Wednesday, 6 May 2015

Crack Linux Passwords using Kali Linux

In this tutorial, we will use 'John the Ripper' in Kali Linux to crack Linux passwords stored in the file '/etc/shadow'

For this tutorial, you need
a) Kali Linux LiveDVD
b) A linux machine

Perform the following steps:

1) Boot the machine using Kali Linux LiveDVD

2) Open the terminal window, and view the list of partitions on disk
root@kali:~# lsblk

3) Mount the Linux root partition
root@kali:~# mount /dev/vg_meru/root /mnt
root@kali:~# cd /mnt

4) Create a text file containing username and password hash in the following format.
            <user>:<hash>

[root@meru ~]# awk -F: '$2 ~ /^\$/ {print $1":"$2}' /etc/shadow > password.lst

[root@meru ~]# cat password.lst
shabbir:$6$KoqEqfJK$govc0uSQue8CbU4yUOIieZSyd7eg158RXFPlG1uzhxN1Hci9AJPaUQyK/PaORfAzTJRThWTcMzzdu0vTYa.pJ1
katrina:$6$gtF2S3MS$zpvexVAUhrLzqf9ru3twggh6rAYf5bPJRbkln6pcaPBC81o3b4cwhkcCqAE/s3Giq4mNqXwpya.GfcJ6ZvjwI0


5) Crack the password hashes using John the Ripper
root@kali:~# john password.lst
Created directory: /root/.john
Loaded 2 password hashes with 2 different salts (sha512crypt [64/64])
welcome          (katrina)
admin            (shabbir)
guesses: 2  time: 0:00:00:16 DONE (Wed May  6 10:57:13 2015)  c/s: 278  trying: Winnie - allstate
Use the "--show" option to display all of the cracked passwords reliably


6) View the list of username, password.
root@kali:~# john --show password.lst
shabbir:admin
katrina:welcome

1 comment:

  1. how to create a text file containing username and password hash in the following format

    ReplyDelete