Open post
Unshadow the file and dump Linux password

How to Unshadow the file and dump Linux password

Hello friends, welcome again!

In the last post I told about Understanding Linux system security for Users After reading this post you have knowledge about Linux file system, and where username and password are stored in Linux? where you can dump this password? when you dump password, it will be in plain text or encrypted format? so for finding the password, walkthrough this post Unshadow the file and dump Linux password

Unshadow the file and dump password in encrypted format

In this tutorial I am going to show you demo on Ubuntu 14.04 machine to unshadow the files and dump the linux hashes with help of unshadow command. First, boot Ubuntu 14.04 machine with Kali Linux. Next, It is necessary to mount the Linux filesystem for dumping data from /etc/shadow and /etc/passwd files. After boot machine with Kali Linux OS Here is great automatic mounting utility in kali linux, you don’t need to mount manually anymore. You just click on linux filesystem under place menu Linux partition will be mounted automatic. Go into Place>filesystem

Linux system will be automatic mount on /media directory with a specific mounting value. Next, If you want to see mounting point value write the following commad

#ls /media

Go into Ubuntu file system by excuting following command

#cd /media/mounting value/

#cd etc

Copy both file shadow and passwd on Desktop

#cp shadow /root/Desktop

#cp passwd /root/Desktop

Unshadow Utility:

The unshadow tool combines the passwd and shadow files into one file So john can use this file to crack the password hashes.

Use unshadow utility in kali linux to unshadow the password hashes, and dump into new file named unshadow. It is not necessary you can put any name whatever you want but important is to merge both file passwd and shadow into unshadow file

#cd /root/Desktop

#ls

#unshadow passwd shadow > unshadow

#ls

Next step is cracking the password hashes with help of john the ripper

#john unshadow

John will detect automatic hashes type if you don’t provide formate type.

Dump Linux hashes and crack with John in Kali Linux Offline mode Video Tutorial

Open post
Administrator password hashes from SAM database

Find Window password hashes from SAM database

What is Password Hashes and SAM Database?

SAM is stand for Security Account Manager. SAM database is a part of  windows Operating system consist user name and password in encrypted format called password hashes. SAM file is exist under C:/Windows/System32/config in Window 7/8/8.1/10. If User want to logon on the machine, user name and password should be match for authentication entered by user. If user put wrong username and password, authentication being failed. The encryption algorithm is NTLM2 used. The main purpose of SAM to save the computer and data by unauthorized person like hacker’s. But it is not completely work against a professional hacker. Here I am going to show you how hacker dump these encrypted password hashes from database and find out the password by cracking these hashes.

Boot Window machine with Kali Linux?

As I know you are learner here, so you have two option to make exercise on this topic. First create and install window (xp/7/8/8.1/10) machine on Virtual box, it is pretty easy and no harm for base computer. Another method is Do practice on base machine installed window OS already, in this condition you have to boot window machine by Kali Linux live Persistent DVD/Flash Drive.

When penetester boots Window machine with Kali Linux live then can use window file system without any interruption, As described above SAM are saved in the location C:/Windows/system32/config.  So we have main task to go to this location and find out the SAM database. After booting system with Kali Linux you should follow the given instruction to find out the password.

Step1: First step mount the window system partition

click on Place> Filesystem.

Mount window partitoin on Kali Linux

When you clicked on file system window partition will be mounted automatically on /media directory. Open the terminal and type following command to reach in location where SAM database saved.

#cd /media/Mounting Point value/Windows/System32/config

In above mounting value will be changed according the system you can see this value by executing following command

#ls /media

Step2: Relieve bootkey.

#bkhive SYSTEM /root/Desktop/system.txt
bkhive and bootkey

System.txt is a file where bootkey is stored and /root/Desktop is location to save system.txt file.

Step 3: Dump the password hashes

Password hashes is retrieved with combination of bootkey and SAM database, This process is completed with the help of samdump2 utility found in kali linux by default. Command is giving following

#samdump2 SAM /root/Desktop/system.txt > /root/Desktop/hashes.txt
samdump2 to get administrator password hashes

In implemented command SAM database and system.txt filed has been merged and created new file name hashes.txt. To see the password hashes dumped into hashes.txt file use given command

#cat /root/Desktop/hashes.txt

Change directory to /root/Desktop by using following command

#cd /root/Desktop

Step 4: John the Ripper a password cracking tool

After reaching the directory to crack hashes use excute john by given command

#john –formate=nt2 –users=vijay hashes.txt

john and ripper example to crack the password hashes

Scroll to top