Are there any practical attacks on random number generators?
Insecure use PRNG: An extremely naive demonstration of this (if you want to do a lab) is to use a seed derived from the current time to generate a Pseudo Random password for an open source password manager (you could add in some other bit of knowable information if you want to make it look more random). If the students notice this fact in the source they could predict passwords. Of course the source isn't actually needed to determine this information ( it would just speed up the lab)
for well known real world examples check out https://en.wikipedia.org/wiki/Random_number_generator_attack
Yes, there is. See Factorable for a famous example where RSA and DSA keys were generated by embedded devices immediately as they booted up when insufficient randomness was collected:
We performed a large-scale study of RSA and DSA cryptographic keys in use on the Internet and discovered that significant numbers of keys are insecure due to insufficient randomness. These keys are being used to secure TLS (HTTPS) and SSH connections for hundreds of thousands of hosts.
Nearly all the vulnerable hosts are headless and embedded network devices, such as routers, firewalls, and server management cards. These types of devices often generate keys automatically on first boot, and lack many of the physical sources of randomness used by traditional PCs to generate random numbers. We identified apparently vulnerable devices and software from 54 manufacturers and notified these companies about the problems.
Read their research paper to see exactly how they did this.
Some of the PRNG algorithms standard in programming languages can be broken after enough samples are seen. Refer to https://security.stackexchange.com/a/31645/192426 for a description and link to an example script.