01-09-2012
1,
0
Join Date: Jan 2012
Last Activity: 9 January 2012, 10:00 AM EST
Posts: 1
Thanks Given: 0
Thanked 0 Times in 0 Posts
Cracking complex passwords (/etc/shadow)
I'm doing some labs regarding password cracking on Linux machines. I took the shadow file from one of my virtual machines and it looks like below:
bruno:$1$mrVjnhtj$bg47WvwLXN4bZrUNCf1Lh.:14019:0:99999:7:::
From my understanding the most important piece regarding password cracking on linux are indicated below:
bruno ==> username
$1$ ==> Indicates MD5 type
mrVjnhtj ==> Salt
bg47WvwLXN4bZrUNCf1Lh. ==> Encrypted salted and hashed password.
In this specific case my password is "windows".
However, let suppose that I don't know the password. I found that there are lot of MD5 rainbow tables available out there, however, these rainbow tables do not accept "shadowed" MD5 hashes. So AFAIK, I'd need a tool to convert my shadowed hash "$1$mrVjnhtj$bg47WvwLXN4bZrUNCf1Lh." into a simple MD5 hash. And then run the pure MD5 hash against a rainbow table.
Can somebody confirm if this is procedure is the correct one for complex passwords? Also what tools could be used to do this convertion?
Note: A more complex password exame would be:
bruno2:$1$F.MtLWar$6qb9wk66ySUrhI3OQzW3n0:14896:0:99999:7:::
Any info will be very appreciated.
THanks,
Bruno