Network Security 1 (MIT 416)

Lab 5
Instructor: - Apurv Patel
Date: June 29,2023

 Answer the below questions briefly.

 Questions must be in Word Size 12 and BOLD for the questions and same size with
normal font for answers.
 Every line must be indented with a proper documentation.
 You can use the google but always mention the reference in the last (should be cited).
 In the header, write your student ID and Page number in the footer.
 File’s name must be STUDENTID_LAB2.docx.
 You need to make appealing headings including your subject name, your name and
student ID, lab number etc.
 If you think, this answer needs a screenshot then mention it.

Lab Objective:
Learn how to use Hashcat to crack passwords.
Lab Purpose:
Hashcat is a password cracker used to crack password hashes. A hash is a one-
way function that takes a word or string of words and turns them into a fixed
length of random characters. This is a much more secure method of storing
passwords rather than storing them in plain text. It is not reversible.
Hashcat attempts to crack these passwords by guessing a password, hashing it,
and then comparing the resulting hash to the one it’s trying to crack.
Lab Tool:
Kali Linux
Lab Topology:
You can use Kali Linux in a VM for this lab.
Lab Walkthrough:

Task 1:
In this lab, we will create a set of hashes and then use a dictionary to crack these
hashes. The first step is to create the hashes. Open a terminal and use the
following command to create a new txt document filled with some hashes:
cat << EOF > target_hashes.txt
dc647eb65e6711e155375218212b3964
eb61eead90e3b899c6bcbe27ac581660
958152288f2d2303ae045cffc43a02cd
2c9341ca4cf3d87b9e4eb905d6a3ec45
75b71aa6842e450f12aca00fdf54c51d
031cbcccd3ba6bd4d1556330995b8d08
b5af0b804ff7238bce48adef1e0c213f
EOF

These hashes comprise 7 different password which we will attempt to crack.

Task 2:

We can now open hashcat. We will begin by viewing the help screen using
“hashcat -h”.
hashcat -h | more
There are many pages. You can go to each next page by pressing the Space key.
Press ctrl + c when you want to exit.
The two most important options available to us when using this tool are the
“hash type” and “attack mode”.
Hashcat can attempt to crack numerous different hash types, which can be seen
from the
screenshot below:

Task 3:

The next step is to choose the wordlist we will use for cracking the hashes. We
will be using the “rockyou.txt” file. Type the following to locate the file:
locate rockyou.txt
If the file has a .gz extension, it means it is a zipped file and we will first need to
unzip it using gunzip. To do this, navigate to the directory where the file is stored
and then type the following:
gunzip rockyou.txt.gz
This will unzip the file and provide us with the required .txt file.

Task 4:
Navigate back to the home directory by typing cd. We are now ready to begin the
attack.
We will use the following command to crack the password hashes:
hashcat -m 0 -a 0 -o cracked.txt target_hashes.txt
/usr/share/wordlists/rockyou.txt
Let’s break down each of these options.

 The -m 0 option tells hashcat that we are attempting to crack MD5 hash
types
 The -a 0 option tells hashcat we are using a dictionary attack
 The -o cracked.txt option is creating the output file for the cracked
passwords
 The target_hashes.txt is the file containing the hashes
 The /usr/share/wordlists/rockyou.txt is the wordlist we will use for this
dictionary attack
Task 5:

Dig is a tool which can be used on either Linux or Mac OS. Dig comes pre-
installed on Kali Linux and you can check its version using the following
command:
dig -v
The dig syntax looks like the following:
Dig [server] [name] [type]
We will begin by performing a simple dig command. Type the following into a
terminal:
dig google.com
Task 6:

The above command will include several information. There may be a time when
you only want the

result of the query. This can be achieved in dig with the following command:
dig google.com +short

As you can see, there can be more than one IP for a host record.
Task 7:

This next command will get rid of all information before the answer section, for
easier reading. We can specify this using the following command:

Task 8:

We can also specify the nameservers we wish to query using the following
command:

This command queries the “google.com” record from the Name Server with IP
address 8.8.8.8.
Task 9:

If we want to query all DNS record types, we can use the “ANY” option. This will
display all the available record types in the output:
Task 10:

We can also look up a specific record. For example, if we want to get only the
mail exchange section associated with a domain, we can use the following
command:
dig google.com MX
We can query a number of specific record types using the following tags in place
of MX:
TXT, CNAME, NS, A
Task 11:

We can trace the DNS path, similar to traceroute, using the following command:

Task 12:

It is also possible to make DNS queries for IP addresses.

Task 13:

Dig has a useful feature which allows you to perform a number of DNS lookups
for a list of domains instead of doing the same for each one individually. This can
be done by performing a lookup using a file:
dig -f domain_names.txt +short

Task 14:

It is possible to access domain verification data by making a DNS TXT query.