MN623 T2 2019: Penetration Testing Tool Demonstration

Verified

Added on 2022/09/17

AI Summary

This report provides a comparative analysis of two password cracking tools, John the Ripper and RainbowCrack, used in penetration testing. The project involved initial information gathering using nmap, vulnerability identification, exploitation, and password breaking. The report details the steps performed, including the use of both tools, and compares their features, such as GPU support, hash type specification, and brute force capabilities. Analysis reveals John the Ripper's advantages in ease of use, while RainbowCrack excels in performance with large datasets. The report also highlights vulnerabilities in a web and FTP server, concluding with recommendations for service updates, web application firewalls, and disabling unused services and ports. References to relevant cybersecurity resources are included.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Description on john the ripper and
rainbow crack
John the Ripper is a free
password cracking software
tool. It is one of the most
popular password testing and
breaking programs as it
combines a number of
password crackers into one
package.
RainbowCrack is a general
propose implementation of
Philippe Oechslin’s faster time-
memory trade-off technique. It
crack hashes with rainbow
tables.

Steps
performed
in the
project
•For this project an initial information gathering is
performed using nmap tool.
•Then vulnerability’s are identified in second
stage.
•Then exploitation is undergone in third stage.
•Finally password breaking was performed using
both the tools

Comparison of both the tools
John the ripper
• This tool has a support of GPU.
• faster compare to other tools.
• Don’t need to specify the hash type.
• Don’t need to load hashes for
checking.
• Can be used for brute force attack.
• Don’t need to load any hash file
here.
Rainbow crack password breaking tool
• Doesn’t use GPU.
• Faster to get results.
• Need to specify the hash type.
• Need to load hashes for checking.
• Cannot be used for brute force
attack.
• Only shows result if hash is
present in the loaded file.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Analysis
From the password breaking tool prospective it is clear that john
the ripper is better and easier to use.
But as the performance point of view rainbowcrack takes the first
place if a huge large amount of hash data is available.

Vulnerabilit
ies in web
ad ftp
server
•The web application hosted had a lot
vulnerabilities.
•ftp protocol led us to take control of whole web
server.
•All the services used by the web server are out
dated.
•Those services should not be used any more.

Conclusion
• All the services should be updated.
• A web application firewall should be used.
• The unwanted services should be removed.
• The unused ports should be disabled.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

References
• https://www.openwall.com/john/
• http://project-rainbowcrack.com/
• https://www.cvedetails.com/
• https://www.owasp.org/index.php/Web_Application_Firewall