How to crack passwords of Linux users!

How to crack passwords of Linux users!

In linux the passwords of the users will be encrypted with an algorithm called shadow.
By using unshadow algorithm we can get the hashes of the passwords.
Through these hashes we can get the password by using a tool called john.
John will help to crack the hashes of the passwords.

Installing John The Ripper:

$ sudo apt-get install john


$ locate passwd

πŸ‘† this command will help us to locate the directory of the password file

$ locate shadow

☝ this command will help to locate the shadow file.

$ man unshadow

πŸ‘† command helps to get the details of the unshadow.

Syntax to use unshadow πŸ‘‡:

$ unshadow passowrd-file shadow-file

This syntax helps to combine the shadow file and password file and resultant will stored in file name called dump.


$ unshadow /etc/passwd /etc/shadow
$ unshadow /etc/passwd /etc/shadow > 1.txt
$ john 1.txt

Cracking using the wordlist:
We can also crack  passwords by using the wordlists. The most used wordlist for cracking is “rockyou.txt”. This text file contains millions of most used passwords.

$ john --wordlist=path_of_wordlist_file filename_of_hashes

Creating a custom wordlists using crunch:

Custom wordlists helps us to create the wordlists of our style/pattern.
Installing crunch:

$ sudo apt-get install crunch

Syntax of crunch:

$ crunch min max charset options

min and max are the numbers which tells the min length and max length of the words. Character set for crunch:

  • Numeric
  • Alpha
  • Alpha-numeric
  • Loweralpha
  • Loweralpha numeric
  • Mixalpha
  • Mixalpha-numeric


$ crunch 1 8

This command will display a wprd list that starts with “a” and ends with “z” with a length of 1 to 8.

$ crunch 1 6 abcdefg

This command will display a wordlist that starts with “a” and ends with “g” with a length of 1 to 6.

$ crunch 2 3 lok123 -o /root/Desktop/3.txt

Here -o represents to send the wordlist to the specified file
This command will create a alpha-numeric wordlist starts with a length 2 and ends with length 3 and saves the wordlist in the file 3.txt .

$ crunch 4 5 -f /usr/share/rainbowcrack/charset.txt loweralpha-numeric -o /root/Desktop/4.txt

How to prevent this from attacker:

  • Limit the access to the file for the specific users.                                                                     Recommended: Only root user should have access to those files.
  • Keep yourself low : Use the normal user for you purposes. When you want to install anything then you can use the root user and install the things. This helps when an attacker has your user credentials he cannot be priviledged to use those files.
  • Keep changing your passwords within a 3 months of time.
  • Do not share your passwords to anyone.
  • Keep the passwords which can’t be guessed by the attacker.

Happy Hacking….!

–regards Lokesh Dachepalli

2 thoughts on “How to crack passwords of Linux users!

  1. Reply
    June 29, 2020 at 8:05 am


  2. Reply
    June 29, 2020 at 8:48 am

    Thank you it’s working

Leave a Reply

Your email address will not be published. Required fields are marked *