Hello friends, welcome again!
In the last post I told about Understanding Linux system security for Users After reading this post you have knowledge about Linux file system, and where username and password are stored in Linux? where you can dump this password? when you dump password, it will be in plain text or encrypted format? so for finding the password, walkthrough this post Unshadow the file and dump Linux password
Unshadow the file and dump password in encrypted format
In this tutorial I am going to show you demo on Ubuntu 14.04 machine to unshadow the files and dump the linux hashes with help of unshadow command. First, boot Ubuntu 14.04 machine with Kali Linux. Next, It is necessary to mount the Linux filesystem for dumping data from /etc/shadow and /etc/passwd files. After boot machine with Kali Linux OS Here is great automatic mounting utility in kali linux, you don’t need to mount manually anymore. You just click on linux filesystem under place menu Linux partition will be mounted automatic. Go into Place>filesystem
Linux system will be automatic mount on /media directory with a specific mounting value. Next, If you want to see mounting point value write the following commad
Go into Ubuntu file system by excuting following command
#cd /media/mounting value/
Copy both file shadow and passwd on Desktop
#cp shadow /root/Desktop
#cp passwd /root/Desktop
The unshadow tool combines the passwd and shadow files into one file So john can use this file to crack the password hashes.
Use unshadow utility in kali linux to unshadow the password hashes, and dump into new file named unshadow. It is not necessary you can put any name whatever you want but important is to merge both file passwd and shadow into unshadow file
#unshadow passwd shadow > unshadow
Next step is cracking the password hashes with help of john the ripper
John will detect automatic hashes type if you don’t provide formate type.
Dump Linux hashes and crack with John in Kali Linux Offline mode Video Tutorial