Now we have the passwords, there are other services we have seen running on our Metasploitable machine that could be vulnerable. The vulnerable unrealIRC that was exploited. If you followed this tutorial from the previous, you will see that we were able to gain root access, grab the hashes, and crack them all because of one security hole. If someone is running a dictionary attack to try and crack the password the likelihood of a random string combination being in the dictionary is far less than using an actual word. Combine it with upper and lower cases, special characters. Use some kind of random password for strong security. So what did we learn from this tutorial? Well, it’s important to secure your system. There are some huge dictionaries available online for download that contain many potential and common passwords. Of course if the password you are trying to crack doesn’t exist in your dictionary, it will fine no results. If you run the crack command again, it will continue trying to crack the remaining 3. You can see we have 4 cracked and 3 pending. This will show us what has been cracked already and what is pending. Sudo john /home/kali/Desktop/passwords.db -show
