The many Linux distributions out there are very interesting in how they work. The passwords for the users are stored in a file in /etc/shadow. This is only readable by the system administrator account and are encrypted with different levels of encryption.
This example is using the outdated MD5 encryption scheme, which should never be used in 2020. The username is in one column and the next one is the password hash. The $1 means that it is MD5 encryption.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | backup:$1$YQkzQdUi$AXbcTmNqE8I5d9USlV9EF.:15288:::::: c.parra:$1$bYJzJCeN$.B5bJ8Gjk88SiDOJbflle/:15288:::::: c.veloz:$1$BsC3tVoO$vZNuwvDtztj3UmEVhKhHQ.:15288:::::: j.alvarado:$1$5MadHnYy$nfaUJZmL36ItIVIdaZXuj.:15288:::::: jessirangel:$1$/.ZLSNSN$iA8QM5O/XKIO5Ncg7NZvi/:15288:::::: jorgebardawil:$1$iFA1Mby0$R7n0ER4wtvQmIg5Ls3bD21:15288:::::: joselin.alvarado:$1$wHCrbjj/$Q5MRT8h2h.PFi/HrfCzYp1:15288:::::: maria.pinto:$1$QHJejC80$.G66b6kQlpYm5xWbEZYKa/:17742:::::: servicios:$1$HLymajSF$pvTdRz0rwMvuB73ojzQFp/:15377:::::: j.gil:$1$.k.MifwE$688nk/3ho05byhzB9Ncff/:15583:::::: carnets:$1$TPNfc5YG$LhawL64GLJwLeTFeetGCE0:15727:::::: comunicaciones:$1$GLRxrD2P$n8cJmtIePnCEyahq8qy17/:16566:::::: cv:$1$yuVY0R9K$bo1HHbzflL6.a1ClholOo/:16997:::::: l.gonzalez:$1$Z/vMaUEk$Zo06mLs86i2eC5nWxS2F60:17021:::::: asis_admin:$1$Dz8B8AbB$xZmzNYD6CXQTK2iZA6YvN/:17021:::::: a.alvarado:$1$Pr3UtXHY$NdPYCz17svcBLE90TKsod0:17029:::::: contacto:$1$KbSygpQr$mg7xwd8oF.c2ESD2CBkHS1:17436:::::: ventasonline:$1$T4RYf2l2$7FG8mEQi1nILnHg4I.W.R/:17742:::::: chepel:$1$UUssuHjs$km26VTUXXpUlzee4a8KHA/:17835:::::: |
The usernames and other information like the home directory is stored in the /etc/passwd file. Other information like Full Name can be here as well.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | backup:x:515:513::/home/enseca/mail/example.com/backup:/usr/local/cpanel/bin/noshell c.parra:x:515:513::/home/enseca/mail/example.com/c.parra:/usr/local/cpanel/bin/noshell c.veloz:x:515:513::/home/enseca/mail/example.com/c.veloz:/usr/local/cpanel/bin/noshell j.alvarado:x:515:513::/home/enseca/mail/example.com/j.alvarado:/usr/local/cpanel/bin/noshell jessirangel:x:515:513::/home/enseca/mail/example.com/jessirangel:/usr/local/cpanel/bin/noshell jorgebardawil:x:515:513::/home/enseca/mail/example.com/jorgebardawil:/usr/local/cpanel/bin/noshell joselin.alvarado:x:515:513::/home/enseca/mail/example.com/joselin.alvarado:/usr/local/cpanel/bin/noshell maria.pinto:x:515:513::/home/enseca/mail/example.com/maria.pinto:/usr/local/cpanel/bin/noshell servicios:x:515:513::/home/enseca/mail/example.com/servicios:/usr/local/cpanel/bin/noshell j.gil:x:515:513::/home/enseca/mail/example.com/j.gil:/usr/local/cpanel/bin/noshell carnets:x:515:513::/home/enseca/mail/example.com/carnets:/home/enseca comunicaciones:x:3423:3417::/home/enseca/mail/example.com/comunicaciones:/home/enseca cv:x:3423:3417::/home/enseca/mail/enseca.com/cv:/home/enseca l.gonzalez:x:3423:3417::/home/enseca/mail/example.com/l.gonzalez:/home/enseca asis_admin:x:3423:3417::/home/enseca/mail/example.com/asis_admin:/home/enseca a.alvarado:x:3423:3417::/home/enseca/mail/example.com/a.alvarado:/home/enseca contacto:x:3423:3417::/home/enseca/mail/example.com/contacto:/home/enseca ventasonline:x:3423:3417::/home/enseca/mail/example.com/ventasonline:/home/enseca chepel:x:3423:3417::/home/enseca/mail/example.com/chepel:/home/enseca |
In this example, the user is named “Jon Snow”.
