How to Crack User Passwords in a Linux System
How to Crack User Passwords in a Linux System
In this article, we'll look at how to grab the password hashes from a Linux system and crack the hashes using probably the most widely used password cracking tool out there...
- Welcome back, my eager hackers!
Let's boot up BackTrack and get hacking!
Where Linux Passwords Are Stored
Linux passwords are stored in the /etc/passwd file in cleartext in older systems and in /etc/shadow file in hash form on newer systems. We should expect that the passwords on anything other than old legacy systems to be stored in /etc/shadow.guys first see alll steps 3x times :P and thn understand it because its little hard to understand :)
Step 1: Create Some User Accounts
Since our BackTrack system probably doesn't have many users on it other than our root account, let's go ahead and create a couple more accounts.Let's create user1 with password "flower" and user2 with a password of "hacker".
I've purposely chosen dictionary words as the complexity of the password is inversely related to the time necessary to crack it. One of the nice features of John the Ripper is that it will try to use a dictionary attack first. If that fails, it will try a hybrid attack. And only if that fails will it attempt a brute-force attack, which is the most time consuming.Step 2: Open John the Ripper
Now that we have a couple of regular users in our system with simple passwords, we now need to open John the Ripper. John the Ripper is a simple, but powerful password cracker without a GUI (this helps to make it faster as GUIs consume resources).We can access it from BackTrack by going to the BackTrack button on the bottom left, then Backtrack, Privilege Escalation, Password Attacks, Offline Attacks, and finally select John the Ripper from the multiple password cracking tools available.
Step 3: Test John the Ripper
At the prompt, type:- bt > john -test
Step 4: Copy the Password Files to Our Current Directory
Linux stores its passwords in /etc/shadow, so what we want to do is copy this file to our current directory along with the /etc/passwd file, then "unshadow" them and store them in file we'll call passwords. So, let's type both:- bt > cp /etc/shadow ./
- bt > cp /etc/passwd ./
Step 5: Unshadow
Next we need to combine the information in the /etc/shadow and the /etc/passwd files, so that John can do its magic.- bt > ./unshadow passwd shadow > passwords
Step 6: Crack!
Now that we have unshadowed the critical files, we can simply let John run on our password file.- bt > john passwords
It's also important to note that any password cracker is only as good as its word list. For more complex or hybrid passwords, you probably want to use a password list containing far more passwords, including hybrid passwords such "p@$$w0rd" that combine special characters into words.
We'll be doing more password cracking among numerous other hacks, so keep coming back! And if you have any questions, feel free to comment below
please visit again:- http://techwithuttam.blogspot.in/
How to Crack User Passwords in a Linux System
![How to Crack User Passwords in a Linux System]()
Reviewed by Unknown
on
10:03
Rating:
How To Crack User Passwords In A Linux System - Demo >>>>> Download Now
ReplyDelete>>>>> Download Full
How To Crack User Passwords In A Linux System - Demo >>>>> Download LINK
>>>>> Download Now
How To Crack User Passwords In A Linux System - Demo >>>>> Download Full
>>>>> Download LINK