So, today we're gonna play with some old school password hash cracking on linux systems. We need a modern Linux, and John The Ripper installed,
Now, this is just to show some basics, to keep it short, I suggest you make a wordlist fiile, with the password, to cut down on cracking time.

So, first we need a couple of files to work with, and they are /etc/passwd, /etc/shadow and a wordlist file with your test password.

Now, let's investigate what we got. cat /etc/password first

userxx:x:1000:1000:nx,,,:/home/userx:/usr/bin/zsh

Now, notice there's no hash in here, so it might be that the password is shadowed, try to cat /etc/shadow

userx:$y$j9T$87oy7foohyr8off4rqXO5O/DqjR01/$e1i.OJ/qrb7f4eMRDIQufa8qXG6OTOOGQPb0qZ3b6OwD:17016:0:989887:7:::

You'll see something like this. Notice the $y$j9T$ part. It says this is a hash format called yescrypt. We need that info for later, so keep it in mind.

Now, the next thing we need is to copy those two files into a folder, and unshadow them, so we get one password file, before trying to crack them, and we do that with the unshadow tool from John The Ripper

unshadow password file shadowfile > password_unshadowed

Now, let's crack some passwords. For that you need the password_unshadowed file and your wordlist, and fire up John like so

john --format=crypt unshadowed_passwords --wordlist:/your/wordlist/list.txt   

If the password is in your password file, John should crack it, and show it to you. If some later date, you want to see the passwords again, run john like so.

john --show unshadowed_passwordfile

To launch John in bruteforce mode try john --format=crypt passwordfile

Do note that it takes a long time, maybe forever and an eternity, if it finds the password at all, but give it a try :)

So, some quick password cracking on modern Linux systems for you, go explore on your own now, maybe some old NTLM hashes and HashCat ;)

Much Happy Cracking

You have no rights to post comments