# Linux Password Cracking ## Table of Contents 1. [Introduction](#introduction) 2. [Understanding Linux Password Hash Formats](#understanding-linux-password-hash-formats) 3. [The `unshadow` Command](#the-unshadow-command) 4. [Cracking Passwords with `John the Ripper`](#cracking-passwords-with-john-the-ripper) 5. [Example](#example) 6. [Conclusion](#conclusion) *** ## Introduction In this lesson, we will explore the process of cracking Linux passwords locally. This practical skill is essential for understanding the security of Linux systems. We will use the `unshadow` command to prepare password files for password cracking and the `John the Ripper` tool for the actual password cracking. Additionally, we will explain various Linux password hash formats that you may encounter. ## Understanding Linux Password Hash Formats Linux uses various password hash formats to store user passwords securely. These formats are identified by a prefix character in the password hash. Here are some common Linux password hash formats: * `$1`: MD5 hashing algorithm. * `$2`: Blowfish Algorithm. * `$2a`: Extended Blowfish Algorithm. * `$5`: SHA-256 Algorithm. * `$6`: SHA-512 Algorithm. * `$y`: Yescrypt Algorithm. Each format is associated with a specific cryptographic algorithm and provides varying levels of security. It's crucial to understand these formats when working with password cracking tools. ## The `unshadow` Command The `unshadow` command is used to merge password and shadow files, making it easier to analyze and crack user passwords. The `/etc/passwd` file contains user information, while the `/etc/shadow` file contains password hashes and related information. To use `unshadow`, simply run the following command: ```shell unshadow /etc/passwd /etc/shadow > unshadowed-file ``` This command creates a `unshadowed-file` that contains user information from `/etc/passwd` and password hashes from `/etc/shadow`. This merged file is used as input for password cracking tools like `John the Ripper`. You can also use `Hashcat`. ## Cracking Passwords with `John the Ripper` `John the Ripper` is a powerful password cracking tool that supports a variety of password hash formats. To crack passwords using `John the Ripper`, follow these steps: 1. Create the merged file using the `unshadow` command as described in the previous section. 2. Run `John the Ripper` with the merged file: ```bash john unshadowed-file ``` `John the Ripper` will attempt to crack the passwords using various techniques, including dictionary attacks, brute-force attacks, and more. Once the process is complete, `John the Ripper` will display the cracked passwords if successful. ## Example Let's consider an example to understand Linux password hash formats and the cracking process. * `/etc/shadow` content: ```bash username:$6$YTJ7JKnfsB4esnbS$5XvmYk2.GXVWhDo2TYGN2hCitD/wU9Kov.uZD8xsnleuf1r0ARX3qodIKiDsdoQA444b8IMPMOnUWDmVJVkeg1:19446:0:99999:7::: ``` * `/etc/passwd` content: ```bash username:x:1001:1002:Sai Kumar,555,123456789,999123457:/home/sai:/bin/bash ``` * `username` is the User ID. * `$6` is the SHA-512 hash format. * `$YTJ7JKnfsB4esnbS` is the salt. * `$5XvmYk2.GXVWhDo2TYGN2hCitD/wU9Kov.uZD8xsnleuf1r0ARX3qodIKiDsdoQA444b8IMPMOnUWDmVJVkeg1` is the encrypted hash of the password for the user `username`. ## Conclusion Understanding how Linux passwords are hashed and the tools and techniques used for password cracking is crucial for cybersecurity professionals. It helps assess the security of systems and implement better security practices. By mastering these skills, you can protect your systems against password-based attacks and identify vulnerabilities. Now that you have a basic understanding of password cracking on Linux, you can explore further by practicing with real-world scenarios and experimenting with different password hash formats and cracking methods. {% embed url="" %}