jason:x:1000:1000:John Snow:/home/jason:/bin/bash |
SSH authentication can use public and private keys. Below is an example SSH private key.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 | -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,13FD152F540734F8 /bWEK2nJD1W56Xrvvwidet4/3mNcN/dImf4mXyBUvtQ5inHPWZuVk3GgX0d1W2o9 koOrN79FIe2f6aHlvfo1Zr6+uwr3pynnBWUH5EnvTjzVsq6mX1ABJMCgw8zvb7x0 6L869rZ2Mmwz8Vi7L9gOnZNjWR9boOJo0RYlsm+I1UQ/VTib2wh6nR4QPsrFmG3w E1EtSFWFfLlatVhJnmaycVa+kwrcwyRbl3yAcq+0e2Tu4lCVWwqoX0Qy/Ic9CtFd MBBdX6UHrZQZa1aF/0oRCQBNd3/7T5NUun6vByaAGeWvMnni+0CKFIhldXDURsYa wguiJCNEEw3DjgJoIK3OgEiZeyOZfiPR4eEnGrZJGKXPyjtm4E/gVjQT+x6wTW+r bnWj4N/k6MhEEPKgeORbe8vE1gf5FuBXChP4tXc+NeHQsC66mGZiYOXyM3ZVXaNf Ymk17ik7Kn6rAotc8LE81VL3n17wDZO6Q/nldYv0QFAUCEe0y8zTIbaNkJtjJDd8 9LoJ9Ih9DpP3aG7YvdgLRiXyJFcrihbCV3Gcvc17A6n+zIeu3E9Wo9DkQSj5474V qLHQpyEnndsXMlyxzWOMG7QkXQJNuKeHURSudQiqf/g4PJjL1V4j+7phBWAp4W6n 7ilhpSVQ4H++INXiy6BlyMpkDdbqr2rfkfK1EigvqOHv6deGrM/MjWTyyI88R5IN TCoSlWEHr07WF5OwaF8b7y5udpF3O8BF1D8R6RKgmEVY20Q5psyi+/1lzNAC+ydH BwVQYuuP3dEBUxRTjjR7LOhwd96CksfHMO0QpgcR9eCkUKofCn5NYlb+71/fsWke mm/w/tR9yVHQOngICHwWU4hn6+JXh4OjfoVG+sS4HAH8AdGeU8IHBK0sVuAsbQy+ YLjjZPemmq7Vr/3dM1nZUylgRSkP1D+M71heWcd2jwCE/1ZagGFAkF6A/ZU4LMGo aKksSVcd/Ik9CQfSOjsd4CLaYM+vNnzwYdIGcx8c/AxOIk0bQBZSBEygBeSrhipe luFTw4XlE/NMN4drFFGQlYuWpcWU1uNLoVStyeZ0oWJT+My6HeDtbuIz6frAUx/6 TQpJ9R99fwRaOvJwJaXfpbspwjTq8BkIiqKSeVaj15Qi2t3C8DjHfA3bfow+g8Zz 2m5/WSfNr+RBFRKiVvfn7Ee/Ji78rOFs9mSgzOv7Y/XgpU9gZL09kmnQMXcZ5xM5 bhrQJYY9Y7SYqJWYcL0rptwpOPf/QAKG8ESbVm46jguEfRvasJ61mqBe2tDxrk5H DC/4uy4uJ0l4/+IboplR2G9OFCK+ykIA9hNgaKSRWQ1eqwAGrK2DJsTEVLNebk6m fOfv12Jh+sC7JIPICEQPwwAlmsVZfLvHkOOaaxMTjBILsolcstmNWlH92nBcImDt ciNLPlQMXptcbUJbEGepec52Rqzm9s2gBYmMwatqfkRamC0C6xoBSWln82mKx30K X1C+WLmTyFeZ9sC7VNgu4hlSaYjT8RTlUMi/JXEQCKZ7LayQlcLDYtcIgEFOhc+n xBwrDdiYTGJ+NCkTvBOdYChIkQNnBrv9NwRdwkUrdflpBQN7csd12Q== -----END RSA PRIVATE KEY----- |
This is protected by a passphrase and this is something that you must not let fall into enemy hands. The use of MD5 encryption is outdated these days. SHA512 is preferred unless you do not care about security at all. The Linux system of authentication provides very good security, as long as the passwords are strong enough and they are using a modern encryption scheme. Even SHA256 is way better than MD5. No one should be using that in 2020. The PAM security modules could be handling logins as well these days. Modern Linux is very secure, unless you are using outdated software and kernel.
MySQL can store user passwords in the SQL file. They would look like this.
$P$BHLYqFiQg2k42SYJe4L8zFhFStB8Au/ |
Programs like John the Ripper can break passwords, but you need to get ahold of the /etc/shadow file, then you may attempt to break the password. Read more about this procedure here: https://securitronlinux.com/bejiitaswrath/crack-a-fedora-25-password-with-john-the-ripper-easily-this-is-fun/. This is how to break a Fedora Linux password hash with John the Ripper.
How to crack a SHA512 password hash with oclhashcat on Linux.