Lab 6.1: Password Cracking - morgan-hanrahan/Tech-Journal GitHub Wiki

Reflection

This week we began using tools to crack user password on by their hashes. This lab was very time consuming, but overall pretty easy. I didn't encounter and challenges during this lab. Now that I've done this lab, I definitely think that password generators aren't the best idea. Chances are those are just randomly taken off of preexisting lists, which we now know are easy to crack. I believe you are just better off making a completely random unique password on your own.

Password Cracking Guide

Grab Password Hashes

Password hashes are stored in /etc/shadow, as root, you are able to cat this file and view the contents within it.

Shadow File Format

testUser:$1$dsahdof$pHFdousdnao#5:15682:0:99999:7:::

1.** testUser **: Username 2. $1: This number is used to determine the type of file hash used 3. dsahdof$pHFdousdnao#5: This is the encrypted password. Usually, the password is in the format $id$salt$hashed. $id is $1 which was described in number 2 above. 4. 15682: last password change (states days since Jan 1, 1970) 5. 0: minimum number of days required between password changes 6. *99999: maximum number of days the password is valid 7. 7: number of days before the password expires and the user is warned

Unshadow

Unshadow allows the combination of /etc/shadow and /etc/passwd files, which allows for you to easily crack passwords. The /etc/passwd file, this file is used to store user information, such as name, shell, home directory, etc. To combine both of these you want to use the command:

  • unshadow /etc/passwd /etc/shadow > unshadow.txt

John The Ripper

Using the unshadow file you created, run the following command:

  • john --wordlist="/usr/share/wordlists/rockyou.txt" unshadow.txt

This command also allows you to specify a wordlist, if you choose not to include one it will use the default JtR wordlist

Hashcat

Hashcat is a similar cracking tool, which we also used during this lab. To use hashcat run a similar command to the one below.

  • hashcat -m 1800 -a 0 -o cracked.txt unshadow.txt
    • -m: Hash type
    • -a: Attack mode
    • -o: File the recovered hash is outputted to