Hashes and Obtaining them

Shadow

• In linux password hashes are stored in /etc/shadow
• Need root permission to access the shadow file.
• Each shadow entry shows the user followed by the hash.
• Parts of the hash are separated by $
• The first part is the hash algorithm. for example $6$ is sha512.
• The second parts is the rounds or if not rounds the salt which is between the next two $. Salting makes the hash more complex.
• After the salt is the hash.

Unshadow

• unshadow the hashes by using unshadow in to combine the passed and shadow files.
• unshadow passwd shadow

John the ripper

• john is a simple password hash crack but is not always the fastest.
• john --wordlist=wordlist.txt unshadowed.txt
• This will take some time but works

Hashcat

• Hashcat is generally faster than john but requires more input.
• -m sets the hash type. for example 1800 is sha512.
• -a set it to attack mode.
• -o set output.
• Example hashcat -m 1800 -a 0 -o cracked.txt unshadowed.txt wordlist.txt
• Refer to man page for more options.

Reflection

Cracking hashes takes a long time using limited resources. The salt and rounds change the hash. The hashing algorithm is important to cracking the hash.