Lab 2.1 – Password Auditing

1. Explore lab files

Listed the lab directory contents: alphapasswd, alphashadow, bonuspasswd, bonusshadow (Linux credential files), cewl-pass.txt (wordlist), customer-discount.xlsx (encrypted spreadsheet), and ntlm.txt (Windows hash). Used the file command to confirm the Excel file was CDFV2 Encrypted.

cd /sec401/labs/2.1/ && ls -l
file customer-discount.xlsx

2. Confirm password-protected Excel file

Opened customer-discount.xlsx with LibreOffice to confirm it requires a password. The dialog prompted for a password to decrypt the file, confirming the Office encryption detected by the file command.

3. Examine CeWL wordlist

Opened cewl-pass.txt in gedit. The wordlist contains 1,552 words scraped from the target organization's website using CeWL (Custom Word List generator). Words include company-specific terms like 'SolarGlow', 'Arctic', and social media references. Organization-specific wordlists are far more effective than generic dictionaries because employees often base passwords on familiar terms.

gedit cewl-pass.txt

4. Extract Office hash with office2john

Used office2john.py to extract the password hash from the encrypted Excel file. The script outputs a hash string compatible with John the Ripper. After extraction, ls -l confirms the new excelhash file was created.

python3 /opt/john/run/office2john.py customer-discount.xlsx > excelhash

5. View extracted Office hash

Inspected the extracted hash. The format shows $office$*2013*100000*256*16* followed by the hash data. Key fields: Office 2013 format, 100,000 PBKDF2 iterations, 256-bit key length. The high iteration count makes brute-force significantly slower than simpler hash types.

cat excelhash

6. Crack Excel password with John

Ran John the Ripper with the CeWL wordlist against the Office hash. John detected Office 2007/2010/2013 format (SHA1 256/256 AVX2 8x / SHA512 256/256 AVX2 4x AES). Cracked the password in under 1 second: #AlphaInc! at 168.4 passwords/second. The low speed reflects the 100,000 PBKDF2 iterations in Office 2013 encryption.

john --wordlist=cewl-pass.txt excelhash

7. NTLM hash type ambiguity

Attempted to crack ntlm.txt without specifying a format. John detected hash type 'LM' but warned it could also match dozens of other formats (NT, MD2, MD4, MD5, mscash, ripemd-128, and many more). This demonstrates why specifying the correct format is critical when the hash is ambiguous.

john --wordlist=cewl-pass.txt ntlm.txt

8. Crack NTLM hash with correct format

Specified --format=NT to force NTLM (MD4) interpretation. John loaded 1 password hash and cracked it instantly: #AlphaInc! at 19,200 passwords/second. The dramatic speed difference vs. Office 2013 (19,200 vs. 168 p/s) shows why unsalted, un-iterated hashes like NTLM are trivial to crack.

john --wordlist=cewl-pass.txt ntlm.txt --format=NT

9. Combine Linux passwd and shadow files

Used unshadow to merge alphapasswd and alphashadow into a single file suitable for John. The output shows two users: alphauser (UID 1002, $y$ yescrypt hash) and alpha2 (UID 1003, $6$ SHA-512 crypt hash). Different hash prefixes indicate different algorithms.

unshadow alphapasswd alphashadow > alphamerge
cat alphamerge

10. Crack Linux crypt hash

Ran John with --format=crypt against the merged shadow file. Loaded 2 hashes with different salts (algorithms ranging from descrypt to sha512crypt). Cracked alphauser's password: #AlphaInc! at 701.2 candidates/second. The 5,000 SHA-512 iterations make this slower than NTLM but faster than Office 2013.

john --format=crypt --wordlist=cewl-pass.txt alphamerge

11. Hashcat brute-force attempt on SHA-512

Attempted a brute-force mask attack with Hashcat on the SHA-512 crypt hash. Used mode 1800 (sha512crypt) with attack mode 3 (brute-force) and mask ?u?l?l?l?l?l?l?l?l?d (1 uppercase + 8 lowercase + 1 digit). Hashcat initialized OpenCL on the Intel i7-8750H CPU but hit a token length exception on one hash entry.

hashcat -m 1800 -a 3 alphamerge ?u?l?l?l?l?l?l?l?l?d

12. Hashcat status: brute-force infeasible

Pressed 's' for status. Hashcat reported: SHA-512 (Unix) mode, 854 H/s on the CPU, estimated completion in 77 years 177 days. Progress: 45,024 of 2,088,270,645,760 candidates (0.00%). This demonstrates why brute-force is impractical against properly iterated hashes like SHA-512 crypt, especially without GPU acceleration.

13. Bonus challenge: CeWL wordlist fails

Unshadowed the bonus passwd/shadow files and attempted John with the base CeWL wordlist. Result: 0 passwords cracked. The bonus passwords aren't in the original 1,552-word list, meaning they use variations (appended numbers, mixed case, etc.) that require word-mangling rules to discover.

unshadow bonuspasswd bonusshadow > bonus_passwords
john --wordlist=cewl-pass.txt bonus_passwords

14. Generate mangled wordlist with John rules

Used John's --rules flag with --stdout to apply word-mangling transformations (case toggling, number appending, character substitution, etc.) to every word in the CeWL list, redirecting all generated candidates to cewl-rules.txt. This massively expands the effective wordlist without manual effort.

john --wordlist=cewl-pass.txt --rules --stdout > cewl-rules.txt

15. Verify rule expansion scale

Compared wordlist sizes: the base cewl-pass.txt had 1,552 lines. After rule expansion, cewl-rules.txt had 4,010,859 lines, a 2,585x increase. Grep confirmed 2,156 variants generated from a single word ('merely'). This shows how rules systematically cover common password mutation patterns.

wc -l cewl-pass.txt
wc -l cewl-rules.txt
grep merely cewl-rules.txt | wc -l

16. Crack bonus passwords with expanded wordlist

Ran John with the rules-expanded wordlist against the bonus hashes. Both passwords cracked in 36 seconds: #AlphaInc!23 (larry) and #AlphaInc!24 (joshua). The base word '#AlphaInc!' was in the original CeWL list, but the appended numbers '23' and '24' required rule-generated variants. This demonstrates why word-mangling rules are essential for real-world password auditing.

john --wordlist=cewl-rules.txt bonus_passwords