Posted: . At: 1:46 PM. This was 9 years ago. Post ID: 8083
Page permalink. WordPress uses cookies, or tiny pieces of information stored on your computer, to verify who you are. There are cookies for logged in users and for commenters.
These cookies expire two weeks after they are set.


How to crack Linux passwords using john the ripper.

by

Firstly, for the purposes of this exercise, we are creating a new user with a simple password. I used a user named “vaas” and gave him the simple password “password”. Then run this command to create the file that john the ripper will be using.

ubuntu@ip-172-31-20-16:~$ sudo unshadow /etc/passwd /etc/shadow > pass.out

Now run the john the ripper to get the passwords.

ubuntu@ip-172-31-20-16:~$ sudo john --wordlist=/usr/share/john/password.lst pass.out
Loaded 3 password hashes with 3 different salts (crypt, generic crypt(3) [?/64])
Press 'q' or Ctrl-C to abort, almost any other key for status
password         (vaas)
1g 0:00:00:20 100% 0.04952g/s 175.6p/s 356.0c/s 356.0C/s !@#$%..sss
Use the "--show" option to display all of the cracked passwords reliably
Session completed

Now we have cracked the users password.

ubuntu@ip-172-31-20-16:~$ sudo john --show pass.out
vaas:password:1003:1003:,,,:/home/vaas:/bin/bash
 
1 password hash cracked, 2 left

This will only work if the users password is in the wordlist. To crack realistic passwords, you would require a massive wordlist to hold all possible passwords.


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.