Performing Password Attacks
Welcome to the Performing Password Attacks Practice Lab. In this module, you will be provided with the instructions and devices needed to develop your hands-on skills.
Already have an account? Sign In »

Introduction
Welcome to the Performing Password Attacks Practice Lab. In this module, you will be provided with the instructions and devices needed to develop your hands-on skills.
Learning Outcomes
In this module, you will complete the following exercises:
- Exercise 1 - Performing Online Password Attacks
- Exercise 2 - Performing Offline Password Attacks
After completing this lab, you will be able to:
- Switch Off the Windows Firewall on PLABWIN810
- Use Wordlists
- Use Hydra to Guess Usernames and Passwords
- Crack Linux Passwords using John the Ripper
- Sniff the Passwords
- Capture NTLMv2 Hash through SMB
- Use Responder
- Generate Rainbow Tables
- Recover Windows Hashes using Cain and Abel
Exam Objectives
The following exam objectives are covered in this lab:
- PT0-001: 3.5 Given a scenario, exploit local host vulnerabilities
- PT0-001: 4.2 Compare and contrast various use cases of tools
Lab Duration
It will take approximately 1 hour to complete this lab.
Exercise 1- Performing Online Password Attacks
An online password attack is performed on a network service, such as SSH, HTTP, FTP, SMB, and so on. For example, an attacker might attempt to guess a user’s password for a Website login. Most of the time, servers or network devices are not equipped to block an online password attack. Therefore, these attacks can succeed without much effort.
Password attacks can be of two types. The first type is the dictionary attack, which uses a list of common words. It continues to run through the list until a suitable match is found. On the other hand, a brute-force attack attempts to use words based on a given character set. With an online password attack, either one of the methods can be used. However, a dictionary attack is mostly the choice because of the slow speed of attack.
In this exercise, you will learn about performing an online password attack.
Learning Outcomes
After completing this exercise, you will be able to:
- Switch Off the Windows Firewall on PLABWIN810
- Use Wordlists
- Use Hydra to Guess Usernames and Passwords
Exercise 2 - Performing Offline Password Attacks
Unlike the online password attack, which is a method to crack password for a network service, the offline method is performed on a file, such as /etc/shadow in Linux or SAM database in Windows.
In this exercise, you will learn about performing an offline attack.
Learning Outcomes
After completing this exercise, you will be able to:
- Crack Linux Passwords using John the Ripper
- Sniff the Passwords
- Capture NTLMv2 Hash through SMB
- Use Responder
- Generate Rainbow Tables
- Recover Windows Hashes using Cain and Abel
See the full benefits of our immersive learning experience with interactive courses and guided career paths.