Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have to find a way to crack a users "simple" password after I have gained access to the /etc/shadow file.
Now, i have tried using John the Ripper and it is taking years to figure the password out, maybe i am using it wrong but i copied the line in /etc/passwd to a file called passwd.txt and the hashed line in /etc/shadow to a file called shadow.txt.
I then run John the Ripper with: "unshadow passwd.txt shadow.txt", then i copy the output from that command to another file called temp.txt.
I then run John the Ripper again with the command: "john temp.txt"
It seems to be trying to crack it, but it is taking hours.
Does anyone know of a better hash cracker or what am doing wrong, I have to figure this out for a school project so any help would be greatly appreciated.
JTR is one of the best available. It is going to take awhile, as it does not actually "crack" a password, but insteads it encrypts various passwords using the same algorithm and compares that to the hash.
It basically startes at 0 and goes through all iterations to ZZZZZZZZZ including all upper- and lower-case letters and numbers.
"Decrypting" a UNIX password is impossible, thus this is the only approach.
The size and complexity of the password also makes a really big difference. Once you start getting over 8 characters, you'll be meauring cracking times in days/weeks rather than hours.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.