Use john-the-ripper from openwall.com to crack passwords. Here is the basic way to crack passwords from a *nix box.
- From target host, obtain a copy of /etc/passwd
- From target host, obtain a copy of /etc/shadow
- A person must have root to access /etc/shadow. If one does not have root, look for a backup of the shadow file, one common backup filename is /etc/shadow-.
- Use tool unshadow (comes with john) to combine the passwd and shadow files into a new filename:
- cd /path/to/john-version.number/run/
- $ ./unshadow /path/to/passwd /path/to/shadow > newfilename
- Use john to take a whack at crack:
- cd /path/to/john-version.number/run/
- ./john path/to/newfilename
- john will run and run, he’s a long distance guy. After awhile, when you feel it is the right time to do so, see if there are any cracked passwords:
- ./john –show