Have about half the assignment done, can't complete this portion on account of being on a Windows 10 computer with high security on it. Don't have the time or inclination to adapt an existing program to do this, or track down one capable of it - nor am I entirely certain on how to circumvent my computer's security (or if it is wise to). It would therefore be best if this were done on a pre-Windows 8 system for simplicity's sake. Only things needed here are:
Extract the password hashes from a machine. Using John the Ripper, Brutus, or RainbowCrack, as well as pwdump or a similar utility to actually dump them to a file. Windows preferred, as that is the OS I use.
With the extracted password hashes, try to crack them using the program selected in the previous step.
Submit an obfuscated list of users and cracked passwords, or output generated from the program. Output in the form screenshots can work for this as well as the extraction; either way, it needs to be apparent that it's from the same machine during the same iteration.
Add a discussion about types of penetration tests, the discussion about the method to extract passwords, and the list of obfuscated passwords to the report. Needn't be long.