Guide for John the Ripper(JtR)

Unshadow /etc/shadow Entries

• The unshadow utility can be used to create a file usable by John the Ripper to crack the unshadowed hashes.
• To use the unshadow utility, you need /etc/passwd entries and /etc/shadow entries.
• If you wanted to unshadow the entire /etc/shadow file, you would use the command, sudo unshadow /etc/passwd /etc/shadow > unshadowed.txt
  • This command also puts the command results into the unshadowed.txt file

Cracking with JohntheRipper(JtR)

• John the Ripper is a password cracking utility
• John the Ripper uses unshadowed /etc/shadow entries and a wordlist to crack the passwords that are in the unshadowed entries.
• Using an ushadowed.txt file and the rockyou.txt wordlist, I ran JtR using the command john --wordlist=/usr/share/wordlists/rockyou.txt unshadowed.txt
  • The command took a little under 2 hours to crack passwords for three entries

Syntax/Flags

• The command format is as follows, john [ARGUMENTS] unshadowed_entries_file
• --wordlists=: Specifies the wordlist to be used for password cracking