Passwd, Shadow, and OPassw

Passwd File

cry0l1t3

:

x

:

1000

:

1000

:

cry0l1t3,,,

:

/home/cry0l1t3

:

/bin/bash

Login name

Password info

UID

GUID

Full name/comments

Home directory

Shell

Root without pass

$ head -n 1 /etc/passwd

root::0:0:root:/root:/bin/bash


$ su

[root@parrot]─[/home/cry0l1t3]#

Shadow File

cry0l1t3

:

$6$wBRzy$...SNIP...x9cDWUxW1

:

18937

:

0

:

99999

:

7

:

:

:

Username

Encrypted password

Last PW change

Min. PW age

Max. PW age

Warning period

Inactivity period

Expiration date

Unused

If the password field contains * or ! then the user cannot login with a unix password

Password Format

  • $<type>$<salt>$<hashed>

Algorithm Types

  • $1$ – MD5

  • $2a$ – Blowfish

  • $2y$ – Eksblowfish

  • $5$ – SHA-256

  • $6$ – SHA-512 (default)

Opasswd

Reading Opasswd

$ sudo cat /etc/security/opasswd

Cracking Linux Credentials

Unshadow

$ sudo cp /etc/passwd /tmp/passwd.bak 
$ sudo cp /etc/shadow /tmp/shadow.bak 
$ unshadow /tmp/passwd.bak /tmp/shadow.bak > /tmp/unshadowed.hashes

Cracking unshadowed hashes using hashcat

$ hashcat -m 1800 -a 0 /tmp/unshadowed.hashes rockyou.txt -o /tmp/unshadowed.cracked

Cracking unshadowed hashes using john

$ john --wordlist=/usr/share/wordlists/rockyou.txt unshadowed.txt

Cracking MD5 hashes

$ hashcat -m 500 -a 0 md5-hashes.list rockyou.txt
PreviousCredential HuntingNextWindows Lateral Movement

Last updated