Hello friends, welcome again!
In the last post, I told about Understanding Linux system security for Users After reading this post you have knowledge about the Linux file system, and where usernames and passwords are stored in Linux? where you can dump this password? when you dump the password, it will be in plain text or encrypted format? so for finding the password, walkthrough this post Unshadow the file and dump Linux password
Unshadow the file and dump the password in an encrypted format
In this tutorial, I am going to show you a demo on Ubuntu 14.04 machine to unshadow the files and dump the Linux hashes with help of unshadow command. First, boot Ubuntu 14.04 machine with Kali Linux. Next, It is necessary to mount the Linux filesystem for dumping data from /etc/shadow and /etc/passwd files. After booting the machine with Kali Linux OS Here is a great automatic mounting utility in Kali Linux, you don’t need to mount manually anymore. You just click on Linux filesystem under the place menu Linux partition will be mounted automatically. Go into Place>filesystem
Linux system will be an automatic mount on /media directory with a specific mounting value. Next, If you want to see the mounting point value write the following command
Go into Ubuntu file system by excuting following command
#cd /media/mounting value/
Copy both file shadow and passwd on Desktop
#cp shadow /root/Desktop
#cp passwd /root/Desktop
The unshadow tool combines the passwd and shadow files into one file So john can use this file to crack the password hashes.
Use unshadow utility in Kali Linux to unshadow the password hashes, and dump them into a new file named unshadow. It is not necessary you can put any name whatever you want but important is to merge both file passwd and shadow into unshadow file
#unshadow passwd shadow > unshadow
The next step is cracking the password hashes with help of john the ripper
John will detect automatic hashes if you don’t provide a format type.