Up Steps
1. Start Cain and click the Network tab.
2. In the left pane, right-click Quick List and select “Add to Quick List”.
3. Enter your computer name or Windows IP Address in the text box and click OK.
4. Expand the Quick List and double click on your IP address.
5. Expand Abel and select Hashes. A Cain box pops up asking "Include password history
hashes?". Click ‘No’. The password hashes should appear.

NB: there are two Hash values: LM Hashes are for backward compatibility with Win9x
systems and NT Hashes are for NT\2000\XP\Windows 7 systems.
6. Right-click in the right pane and click "Send All to Cracker".
Brute Force Cracking Steps
1. Click the Cracker tab. In the right pane, right-click ISN1604_user1, select "Brute-Force
Attack", and click "NTLM Hashes".
2. In the "Brute-Force Attack" box, click the Start button. It should find the four-character
password in a few seconds. Take a screenshot that included the Brute-Force Attack box open
with the cracked passed and save it.
3. Close the "Brute-Force Attack" box.

Page 2 of 4
1604 In Class Activity 2

4. Brute-force attack ISN1604_user2. You’ll find the six-letter password is harder to crack. It
will take approximately 10 minutes to crack, depending on the speed of your processor.
5. Take a screenshot that included the Brute-Force Attack box open with the cracked passed and
save it.
Dictionary Cracking Steps:
While still using Cain…
1. In the right pane, right-click ISN1604_user3, point to "Dictionary Attack", and click "NTLM
Hashes". Cain should FAIL to crack the hash.
Close the “Dictionary Attack” window.
2. A dictionary attack is really a word list attack where every word in the dictionary (wordlist) is
checked. Dictionary attacks are more efficient than Brute Force but may not be successful if
the dictionary doesn’t contain the word.
To increase the probability of cracking the password there are two approaches – use a more
comprehensive list or include string manipulation to increase the chance of matching the
password, e.g. reversing the password, or adding numbers to the beginning or end, etc..
3. Right-click on ISN1604_user3 again and select “Dictionary Attack” and click “NTLM
Hashes.
At the top of the “Dictionary Attack” box, right click the file box and select Add to list.
Browse to the location of the dictionary installed by Cain & Abel. When the file is added, click
the Start button. This time Cain should SUCCEED in cracking the hash. Take a screenshot
that included the Dictionary Attack box open with the cracked passed and save it.
Right-click in the file area and select “Remove All” and confirm by saying “Yes”.
Close the Dictionary Attack window
4. Download the document 1k_most_common.txt from the Assignment folder and save the file.
Move it in the Cain Wordlists directory. (Probably C:\Program Files (x86)\Cain\Wordlists)
5. Perform a dictionary attack on ISN1604_user4 using the 1k_most_common.txt dictionary.
When the file is loaded, click Start. Cain should FAIL to crack the hash. Close the
“Dictionary Attack” window.
6. Navigate to the file 1k_most_common.txt and open it in Notepad.
7. Scroll down and scan the list of words commonly used for passwords. Notice that the word
“password” is in the list, but the word “rain” is not.
8. Edit the 1k_most_common.txt file and add the word “rain”.
Open the File menu and click on the Save item.
Repeat the dictionary attack on ISN1604_user4 and this time Cain should SUCCEED in cracking
the hash. Take a screenshot that included the Dictionary Attack box open with the cracked passed
and save it.
Once all the passwords are cracked, insert the four (4) saved images of cracked passwords into your
report under the heading of “Cracked Passwords”.

Deliverable
Submit all the screenshots in one report and submit it in Moodle.
Deliverable:
 Your lab report should contain student name and number (or a cover page).
 For each part of the lab use a heading such as “Part 1” or “In class activity 2- Creating User
Accounts”.
 In all screenshots a part of the custom background (wallpaper) should be visible, time and
date.
 Be consistent in using font type and size and do not use size bigger than 12.
 Please always delete the lab instruction. Your submitted report should only include your
answers.

Page 3 of 4
1604 In Class Activity 2

Page 4 of 4