unshadow /root/Desktop/Cracking/passwords.txt /root/Desktop/Cracking/shadow.txt > /root/Desktop/Cracking/cracked.txt john the ripper directoryįrom the above image we can see all the files that the directory john contains.In that list there is a utility called unshadow.We will run this utility in order to be able to read the shadow file before we try to crack it.So we will need to execute the command. So we will save the hashes as well in a file called shadow.txt and we will use the famous password cracker john the ripper in order to crack those hashes.In backtrack john the ripper is located in the following path: /pentest/passwords/john. Reading the password hashes of the target Now that we have the list with the accounts of the remote system we can save that list in a file for later use which it will be called next step is to obtain the passwords hashes.As we know in unix systems the password hashes are stored in the /etc/shadow location so we will run the command cat /etc/shadow in order to see them. The next step is to read the /etc/passwd file which contains all the accounts of the remote system.The next image is showing the list of the local accounts of the machine that we have compromised.Lets analyse the information that we can obtain from the first account which is root.The first field indicates the username,the field x means that the password is encrypted and it is stored on the /etc/shadow file.The number 0 means that this the userID which for root accounts is always zero and the next 0 is the groupID.Next we can see the root where we can find any extra information about the user (in this case there is no other extra information) and the last two fields /root and /bin/bash are the user home directory and the command shell. Lets say that we have exploited a vulnerability and we have gained a remote shell to our target.The next step is to see the directories and files that exist on the remote system with the command ls.
One of the first post exploitation activities when we have compromised a target is to obtain the passwords hashes in order to crack them offline.If we managed to crack the hashes then we might be able to escalate our privileges and to gain administrative access especially if we have cracked the administrator’s hash.In this tutorial we will see how to obtain and crack password hashes from a Unix box.
0 kommentar(er)
