Cracking an Ubuntu password with John the Ripper is very easy. All that is needed is a good wordlist and the John The Ripper utility.
Install the John the Ripper password cracking utility.
jason@jason-desktop:~/Documents/Windows$ sudo apt install john |
Dump the Linux user account information to a file from the shadow and passwd files.
root@jason-desktop:/home/jason/Documents/Linux# unshadow /etc/passwd /etc/shadow > passwords |
Make sure we have a suitable wordlist that could possibly contain a matching password. I used the rockyou.txt file from Kali Linux. Then we are ready to crack the password hashes.
root@jason-desktop:/home/jason/Documents/Linux# john --wordlist=../Windows/rockyou.txt passwords Created directory: /root/.john Loaded 2 password hashes with 2 different salts (crypt, generic crypt(3) [?/64]) Press 'q' or Ctrl-C to abort, almost any other key for status 302c64&*( (jason) samthedog (justin) 2g 0:00:02:36 100% 0.01279g/s 448.3p/s 485.8c/s 485.8C/s shandra..ricky10 Use the "--show" option to display all of the cracked passwords reliably Session completed |
This only took several seconds and both password hashes were cracked. This is a very easy Linux task, once the user has stolen the password files, which requires sudo access. I did this on Ubuntu 17.04. Very easy to crack the passwords, but you need to get access to the shadow and passwd files which is the hard part.