๐ LAB PRACTICE – How to crack passwords with AI and JTR (AI-version)
AI-Assisted Practical Lab โ HexStrike MCP Edition
This lab requires Hexstrike MCP already setup on Kali Linux VM. Please follow this guide if you have not yet setup the Hexstrike MCP server Hexstrike MCP setup guide
Lab Environment: Kali Linux + Hexstrike AI MCP + Claude Desktop Download Lab Guide ย ย Download target PDF
๐ฏ Task
Crack the password of networkwalks_flag1.pdf using John the Ripper (JTR) with the help of AI โ specifically the HexStrike-AI MCP server with Claude Desktop on Kali Linux.
Lab Environment Requirements:
- HexStrike-AI MCP server with Claude Desktop running on Kali Linux VM
- (Follow the attached HexStrike-AI MCP server setup guide)
- Target file:
hash3.networkwalks_flag1.pdfโ included in the lab manual attachment
๐งช Solution
Step 1 โ Prepare the Target File
Copy the target PDF file to the Desktop of your Kali Linux machine.
Step 2 โ Open Claude AI Desktop
Launch Claude Desktop on Kali Linux and enter the following AI prompts one by one:
๐ค AI Prompt 1 โ Verify JTR Installation
>> Check if John the Ripper is installed in this Hexstrike MCP and show me its version
๐ค AI Prompt 2 โ Calculate the PDF Hash
>> Please calculate the hash value of this PDF file:
/home/kali/Desktop/hash3.networkwalks_flag1.pdf๐ค AI Prompt 3 โ Crack the Password
>> Please use JTR tool in this Hexstrike MCP server to crack the password of this PDF file.
Use the rockyou.txt wordlist dictionary.Finally, the password has been cracked.
Download step by step PDF lab guide & the target PDF file.
Download Lab Guide ย ย Download target PDFThis lab requires Hexstrike MCP already setup on Kali Linux VM. Please follow this guide if you have not yet setup the Hexstrike MCP server Hexstrike MCP setup guide
-End-
Extra References & info
๐ก Tip โ Where to Find Wordlists?
Several wordlists come pre-installed in Kali Linux at: /usr/share/wordlists. The most commonly used one for password cracking is rockyou.txt.
๐ Do You Know?
These incidents show why password security and ethical hacking skills matter more than ever:
- 2026 โ South Africa: MTN Group’s breach escalated โ over 5,700 customers affected in Ghana alone, with criminal investigations opened across multiple countries.
- 2025 โ Namibia: Telecom Namibia refused to pay ransom; attackers leaked billing data of senior government officials, exposing thousands of subscriber records.
- 2025 โ Senegal: A ransomware attack on the national tax authority threatened to erase and leak fiscal records covering millions of citizens and businesses.
- 2024 โ Uganda: Hackers broke into the Bank of Uganda and stole $16.8 million โ one of Africa’s largest ever banking cyberheists.
- 2024 โ Nigeria: Fintech giant Flutterwave was hacked and ~$7 million was silently diverted from customer accounts.
- 2024 โ South Africa: Cell C breach exposed 2TB of data from 7.7 million customers โ including ID numbers and banking details.
- 2024 โ Kenya: Urban Roads Authority (KURA) suffered a major breach exposing sensitive government infrastructure data.
- 2024 โ Cameroon: National electricity provider ENEO was cyberattacked, suspending power management applications nationwide.
๐ About This Lab
This lab is part of the Cyber Security & Ethical Hacking training program at Networkwalks Academy.
๐ www.networkwalks.com
๐ง info@networkwalks.com
๐ +27 766 222 218 ย |ย +27 788 220 600
We offer training & certification in:
Cisco CCNA โข Cybersecurity โข Ethical Hacking โข Python โข Linux โข AI