Linux Password Cracking with John the Ripper & Hashcat

Overview

This project demonstrates how to extract and crack password hashes from a Linux system using John the Ripper and Hashcat. We used SHA-512 crypt ($6$) hashes from /etc/shadow and cracked them using wordlists.

📌 Step 1: Extracting Password Hashes

Dump the /etc/passwd and /etc/shadow Files

On the target system, we extract the last few entries from /etc/passwd and /etc/shadow: tail -n 3 /etc/passwd > etc_passwd.txt sudo tail -n 3 /etc/shadow > etc_shadow.txt

markdown Copy Edit Then, transfer these files to our Kali Linux machine.

📌 Step 2: Preparing the Unshadowed File

Combine /etc/passwd and /etc/shadow

John the Ripper requires a combined file to function. We create it using unshadow: unshadow etc_passwd.txt etc_shadow.txt > unshadowed1.txt

yaml Copy Edit Verify the file: cat unshadowed1.txt | grep galadriel

shell Copy Edit

📌 Step 3: Cracking Passwords with John the Ripper

Using a Small Wordlist

First, we try a smaller wordlist: sudo john --wordlist=/usr/share/seclists/Passwords/Common-Credentials/10k-most-common.txt --format=sha512crypt unshadowed1.txt

markdown Copy Edit

Using RockYou (Larger Wordlist)

If the small wordlist fails, we use RockYou.txt: sudo gunzip /usr/share/wordlists/rockyou.txt.gz sudo john --wordlist=/usr/share/wordlists/rockyou.txt --format=sha512crypt unshadowed1.txt

markdown Copy Edit

Checking Results

john --show unshadowed1.txt

yaml Copy Edit ✅ Cracked passwords: gandalf.grey -> gandalfrockyou galadriel -> galadrielarwen111 boromir -> BoRomir2000Z

shell Copy Edit

📌 Step 4: Cracking Passwords with Hashcat

Find the Correct Hash Mode

We confirm SHA-512 crypt mode for Hashcat: hashcat -h | grep sha512crypt

markdown Copy Edit 🔹 Mode 1800 is for SHA-512 crypt.

Run Hashcat

hashcat -m 1800 unshadowed1.txt /usr/share/wordlists/rockyou.txt --force

markdown Copy Edit

Display Cracked Hashes

hashcat --show -m 1800 unshadowed1.txt

pgsql Copy Edit ✅ All passwords cracked successfully!

📌 Step 5: Reverse Engineering the Hash with Python

To verify the cracked password, we use Python's passlib: pip3 install passlib python3 -c "from passlib.hash import sha512_crypt; print(sha512_crypt.hash('galadrielarwen111', rounds=1000, salt='poPWvLT/CfA/sxS/'))"

shell Copy Edit

📌 Step 6: Documenting the "Loot"

Create a CSV to Store Cracked Passwords

nano loot.csv

markdown Copy Edit

Add the Following Data:

User,Password,Service gandalf.grey,gandalfrockyou,ssh galadriel,galadrielarwen111,ssh boromir,BoRomir2000Z,ssh

yaml Copy Edit Save and verify: cat loot.csv

markdown Copy Edit

📌 Step 7: Reflection & Key Learnings

Challenges Faced

• John the Ripper took a long time with large wordlists.
• Some passwords were too strong for smaller wordlists.
• Hashcat proved to be a more efficient cracking tool.

Lessons Learned

• Strong passwords are crucial to prevent brute-force attacks.
• Using SHA-512 crypt ($6$) provides better security, but it's still vulnerable to dictionary attacks.
• Password managers are essential to generate and store strong passwords.

📌 Final Deliverables

✅ Screenshot of john --show unshadowed1.txt (Cracked Passwords)
✅ Screenshot of loot.csv with cracked passwords
✅ Screenshot of Hashcat results confirming cracks
✅ Documentation (This GitHub Wiki Page!)
✅ Reflection on Password Security

📌 Conclusion

This project demonstrates the importance of password security and hashing algorithms.