Measure the Crack — Password-Strength Audit

Northwind Diagnostics · authorized security assessment · John the Ripper console

SY0-701 · 2.4.6 1.4.5 1.4.6

Engagement brief

You are the security analyst running an authorized password-strength audit for Northwind Diagnostics. The blue team handed you a sanitized credential dump pulled from the staging host lab-vault01 and one encrypted evidence archive. Your job is to measure how fast weak passwords fall to an offline attack so the team can justify a stronger policy.

Everything you need is in the analyst home directory. A vetted wordlist lives at /usr/share/wordlists/audit-rock.lst. Type help in the console to see available commands, then work the task list on the right. When every target is cracked and every question answered, submit your report.

analyst@lab-vault01 — john the ripper console

analyst@audit:~$

Credential vault — targets

lab-vault01 · account "svc-backup" locked

sha512crypt ($6$) · from creds_dump/shadow.lst

recovered: hash→••••••••

cases/q3-audit-evidence.zip locked

PKZIP encrypted archive · 1 entry

recovered: passphrase→••••••••

Task checklist

Knowledge check

Submit completed lab

Hacker name (pseudonym — no real names)

Score: 0 / 10

© 2026 [Author / Instructor of record]. Original clean-room training simulation.
Built from public CompTIA SY0-701 objectives and documented John the Ripper behavior. "CompTIA" and "Security+" are trademarks of CompTIA; this lab is independent and unaffiliated. For authorized, educational security testing only.