Guide to Hashcat

Unshadow /etc/shadow Entries

• The unshadow utility can be used to create a file usable by Hashcat to crack the unshadowed hashes.
• To use the unshadow utility, you need /etc/passwd entries and /etc/shadow entries.
• If you wanted to unshadow the entire /etc/shadow file, you would use the command, sudo unshadow /etc/passwd /etc/shadow > unshadowed.txt
  • This command also puts the command results into the unshadowed.txt file

Using Hashcat

• Hashcat is a password cracking tool
• The unshadow.txt file can be used with hashcat
• Hashcat also required a wordlist to be specified
• An example command I used was hashcat -m 1800 -a 0 -o cracked.txt unshadowed.txt small_pass_list.txt
  • This command found the passwords from the hash for each user in unshadowed.txt and output the results to a file called cracked.txt

Flags

• -m: Specifies hash type (1800 is sha512crypt)
• -a: Specifies the attack mode (0 is straight)
• -o: Specifies the output file