SEC401 – Password Management & Cryptographic Concepts
Lab 2.1 – Password Auditing
Solo, Lab
Focus: Password Management & Cryptography
Level: SEC401
Date: Apr 2026
Artifacts: Sanitized screenshots from Slingshot Linux lab environment
TL;DR
- •Cracked Office 2013, NTLM, and Linux SHA-512 crypt passwords using John the Ripper with a CeWL wordlist
- •Demonstrated SHA-512 brute-force infeasibility with Hashcat (77-year estimate at 854 H/s)
- •Expanded 1,552 base words into 4M+ candidates with John's word-mangling rules to crack two remaining passwords
Skills demonstrated
Note: Course-provided PCAPs and lab instructions are not shared. Only my own captures and sanitized notes are published.
Why this matters
Password auditing is how organizations discover weak credentials before attackers do. Understanding hash types, choosing the right cracking tool and attack mode, and knowing when brute force is infeasible vs. when a smarter wordlist wins are core skills for penetration testers and security auditors. This lab builds that judgment.
Context
This lab demonstrates password auditing techniques using John the Ripper and Hashcat against multiple hash types: Microsoft Office encryption, NTLM, and Linux SHA-512 crypt. Starting with a CeWL-generated wordlist scraped from a target website, the goal was to crack passwords from an encrypted Excel spreadsheet, an NTLM hash dump, and Linux /etc/shadow files, then use John's word-mangling rules to expand the wordlist and crack stronger passwords that the base wordlist couldn't reach.
Tools used
Steps taken
1Explore lab files
Listed the lab directory contents: alphapasswd, alphashadow, bonuspasswd, bonusshadow (Linux credential files), cewl-pass.txt (wordlist), customer-discount.xlsx (encrypted spreadsheet), and ntlm.txt (Windows hash). Used the file command to confirm the Excel file was CDFV2 Encrypted.
$ cd /sec401/labs/2.1/ && ls -l
$ file customer-discount.xlsxls -ldetailed file listing with sizesfileidentify file type and encryption status2Confirm password-protected Excel file
Opened customer-discount.xlsx with LibreOffice to confirm it requires a password. The dialog prompted for a password to decrypt the file, confirming the Office encryption detected by the file command.
3Examine CeWL wordlist
Opened cewl-pass.txt in gedit. The wordlist contains 1,552 words scraped from the target organization's website using CeWL (Custom Word List generator). Words include company-specific terms like 'SolarGlow', 'Arctic', and social media references. Organization-specific wordlists are far more effective than generic dictionaries because employees often base passwords on familiar terms.
$ gedit cewl-pass.txt4Extract Office hash with office2john
Used office2john.py to extract the password hash from the encrypted Excel file. The script outputs a hash string compatible with John the Ripper. After extraction, ls -l confirms the new excelhash file was created.
$ python3 /opt/john/run/office2john.py customer-discount.xlsx > excelhashoffice2john.pyextracts password hash from Office documents> excelhashredirect hash to file for cracking5View extracted Office hash
Inspected the extracted hash. The format shows $office$*2013*100000*256*16* followed by the hash data. Key fields: Office 2013 format, 100,000 PBKDF2 iterations, 256-bit key length. The high iteration count makes brute-force significantly slower than simpler hash types.
$ cat excelhash6Crack Excel password with John
Ran John the Ripper with the CeWL wordlist against the Office hash. John detected Office 2007/2010/2013 format (SHA1 256/256 AVX2 8x / SHA512 256/256 AVX2 4x AES). Cracked the password in under 1 second: #AlphaInc! at 168.4 passwords/second. The low speed reflects the 100,000 PBKDF2 iterations in Office 2013 encryption.
$ john --wordlist=cewl-pass.txt excelhash--wordlist=cewl-pass.txtuse CeWL wordlistexcelhashtarget hash file7NTLM hash type ambiguity
Attempted to crack ntlm.txt without specifying a format. John detected hash type 'LM' but warned it could also match dozens of other formats (NT, MD2, MD4, MD5, mscash, ripemd-128, and many more). This demonstrates why specifying the correct format is critical when the hash is ambiguous.
$ john --wordlist=cewl-pass.txt ntlm.txt8Crack NTLM hash with correct format
Specified --format=NT to force NTLM (MD4) interpretation. John loaded 1 password hash and cracked it instantly: #AlphaInc! at 19,200 passwords/second. The dramatic speed difference vs. Office 2013 (19,200 vs. 168 p/s) shows why unsalted, un-iterated hashes like NTLM are trivial to crack.
$ john --wordlist=cewl-pass.txt ntlm.txt --format=NT--format=NTforce NTLM (MD4) hash typeNT hash = MD4(UTF-16LE(password))9Combine Linux passwd and shadow files
Used unshadow to merge alphapasswd and alphashadow into a single file suitable for John. The output shows two users: alphauser (UID 1002, $y$ yescrypt hash) and alpha2 (UID 1003, $6$ SHA-512 crypt hash). Different hash prefixes indicate different algorithms.
$ unshadow alphapasswd alphashadow > alphamerge
$ cat alphamergeunshadowmerge /etc/passwd and /etc/shadow into John-compatible format10Crack Linux crypt hash
Ran John with --format=crypt against the merged shadow file. Loaded 2 hashes with different salts (algorithms ranging from descrypt to sha512crypt). Cracked alphauser's password: #AlphaInc! at 701.2 candidates/second. The 5,000 SHA-512 iterations make this slower than NTLM but faster than Office 2013.
