How to crack Linux passwords using john the ripper.

Posted: March 4, 2015. At: 1:46 PM. This was 3 years ago. Post ID: 8083
Page permalink: http://securitronlinux.com/bejiitaswrath/how-to-crack-linux-passwords-using-john-the-ripper/

Now, we must convince Congress to stop the FCC. Can you display an alert?

Firstly, for the purposes of this exercise, we are creating a new user with a simple password. I used a user named “vaas” and gave him the simple password “password”. Then run this command to create the file that john the ripper will be using.

ubuntu@ip-172-31-20-16:~$ sudo unshadow /etc/passwd /etc/shadow > pass.out

Now run the john the ripper to get the passwords.

ubuntu@ip-172-31-20-16:~$ sudo john --wordlist=/usr/share/john/password.lst pass.out
Loaded 3 password hashes with 3 different salts (crypt, generic crypt(3) [?/64])
Press 'q' or Ctrl-C to abort, almost any other key for status
password         (vaas)
1g 0:00:00:20 100% 0.04952g/s 175.6p/s 356.0c/s 356.0C/s !@#$%..sss
Use the "--show" option to display all of the cracked passwords reliably
Session completed

Now we have cracked the users password.

ubuntu@ip-172-31-20-16:~$ sudo john --show pass.out
vaas:password:1003:1003:,,,:/home/vaas:/bin/bash
 
1 password hash cracked, 2 left

This will only work if the users password is in the wordlist. To crack realistic passwords, you would require a massive wordlist to hold all possible passwords.

No comments have been made. Use this form to start the conversation :)

Leave a Reply