In linux the passwords of the users will be encrypted with an algorithm called shadow.
By using unshadow algorithm we can get the hashes of the passwords.
Through these hashes we can get the password by using a tool called john.
John will help to crack the hashes of the passwords.
Installing John The Ripper:
$ sudo apt-get install john
$ locate passwd
👆 this command will help us to locate the directory of the password file
$ locate shadow
☝ this command will help to locate the shadow file.
$ man unshadow
👆 command helps to get the details of the unshadow.
Syntax to use unshadow 👇:
$ unshadow passowrd-file shadow-file
This syntax helps to combine the shadow file and password file and resultant will stored in file name called dump.
$ unshadow /etc/passwd /etc/shadow
$ unshadow /etc/passwd /etc/shadow > 1.txt
$ john 1.txt
Cracking using the wordlist:
We can also crack passwords by using the wordlists. The most used wordlist for cracking is “rockyou.txt”. This text file contains millions of most used passwords.
$ john --wordlist=path_of_wordlist_file filename_of_hashes
Creating a custom wordlists using crunch:
Custom wordlists helps us to create the wordlists of our style/pattern.
$ sudo apt-get install crunch
Syntax of crunch:
$ crunch min max charset options
min and max are the numbers which tells the min length and max length of the words. Character set for crunch:
- Loweralpha numeric
$ crunch 1 8
This command will display a wprd list that starts with “a” and ends with “z” with a length of 1 to 8.
$ crunch 1 6 abcdefg
This command will display a wordlist that starts with “a” and ends with “g” with a length of 1 to 6.
$ crunch 2 3 lok123 -o /root/Desktop/3.txt
Here -o represents to send the wordlist to the specified file
This command will create a alpha-numeric wordlist starts with a length 2 and ends with length 3 and saves the wordlist in the file 3.txt .
$ crunch 4 5 -f /usr/share/rainbowcrack/charset.txt loweralpha-numeric -o /root/Desktop/4.txt
How to prevent this from attacker:
- Limit the access to the file for the specific users. Recommended: Only root user should have access to those files.
- Keep yourself low : Use the normal user for you purposes. When you want to install anything then you can use the root user and install the things. This helps when an attacker has your user credentials he cannot be priviledged to use those files.
- Keep changing your passwords within a 3 months of time.
- Do not share your passwords to anyone.
- Keep the passwords which can’t be guessed by the attacker.
–regards Lokesh Dachepalli