LINUX CREDENTIALS CRACKING

PRIMARY CATEGORY → CRACKING

Linux System User Passwords

Hashes within /etc/shadow or /etc/security/opasswd

Generic Hash Format

$<HASH_ALGORITHM_TYPE>$<SALT>$<HASH>

Unshadow

Before cracking the hashes, just use unshadow to merge both passwd and shadow files as follows →

cp /etc/passwd /tmp/passwd.bk && cp /etc/shadow /tmp/shadow.bk

unshadow /etc/passwd.bk /etc/shadow.bk | awk -F: '!/[\*!]/ { printf "%s:%s\n", $1, $2 }' > /tmp/unshadowed.hashes

MD5

Hash Format

$1$38652870$DUjsu4TTlTsOe/xxZ05uf/

hashcat --force -O --user --hash-type 500 <HASH> <WORDLIST>

Show Password in Plain Text

hashcat --force -O --user --hash-type 500 <HASH> <WORDLIST> --show

SHA512

Hash Format

$6$72820166$U4DVzpcYxgw7MVVDGGvB2/H5lRistD5.Ah4upwENR5UtffLR4X4SxSzfREv8z6wVl0jRFX40/KnYVvK4829kD1

hashcat --force -O --user --hash-type 1800 <HASH> <WORDLIST>

Show Password in Plain Text

hashcat --force -O --user --hash-type 1800 <HASH> <WORDLIST> --show