Passwd, Shadow, and OPassw

Passwd File

cry0l1t3

1000

cry0l1t3,,,

/home/cry0l1t3

/bin/bash

Password info

UID

GUID

Full name/comments

Home directory

Shell

Root without pass

$ head -n 1 /etc/passwd

root::0:0:root:/root:/bin/bash


$ su

[root@parrot]─[/home/cry0l1t3]#

Shadow File

cry0l1t3

$6$wBRzy$...SNIP...x9cDWUxW1

18937

99999

Username

Encrypted password

Last PW change

Min. PW age

Max. PW age

Warning period

Inactivity period

Expiration date

Unused

If the password field contains * or ! then the user cannot login with a unix password

Password Format

$<type>$<salt>$<hashed>

Algorithm Types

$1$ – MD5
$2a$ – Blowfish
$2y$ – Eksblowfish
$5$ – SHA-256
$6$ – SHA-512 (default)

Opasswd

Reading Opasswd

$ sudo cat /etc/security/opasswd

Cracking Linux Credentials

Unshadow

$ sudo cp /etc/passwd /tmp/passwd.bak 
$ sudo cp /etc/shadow /tmp/shadow.bak 
$ unshadow /tmp/passwd.bak /tmp/shadow.bak > /tmp/unshadowed.hashes

Cracking unshadowed hashes using hashcat

$ hashcat -m 1800 -a 0 /tmp/unshadowed.hashes rockyou.txt -o /tmp/unshadowed.cracked

Cracking unshadowed hashes using john

$ john --wordlist=/usr/share/wordlists/rockyou.txt unshadowed.txt

Cracking MD5 hashes

$ hashcat -m 500 -a 0 md5-hashes.list rockyou.txt

PreviousCredential Hunting NextWindows Lateral Movement

Last updated 2 years ago

hashtagPasswd File

hashtagRoot without pass

hashtagShadow File

hashtagPassword Format

hashtagOpasswd

hashtagReading Opasswd

hashtagCracking Linux Credentials

hashtagUnshadow

hashtagCracking unshadowed hashes using hashcat

hashtagCracking unshadowed hashes using john

hashtagCracking MD5 hashes