Home‎ > ‎CIS 75‎ > ‎

Lab 2 - Using Physical Access

When you have physical access to a machine you can control it. Computers have countermeasures that resist tampering but on home computers those are rarely used. For this lab you will attack your home computer and try to guess the passwords of users. To do that you will need your own copy of Kali Linux. 

If you have a good Internet connection you can download Kali Linux here. If your connection isn't fast enough to download it easily you can arrange for me to give you a DVD. 

WARNING: You must only do this lab on a computer you own or with the permission of the owner. 

Once you have downloaded Kali Linux you must install it onto a flash key. Kali has instructions for how to do that on this page. Warning: Any data on the flash key will be lost when you put Kali on. With Kali written onto the flash key reboot your computer. You may need to enter the computer's BIOS to make it boot from the flash key. I can't tell you exactly how to do that but I have some tips: 
  • Try hitting ESC or DEL or F12 during the BIOS splash screen. One of these is likely to work.
  • If your computer runs Windows 8 you must do a full shutdown. Here's how.
  • If your BIOS is UEFI disable secure boot and enable legacy boot
If you can't get Kali booted you can use a DVD on one of the CIS Dell computers. 

With Kali booted you must start the ophcrack program. The ophcrack program was demonstrated in class. You can find it in the menu through "Applications -> Kali Linux -> Password Attacks -> Offline Attacks -> ophcrack" WIth ophcrack open select the "Load" icon and load an "Encrypted SAM" file. In the file dialog you will see a disk listed that may have different names depending on your computer. The name "System" is common. If you pick the correct device on the left you will be able to go through the following path:


You load the whole directory (not just a file in it). When you have the directory loaded properly usernames will appear in the list. Click the "Crack" icon and see if any of your passwords are revealed. Take a screenshot. Now you will download ophcrack tables with more passwords to test. You can download the tables here: 

Be aware that the smallest table is 350MB so it may take a while to download. I suggest downloading the "Vista Free" table. TIP: Download the tables from the Iceweasel browser inside Kali. 

With the new table installed try again to crack passwords and take a screenshot of the progress after several minutes. Be sure that the progress bar and the current run time is shown. 

  • 15 points for the screenshot of the default password search 
  • 5 points for the screenshot of the extended table search