BeautyandBoost.com
Music
I thought I might share with you a way to recover password on a *nix system. The commands and screen shots are from Ubuntu, but this basic process should work for any distro.
When you create an account on a Linux system, the password isn’t stored. Instead, the hash of the password is stored in /etc/shadow. Here is a portion of my shadow file. The password hash field begins with $1$.
test123:$1$UvnJA$5PxY8jbKrQdRePqywAzmW1:13817:0:99999:7::: testrnd:$1$mPo0o$mZSYvKEgrLN9WPFnVk2xT/:13817:0:99999:7:::
Now, if I want to discover the passwords for those accounts, I need to enlist the help of John the Ripper.
You can install it on Ubuntu with this command:
sudo apt-get install john
When you’re ready to crack the password, just run
sudo john /etc/shadow
That screen shot is of the second time I ran this command. When I originally started this command, it recovered the password for test123 immediately. So fast, in fact, that I wasn’t ready to grab a screen shot. That’s ok though, because there’s an option you’ll need to know anyway. Once John cracks a password, it remembers it, and doesn’t try to crack it again. Should you ever need to see it again, the command option is -show.
So it recovered a password which was the same as the username; not very impressive huh? Well the reason it recovered that password so quickly is that it has three modes of recovery. First it tries variations of the username, then it tries it’s wordlists, then it tries a brute force attack.
If you have it running, and want to check the status, just hit enter in the terminal window.
Try it on your machine. See how long it takes to crack your passwords, and let me know in the comments.
Credit to: James House
Related Posts: On this day...
- Blackberry "London." Leaked pic of new BBX device - 2011
- Twinkie diet helps nutrition professor lose 27 pounds - 2010
- Google Offers Free Wi-Fi at Airports During the Holidays - 2009
- TSA doesn't understand what "random" means - 2009
- Spam gets 1 response per 12,500,000 emails - 2008
- Bypass any Firewall or Throttling ISP with SSH - 2007
- Why Commercials Before Movies Is Worse Than Piracy - 2007
[...] Unknown wrote an interesting post today onHere’s a quick excerpt [ recover3.png] I thought I might share with you a way to recover password on a *nix system. The commands and screen shots are from Ubuntu, but this basic process should work for any distro. When you create an account on a Linux system, the password isn’t stored. Instead, the hash [...]
So far, john hasn’t cracked my passwords. I use fairly long ones with alpha and non-alpha characters, so I’m thinking it might take a long time. Still, the best way to know is to actually put it to the test…
Well… last time i tried to crack my password, it took over 7 hours, then i stopped the program because i didn’t want a buzzing computer in my room when i tried to sleep
it’s only a sequence of normal char’s though, not even numbres… but yah, it’s quite long and random…
It might be a good idea to show how to remove the cached passwords. Otherwise all the passwords on your machine are one sudo command away from being revealed?
Morgan Goose:
One first run this is displayed – Created directory: /root/.john
Delete directory and remove cached passwords.
Well, 3 seconds later:
sudo john -show /etc/shadow
Created directory: /root/.john
0 password hashes cracked, 1 left
This doesn’t work on Ubuntu 9.04:
$ sudo john /etc/shadow
Created directory: /root/.john
No password hashes loaded
I looked in /etc/shadow and the 1 account that has a password associated with it, starts with $6$ and not $1$.
I have the same problem as Brian.
The shadow file starts with $6$ and not $1$
$6$dRM3s/LEr$LG……..
What shall we do?
me too I’ve got the same problem, the shadow file also starts with a $6$ instead of $1$, looks like that they changed the process off store passwords, they used MD5 before, but now I dont know what is used…
I believe that encryption can be used by the shadow not is MD5 but yes : SHA512, explaining the reason for the existence of the $ 6 $.
[]‘s
B0b0_d4_c0rt3