Cracking /etc/shadow Password Hash using John the Ripper
You have mid-engaged with Linux. Recently you installed Linux in your system. But few days later, you forgot your system password. “I remember when I was doing a penetration testing of a company. We saved /etc/shadow hash in a TXT file.” I don’t remember correctly whether that file is saved in the system or not. Wow, we are lucky. We have got the hash file. But I have no idea how to decrypt the hash file.
What will you do?
Once you have retrieved hash from your system, you want to crack them. In this article, we will use one of the most favorite tools for cracking the password is the john the ripper tool that is pre-installed in Kali Linux.
What is Shadow File ?
In the Linux operating system, the Shadow file is a system file, In which the user’s password remains stored as a hash. Shadow file inside the /etc/ folder. /etc/ is a configuration file.
Consider the following summary:- You have entered on your Linux Operating System and want to see the Linux hash that remains stored inside the/etc/ folder. We will put the command cat /etc/shadow or follow the below command In which help you see the hash file of Linux.
cat /etc/shadow | grep pentestblog
We have saved all hash in a new_file. If you want to look at the new_file hash, then apply the command given below.
In this stage, we will decrypt the new_file hash using john the ripper tool. We have a wordlist that we generated with the help of the crunch tool. If you are a fresher, then you should visit our YouTube channel. We have made a video on crunch tool. Back to topic, for getting more information, follow the below command.
john –wordlist=/root/rockyou.txt new_hash
In the end, John has decrypted the hash. In the image, with the help of the command, I have shown how to view your password. As I said many times, follow the below command.
john –show new_file
Wow, we are glad. I never expected that I would get my password again, I have marked the password in the below image. I would like to thanks John the Ripper tool.
- Protected: How To Mount USB Drive in Ubuntu Linux
- CVE-2022-30190 (Follina)-Microsoft Support Diagnostic Tool Vulnerability
- SQL INJECTION – Extracting Username and Password From Database
- How To Dump Username And Password Using SQLMap Tool?
- Protected: Exploit Apache Log4j Security Vulnerabilities – CVE-2021-44228
The professional hacker true out the word that I believed in him is only Henryclarkethicalhacker Group Hackers Checked Google and see everybody comments on him he a professional that I believed in him if you have problems on any stuffed like a bank, company, school grades change examinations, database, Social media hacks, Email hacks, Phone hacks, Bitcoin hacks, increased Credit score boost to 800, School result upgrading, cryptocurrency, Binary option funds recovery, Bitcoin Mining, Instagram, WhatsApp, Twitter, Monitor your colleague, access your spouse social media, and a lot more, via, firstname.lastname@example.org, on whatsapp 18134211326..
Contact him for any type of hacking, he is a professional hacker that specializes in exposing cheating spouses, and every other hacking related issues. he is a cyber guru, he helps catch cheating spouses by hacking their communications like call, Facebook, text, emails, Skype, whats-app and many more. I have used this service before and he did a very good job, he gave me every proof I needed to know that my fiancee was cheating. You can contact him on his email to help you catch your cheating spouse, or for any other hacking related problems, like hacking websites, bank statement, grades and many more. he will definitely help you, he has helped a lot of people, contact him on, Henryclarkethicalhacker@gmail.com, and you can Text/Call &WhatsApp: +1 (773)-609-2741, or +1201-430-5865, and figure out your relationship status. I wish you the best.