![]() Point him to your wordlist and your unshadowed passwords, and let him run: Now you have your password hash and your wordlist, it's time to feed John. If you are running Kali, you will already have a bunch of great wordlists in /usr/share/wordlists/ including RockYou. Grab yourself a copy from here and unzip it: If there is any hope of cracking this password, there is a good chance it can be found somewhere in the RockYou wordlist. Now assuming the password you desire to crack belongs to a human user, it is likely they are no security ninja utilizing an incredibly complex password system. Unshadow /etc/password /etc/shadow > passwords.txt You will need to unshadow your user credentials with the aptly-named tool included with John before we can begin cracking: Because /etc/passwd is required to be world-readable, for system UID to username translation, all encrypted passwords are now stored in the shadow file (/etc/shadow) on modern systems. John was designed in an age of central credential files, now found only on older Unix systems. Just a quick one today, here is a look at cracking Linux user passwords using John the Ripper. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |