T6

Question 1

Why is password quality verification important in security?

Answer 1

It limits intrusions and data leaks, ensuring stronger authentication and encryption key derivation.

Question 2

What is John the Ripper (JtR)?

Answer 2

An open-source password cracking tool available in free and pro versions for multiple platforms.

Question 3

How do you download and install John the Ripper (JtR)?

Answer 3

Download with wget, extract with tar, configure, and compile with make.

Question 4

What are the two files in UNIX systems that store user and password information?

Answer 4

/etc/passwd (usernames) and /etc/shadow (hashed passwords).

Question 5

How do you extract user and password hashes for John the Ripper?

Answer 5

./unshadow passwd-fake shadow-fake > passwd.1

Question 6

What is the fastest mode in JtR for cracking weak passwords?

Answer 6

Single crack mode: ./john –single passwd.1

Question 7

Which mode in JtR uses dictionaries to crack passwords?

Answer 7

Wordlist mode: ./john –wordlist=password.lst passwd.1

Question 8

How does incremental mode work in JtR?

Answer 8

Incremental mode performs brute-force attacks by testing all possible passwords: ./john –incremental passwd.1

Question 9

How can you apply word variations to password cracking in JtR?

Answer 9

Use wordlist with rules: ./john –wordlist=password.lst –rules passwd.1

Question 10

How can you show cracked passwords in JtR?

Answer 10

./john passwd.1 -show

Question 11

How do you extract PDF password hashes for cracking in JtR?

Answer 11

./pdf2john.pl <filename>.pdf > hash.txt</filename>

Question 12

How do you crack PDF passwords with JtR?

Answer 12

./john –format=pdf hash.txt

Question 13

What tool provides better GPU-based password cracking than JtR?

Answer 13

Hashcat (https://hashcat.net)

Question 14

Why are GPUs better for password cracking?

Answer 14

GPUs excel at parallel processing, speeding up password recovery tasks.