| Wednesday April 16th 2014

Feedburner

Subscribe by email:

We promise not to spam/sell you.


Search Amazon deals:

HOWTO: Recover A Linux Password


linux password recovery

I thought I might share with you a way to recover password on a *nix system. The commands and screen shots are from Ubuntu, but this basic process should work for any distro.

When you create an account on a Linux system, the password isn’t stored. Instead, the hash of the password is stored in /etc/shadow. Here is a portion of my shadow file. The password hash field begins with $1$.

test123:$1$UvnJA$5PxY8jbKrQdRePqywAzmW1:13817:0:99999:7:::
testrnd:$1$mPo0o$mZSYvKEgrLN9WPFnVk2xT/:13817:0:99999:7:::

Now, if I want to discover the passwords for those accounts, I need to enlist the help of John the Ripper.


You can install it on Ubuntu with this command:

sudo apt-get install john

When you’re ready to crack the password, just run

sudo john /etc/shadow

linux password recovery

That screen shot is of the second time I ran this command. When I originally started this command, it recovered the password for test123 immediately. So fast, in fact, that I wasn’t ready to grab a screen shot. That’s ok though, because there’s an option you’ll need to know anyway. Once John cracks a password, it remembers it, and doesn’t try to crack it again. Should you ever need to see it again, the command option is -show.

linux password recovery

So it recovered a password which was the same as the username; not very impressive huh? Well the reason it recovered that password so quickly is that it has three modes of recovery. First it tries variations of the username, then it tries it’s wordlists, then it tries a brute force attack.

If you have it running, and want to check the status, just hit enter in the terminal window.

linux password recovery

Try it on your machine. See how long it takes to crack your passwords, and let me know in the comments.

Credit to: James House

Related Posts: On this day...

Reader Feedback

10 Responses to “HOWTO: Recover A Linux Password”

  1. [...] Unknown wrote an interesting post today onHere’s a quick excerpt [ recover3.png] I thought I might share with you a way to recover password on a *nix system. The commands and screen shots are from Ubuntu, but this basic process should work for any distro. When you create an account on a Linux system, the password isn’t stored. Instead, the hash [...]

  2. Chiron613 says:

    So far, john hasn’t cracked my passwords. I use fairly long ones with alpha and non-alpha characters, so I’m thinking it might take a long time. Still, the best way to know is to actually put it to the test…

  3. forkbomber says:

    Well… last time i tried to crack my password, it took over 7 hours, then i stopped the program because i didn’t want a buzzing computer in my room when i tried to sleep ;)

    it’s only a sequence of normal char’s though, not even numbres… but yah, it’s quite long and random…

  4. Morgan Goose says:

    It might be a good idea to show how to remove the cached passwords. Otherwise all the passwords on your machine are one sudo command away from being revealed?

  5. MTecknology says:

    Morgan Goose:

    One first run this is displayed – Created directory: /root/.john
    Delete directory and remove cached passwords.

  6. Ebbot says:

    Well, 3 seconds later:

    sudo john -show /etc/shadow
    Created directory: /root/.john
    0 password hashes cracked, 1 left

  7. Brian says:

    This doesn’t work on Ubuntu 9.04:

    $ sudo john /etc/shadow
    Created directory: /root/.john
    No password hashes loaded

    I looked in /etc/shadow and the 1 account that has a password associated with it, starts with $6$ and not $1$.

  8. jhonny says:

    I have the same problem as Brian.

    The shadow file starts with $6$ and not $1$

    $6$dRM3s/LEr$LG……..

    What shall we do?

  9. andre says:

    me too I’ve got the same problem, the shadow file also starts with a $6$ instead of $1$, looks like that they changed the process off store passwords, they used MD5 before, but now I dont know what is used…

  10. B0b0_d4_c0rt3 says:

    I believe that encryption can be used by the shadow not is MD5 but yes : SHA512, explaining the reason for the existence of the $ 6 $.

    []‘s
    B0b0_d4_c0rt3

Leave a Reply

You must be logged in to post a comment.