Password Cracking - Robertsegee/SEC335 GitHub Wiki

In this lab, we tackled cracking passwords with different tools such as hashcat, unshadow, and JTR. The first step was to gain root access in order to view the contents of both /etc/passwd and /etc/shadow. The reason we need access to /etc/shadow is so that we can view the hash along with the accounts associated with it. We were able to get access to root by gaining access to an account with elevated privileges from last week's lab. After viewing both passwd and shadow I then put the results into 2 txt files named 3userpasswd and 3usershadow. When viewing the shadow file you can see that it looks messy with a bunch of characters but this shows the hashing algorithm along with the salt. For example in this lab it started with the username then followed by $6 which indicates that it is an SHA-512 algorithm, next it is $(followed by characters) which is the salt, the salt assigns unique hashes to accounts in the event that two accounts use the same password. This is followed by $(characters) which is the hash itself. Then we use the tool unshadow which combines the contents of passwd and shadow. When this is done we can use the contents of the new unshadowed file to run it through JTR which the syntax is: john (unshadowed file) This will act as a password cracker and it should show the password. Another method of cracking is by using hashcat, to do this you enter the command hashcat -m 1800 -a 0 -o (file you want to output to) (file with shadow entry) (wordlist). Then you can cat the new file and find out what the passwords are.