Login or Register to Ask a Question and Join Our Community


Cybersecurity

Cracking complex passwords (/etc/shadow)

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Cracking complex passwords (/etc/shadow)
# 1  
Old 01-09-2012
Cracking complex passwords (/etc/shadow)
I'm doing some labs regarding password cracking on Linux machines. I took the shadow file from one of my virtual machines and it looks like below:

bruno:$1$mrVjnhtj$bg47WvwLXN4bZrUNCf1Lh.:14019:0:99999:7:::

From my understanding the most important piece regarding password cracking on linux are indicated below:
bruno ==> username
$1$ ==> Indicates MD5 type
mrVjnhtj ==> Salt
bg47WvwLXN4bZrUNCf1Lh. ==> Encrypted salted and hashed password.

In this specific case my password is "windows".

However, let suppose that I don't know the password. I found that there are lot of MD5 rainbow tables available out there, however, these rainbow tables do not accept "shadowed" MD5 hashes. So AFAIK, I'd need a tool to convert my shadowed hash "$1$mrVjnhtj$bg47WvwLXN4bZrUNCf1Lh." into a simple MD5 hash. And then run the pure MD5 hash against a rainbow table.

Can somebody confirm if this is procedure is the correct one for complex passwords? Also what tools could be used to do this convertion?

Note: A more complex password exame would be:
bruno2:$1$F.MtLWar$6qb9wk66ySUrhI3OQzW3n0:14896:0:99999:7:::

Any info will be very appreciated.

THanks,
Bruno
# 2  
Old 01-09-2012
Please read the rules, which you agreed to when you registered, if you have not already done so.

Thank You.

The UNIX and Linux Forums.
Login or Register to Ask a Question

Previous Thread | Next Thread

4 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

When did UNIX start using encrypted passwords, and not displaying passwords when you type them in?

I've been using various versions of UNIX and Linux since 1993, and I've never run across one that showed your password as you type it in when you log in, or one that stored passwords in plain text rather than encrypted. I'm writing a script for work for a security audit, and two of the... (5 Replies)
Discussion started by: Anne Neville
5 Replies

2. Programming

Shadow Passwords

I'm writing a 'C' program on various systems (HP-UX, Solaris, AIX, NCR) which needs to interact with a user's password. Some of my systems are using the shadow password and some are not. It is possible for some of my systems to have /etc/shadow, even though the box is not using the file (I know,... (4 Replies)
Discussion started by: chrisc@nwark.ne
4 Replies

3. UNIX for Dummies Questions & Answers

cracking the root password

i am using a scounix server with oracle8i.one fine morning it says 'incorrect login' for the root.But the oracle user is logged in and the Database is ready for use.But the server is switched off without proper shutdown.Please suggest some way to get the root password without any reinstallation. (2 Replies)
Discussion started by: thenmozhi
2 Replies

4. Solaris

Passwords in /etc/shadow file

I want to import my passwd/shadow files from Solaris 6 to Solaris 10. I found that the encryption method for passwords has changed. Is there a command or script to convert the Solaris 6 passwords to Solaris 10? I have searched the net and just can't seem to find the answer. For Example: The... (6 Replies)
Discussion started by: westsiderick
6 Replies
Login or Register to Ask a Question