[custom-header-login]
- Weight: 2
- Description: Candidates should be familiar with basic host based access control such as nsswitch configuration, PAM and password cracking.
Key Knowledge Areas
- PAM and PAM configuration files
- password cracking
- nsswitch
Terms and Utilities
- nsswitch.conf
- john
Password Management with John the Ripper
It is possible to crack passwords on Linux using john. This can be useful where you have a password policy and this can be used to see who is keeping to the policy as well as highlighting the need for secure passwords
Installing John on Ubuntu 12.04
As with the SKS server, Ubuntu does make a great target to test passwords and John as it is included in the standard repositories. We will install john john-data and the recommended wordlist package. Wordlist though is a virtual package that just links to other dictionaries. So as such we do not install word list but can use the package wordlist to display language based packages to install so as wbritish-large and wamerican-large.
apt-get install -y john john-data wbritish-large wamerican-large