$ john --format=crypt --wordlist=cewl-pass.txt alphamerge--format=cryptuse generic Unix crypt formatHandles multiple algorithms (md5crypt, sha256crypt, sha512crypt)11Hashcat brute-force attempt on SHA-512
Attempted a brute-force mask attack with Hashcat on the SHA-512 crypt hash. Used mode 1800 (sha512crypt) with attack mode 3 (brute-force) and mask ?u?l?l?l?l?l?l?l?l?d (1 uppercase + 8 lowercase + 1 digit). Hashcat initialized OpenCL on the Intel i7-8750H CPU but hit a token length exception on one hash entry.
$ hashcat -m 1800 -a 3 alphamerge ?u?l?l?l?l?l?l?l?l?d-m 1800SHA-512 crypt hash mode-a 3brute-force/mask attack?uuppercase letter?llowercase letter?ddigit12Hashcat status: brute-force infeasible
Pressed 's' for status. Hashcat reported: SHA-512 (Unix) mode, 854 H/s on the CPU, estimated completion in 77 years 177 days. Progress: 45,024 of 2,088,270,645,760 candidates (0.00%). This demonstrates why brute-force is impractical against properly iterated hashes like SHA-512 crypt, especially without GPU acceleration.
13Bonus challenge: CeWL wordlist fails
Unshadowed the bonus passwd/shadow files and attempted John with the base CeWL wordlist. Result: 0 passwords cracked. The bonus passwords aren't in the original 1,552-word list, meaning they use variations (appended numbers, mixed case, etc.) that require word-mangling rules to discover.
$ unshadow bonuspasswd bonusshadow > bonus_passwords
$ john --wordlist=cewl-pass.txt bonus_passwordsunshadowmerge bonus credential files--wordlistattempt base CeWL wordlist14Generate mangled wordlist with John rules
Used John's --rules flag with --stdout to apply word-mangling transformations (case toggling, number appending, character substitution, etc.) to every word in the CeWL list, redirecting all generated candidates to cewl-rules.txt. This massively expands the effective wordlist without manual effort.
$ john --wordlist=cewl-pass.txt --rules --stdout > cewl-rules.txt--rulesenable default word-mangling rules--stdoutoutput candidates instead of cracking> cewl-rules.txtsave expanded wordlist15Verify rule expansion scale
Compared wordlist sizes: the base cewl-pass.txt had 1,552 lines. After rule expansion, cewl-rules.txt had 4,010,859 lines, a 2,585x increase. Grep confirmed 2,156 variants generated from a single word ('merely'). This shows how rules systematically cover common password mutation patterns.
$ wc -l cewl-pass.txt
$ wc -l cewl-rules.txt
$ grep merely cewl-rules.txt | wc -lwc -lcount lines (candidates)grep | wc -lcount variants of a specific word16Crack bonus passwords with expanded wordlist
Ran John with the rules-expanded wordlist against the bonus hashes. Both passwords cracked in 36 seconds: #AlphaInc!23 (larry) and #AlphaInc!24 (joshua). The base word '#AlphaInc!' was in the original CeWL list, but the appended numbers '23' and '24' required rule-generated variants. This demonstrates why word-mangling rules are essential for real-world password auditing.
$ john --wordlist=cewl-rules.txt bonus_passwords--wordlist=cewl-rules.txtuse rules-expanded 4M-candidate wordlistKey findings
Outcome / Lessons learned
This lab covered the full password auditing workflow: identifying hash types, choosing the right tool and attack mode, and understanding when to switch from brute force to smarter wordlist techniques. The key takeaway was the contrast between hash strengths: NTLM cracked at 19,200 p/s while SHA-512 crypt managed only 854 H/s under brute force, making it computationally infeasible without a targeted wordlist. The CeWL-to-rules pipeline proved that organization-specific wordlists combined with systematic word-mangling rules can crack passwords that resist both dictionary and brute-force attacks.
If this were a real engagement: I'd report all cracked credentials to the organization with remediation timelines, recommend enforcing minimum 16-character passphrases and banning company-name-based passwords, check for credential reuse across systems, verify that NTLM authentication is disabled where possible in favor of Kerberos, and recommend migrating from SHA-512 crypt to bcrypt or argon2 with higher work factors.
Security controls relevant
- Enforce strong password policies (length > complexity)
- Ban organization-specific words in passwords (Azure AD Custom Banned Passwords)
- Disable NTLM authentication where possible
- Use modern hash algorithms (bcrypt, argon2) with high work factors
- Regular password auditing with internal red team tools
- MFA on all accounts to reduce credential-only attack impact
What I took away from this
The speed difference between hash types is the real lesson here, not the cracking itself. NTLM at 19,200 p/s vs. SHA-512 crypt at 854 H/s vs. Office 2013 at 168 p/s tells you everything about why hash algorithm choice matters more than password policy. An organization can mandate 16-character passwords, but if Active Directory is still storing NTLM hashes (and it is, by default), an attacker with a domain dump will crack most of them in hours. The first recommendation in any password audit should be 'disable NTLM where possible,' not 'require longer passwords.'
CeWL is underrated in real engagements. Generic wordlists like rockyou.txt contain millions of entries but miss the most likely passwords: the ones employees create from what they see every day. The company name, product names, office locations, slogans from the website. In this lab, every single password was a variation of '#AlphaInc!' which is literally the organization's name with common substitutions. Azure AD and Entra ID have Custom Banned Password Lists that can block these, but I've rarely seen organizations configure them. It's a 10-minute fix that would have stopped every crack in this lab.
The brute-force attempt with Hashcat was the most instructive failure. 77 years at 854 H/s on a single CPU. Even with GPU acceleration pushing that to 500K H/s, a 10-character password with mixed character classes would still take months against SHA-512 crypt. This is why password complexity requirements exist for older hash algorithms, but also why the industry is moving toward bcrypt and argon2 with configurable work factors. The right answer isn't 'make passwords longer,' it's 'make hashing slower.' A properly configured argon2 hash turns even a weak password into a computationally expensive target.