Cracking Linux User Passwords with John the Ripper

Just a quick one today, here is a look at cracking Linux user passwords using John the Ripper.

John was designed in an age of central credential files, now found only on older Unix systems. Because /etc/passwd is required to be world-readable, for system UID to username translation, all encrypted passwords are now stored in the shadow file (/etc/shadow) on modern systems.

You will need to unshadow your user credentials with the aptly-named tool included with John before we can begin cracking:

Unshadow /etc/password /etc/shadow > passwords.txt

Now assuming the password you desire to crack belongs to a human user, it is likely they are no security ninja utilizing an incredibly complex password system. If there is any hope of cracking this password, there is a good chance it can be found somewhere in the RockYou wordlist. Grab yourself a copy from here and unzip it:

gunzip /usr/share/wordlists/rockyou.txt.gz

If you are running Kali, you will already have a bunch of great wordlists in /usr/share/wordlists/ including RockYou.

Now you have your password hash and your wordlist, it's time to feed John. Point him to your wordlist and your unshadowed passwords, and let him run:

john --wordlist=Downloads/rockyou.txt passwords.txt

If John does not find a password within the first few minutes, give your sysadmins a pat on the back. In my experience, he usually does.

This has been a quick look at John the Ripper for cracking system passwords. Thanks for reading.