Crack Linux Hash

There are some ways to collect password hashes from Linux.

opasswd:

jadu101@kali[/kali]$ sudo cat /etc/security/opasswd
 
jadu101:1000:2:$1$HjFAfYTG$qNDkF0zJ3v8ylCOrKB0kt0,$1$kcUjWZJX$E9uMSmiQeRh4pAAgzuvkq1

shadow:

[jadu101@kali]─[~]$ sudo cat /etc/shadow
 
root:*:18747:0:99999:7:::
sys:!:18747:0:99999:7:::
...SNIP...
jadu101:$6$wBRzy$...SNIP...x9cDWUxW1:18937:0:99999:7:::

Crack

Let’s unshadow the hash:

jadu101@htb[/htb]$ sudo cp /etc/passwd /tmp/passwd.bak 
jadu101@htb[/htb]$ sudo cp /etc/shadow /tmp/shadow.bak 
jadu101@htb[/htb]$ unshadow /tmp/passwd.bak /tmp/shadow.bak > /tmp/unshadowed.hashes

Now crack it using hashcat:

jadu101@htb[/htb]$ hashcat -m 1800 -a 0 /tmp/unshadowed.hashes rockyou.txt -o /tmp/unshadowed.cracked