So you’ve managed to get root on a linux virtual machine, congrats! However this isn’t where the fun stops. From here you can access the files containing the usernames and their hashed passwords. These files are known as the passwd and shadow files. They can be combined into one file using the unshadow tool so that you can then use John the Ripper on the combined file to attempt to crack the hashes to reveal the passwords.
In the shell on the compromised system navigate to /etc/
Then list the contents of the directory
In the /etc/ folder will be two files shadow and passwd. Execute the following to display the contents of the files:
Copy and paste the information displayed into a new text file on your kali installation and save it as passwd. I chose to save the file in the Documents folder in another folder called unshadow. To do this in the terminal navigate to the Documents directory:
Create a new directory called Unshadow:
Now do the same with the shadow file
Save the shadow file in the same directory, ‘Unshadowed’ as the passwd file.
To combine the shadow and passwd file you must run the following commands at the terminal prompt.
unshadow /root/Documents/Unshadowed/passwd /root/Documents/Unshadowed/shadow > unshadow.txt
You will then end up with three files in the Unshadowed directory:
To start cracking the hashes simply enter the the following at the terminal making sure you are still in the unshadowed directory:
And watch it go:
You can then use:
john --show unshadow.txt
to see the cracked passwords.