John the Ripper/Shadow File: Difference between revisions

From charlesreid1

No edit summary
Line 56: Line 56:
</pre>
</pre>


 
Now you can run John the Ripper on the file <code>mypasswd</code>.
 
 
 


=Flags=
=Flags=


{{JohnFlag}}
{{JohnFlag}}

Revision as of 05:19, 26 March 2016

Shadow File

Unix stores information about system usernames and passwords in a file called /etc/shadow. In this file, there are multiple fields (see Reading /etc/shadow page on the wiki for help reading the /etc/shadow file). The most important are the first two: username and password hash.

Example of an /etc/shadow file: 

root:$1$/avpfBJ1$x0z8w5UF9Iv./DR9E9Lid.:14747:0:99999:7:::
daemon:*:14684:0:99999:7:::
bin:*:14684:0:99999:7:::
sys:$1$fUX6BPOt$Miyc3UpOzQJqz4s5wFD9l0:14742:0:99999:7:::
sync:*:14684:0:99999:7:::
games:*:14684:0:99999:7:::
man:*:14684:0:99999:7:::
lp:*:14684:0:99999:7:::
mail:*:14684:0:99999:7:::
news:*:14684:0:99999:7:::
uucp:*:14684:0:99999:7:::
proxy:*:14684:0:99999:7:::
www-data:*:14684:0:99999:7:::
backup:*:14684:0:99999:7:::
list:*:14684:0:99999:7:::
irc:*:14684:0:99999:7:::
gnats:*:14684:0:99999:7:::
nobody:*:14684:0:99999:7:::
libuuid:!:14684:0:99999:7:::
dhcp:*:14684:0:99999:7:::
syslog:*:14684:0:99999:7:::
klog:$1$f2ZVMS4K$R9XkI.CmLdHhdUE3X9jqP0:14742:0:99999:7:::
sshd:*:14684:0:99999:7:::
msfadmin:$1$XN10Zj2c$Rt/zzCW3mLtUWA.ihZjA5/:14684:0:99999:7:::
bind:*:14685:0:99999:7:::
postfix:*:14685:0:99999:7:::
ftp:*:14685:0:99999:7:::
postgres:$1$Rw35ik.x$MgQgZUuO5pAoUvfJhfcYe/:14685:0:99999:7:::
mysql:!:14685:0:99999:7:::
tomcat55:*:14691:0:99999:7:::
distccd:*:14698:0:99999:7:::
user:$1$HESu9xrH$k.o3G93DGoXIiQKkPmUgZ0:14699:0:99999:7:::
service:$1$kR3ue7JZ$7GxELDupr5Ohp6cjZ3Bu//:14715:0:99999:7:::
telnetd:*:14715:0:99999:7:::
proftpd:!:14727:0:99999:7:::
statd:*:15474:0:99999:7:::
snmp:*:15480:0:99999:7:::

Only users with a password hash can log in (if there is a * or a !, they cannot log in).

Unshadow the Shadow

To turn an /etc/shadow file into a normal unix password file, use the unshadow utility (from John the Ripper): 

umask 077
unshadow /etc/passwd /etc/shadow > mypasswd

Now you can run John the Ripper on the file mypasswd.

Flags


Defcon.png
john the ripper
password generator and all-around cracking tool.


John the Ripper  · Category:John the Ripper


Installing John the Ripper on Kali 2.0: Kali 2.0/John the Ripper

Testing John: John the Ripper/Benchmarking

Using John on /etc/shadow files: John the Ripper/Shadow File

Password generation using rules and modes: John the Ripper/Password Generation

Installing some useful password rules: John the Ripper/Rules

Using John to feed password guesses to Aircrack: Aircrack and John the Ripper

John the Ripper on AWS: Ubuntu/Barebones to JtR

Getting Passwords from John: John the Ripper/Password Recovery


Category:Kali  · Category:Security  · Category:Passwords


Flags  · Template:JohnFlag  · e




Retrieved from "https://charlesreid1.com/w/index.php?title=John_the_Ripper/Shadow_File&oldid=9783"