How to crack an Ubuntu user password easily with John The Ripper.

Posted: August 25, 2017. At: 9:27 AM. This was 6 months ago. Post ID: 11260
Page permalink.
WordPress uses cookies, or tiny pieces of information stored on your computer, to verify who you are. There are cookies for logged in users and for commenters. These cookies expire two weeks after they are set.

Cracking an Ubuntu password with John the Ripper is very easy. All that is needed is a good wordlist and the John The Ripper utility.

Install the John the Ripper password cracking utility.

[email protected]:~/Documents/Windows$ sudo apt install john

Dump the Linux user account information to a file from the shadow and passwd files.

[email protected]:/home/jason/Documents/Linux# unshadow /etc/passwd /etc/shadow > passwords

Make sure we have a suitable wordlist that could possibly contain a matching password. I used the rockyou.txt file from Kali Linux. Then we are ready to crack the password hashes.

root@jason-desktop:/home/jason/Documents/Linux# john --wordlist=../Windows/rockyou.txt passwords 
Created directory: /root/.john
Loaded 2 password hashes with 2 different salts (crypt, generic crypt(3) [?/64])
Press 'q' or Ctrl-C to abort, almost any other key for status
302c64&*(        (jason)
samthedog        (justin)
2g 0:00:02:36 100% 0.01279g/s 448.3p/s 485.8c/s 485.8C/s shandra..ricky10
Use the "--show" option to display all of the cracked passwords reliably
Session completed

This only took several seconds and both password hashes were cracked. This is a very easy Linux task, once the user has stolen the password files, which requires sudo access. I did this on Ubuntu 17.04. Very easy to crack the passwords, but you need to get access to the shadow and passwd files which is the hard part.

No comments have been made. Use this form to start the conversation :)

Leave a Reply