Firstly, for the purposes of this exercise, we are creating a new user with a simple password. I used a user named “vaas” and gave him the simple password “password”. Then run this command to create the file that john the ripper will be using.
[email protected]:~$ sudo unshadow /etc/passwd /etc/shadow > pass.out
Now run the john the ripper to get the passwords.
[email protected]:~$ sudo john --wordlist=/usr/share/john/password.lst pass.out Loaded 3 password hashes with 3 different salts (crypt, generic crypt(3) [?/64]) Press 'q' or Ctrl-C to abort, almost any other key for status password (vaas) 1g 0:00:00:20 100% 0.04952g/s 175.6p/s 356.0c/s 356.0C/s !@#$%..sss Use the "--show" option to display all of the cracked passwords reliably Session completed
Now we have cracked the users password.
[email protected]:~$ sudo john --show pass.out vaas:password:1003:1003:,,,:/home/vaas:/bin/bash 1 password hash cracked, 2 left
This will only work if the users password is in the wordlist. To crack realistic passwords, you would require a massive wordlist to hold all possible passwords.