This post assumes you have access to a the target filesystem in question and want to extract and then crack the password hashes from the local machine.
In this example I am going to crack the account passwords used in Metasploitable 2 but the techniques here can be used in many different scenarios.
John the Ripper is included by default with Kali 2 – which is what I am using here.
To be able to crack the accounts we need two files from the target system:
- /etc/passwd -> Containing the user information
- /etc/shadow -> Containing the corresponding password hashes for the users
- John the Ripper. It is a Password Cracking Tool, on an extremely fundamental level to break Unix passwords. Other than Unix-sort mixed passwords it also supports part Windows LM hashes and distinctive more with open source contributed patches. It is a free watchword softening mechanical get together made by and large up C. John the Ripper is unique in association with instruments like Hydra.
- John the Ripper (also called simply ‘ John ’) is the most well known free password cracking tool that owes its success to its user-friendly command-line interface. John has autodetect capability.
(Again there are various ways you could grab these files – for a vey simple example using Metaspolitable 2 as the target see this post here: https://securityaspirations.com/2017/07/03/metasploitable-2-compromise-nfs-shares/)
Crack Htpasswd John The Ripper Linux Iso
Install John the Ripper Password Cracking Tool. John the ripper is not installed by default. If you are using Debian / Ubuntu Linux, enter: $ sudo apt-get install john. RHEL, CentOS, Fedora, Redhat Linux user can grab john the ripper here. Once downloaded use the rpm command as follows to install the same: # rpm -ivh john. How do I use John the ripper to check weak passwords or crack passwords? Where as we see John managed to crack the password of the user root as it was included in the wordlist used. If you would like to print all the passwords John managed to crack you may run john -show unshadowed.txt and you will get something like: Conclusion. In this article we showed how John the Ripper can be used to crack the hashed password.
Once you have the two files we can begin cracking them with John the Ripper.
However before we give the hashes to John, we need to combine the two files into one so that the user and the password hashes are merged. We can do this with a utility called ‘Unshadow’ (also included in Kali2 by default).
The command required is:
unshadow Path_to_passwd Path_to_shadow > output.txt
Now we have the combined merged.txt file:
Now lets put john to work. We could supply a password list for John to use but it comes with a default set of passwords so we may as well try those first.
To start the crack, point John at our newly created file:
Within a couple of seconds we appear to have a hit on most of the accounts:
Crack Htpasswd John The Ripper Linux Command
It’s not always this quick and of course we are still missing the ‘root’ account but you get the idea. I let the crack run for another hour before cancelling but the root account had still not being cracked. The password may be hidden in the John password list I would just need to let the cracking process run to completion to find out. If that failed it might be worth trying some bigger password lists (such as the ‘rockyou’ list).
One way or another, once complete, you can view each of the accounts and their corresponding passwords by running the following command and referencing the original file you gave John to crack:
john show <file.txt>
Crack Linux Password Hash John The Ripper
If you want to confirm they work, test them out on the Metasploitable box: