After reading this article at HappyLinuxGuy’s Happy Linux Thoughts page, I thought I might share with you a way to recover password on a *nix system. The commands and screenshots here will be Ubuntu oriented, but this basic process should work for any distro.

When you create an account on a Linux system, the password isn’t stored. Instead, the hash of the password is stored in /etc/shadow. Here is a portion of my shadow file. The password hash field begins with $1$.
test123:$1$UvnJA$5PxY8jbKrQdRePqywAzmW1:13817:0:99999:7:::
testrnd:$1$mPo0o$mZSYvKEgrLN9WPFnVk2xT/:13817:0:99999:7:::

Now, if I want to discover the passwords for those accounts, I need to enlist the help of John the Ripper. You can install it on Ubuntu with this command:

sudo apt-get install john

When you’re ready to crack the password, just run

sudo john /etc/shadow

That screenshot is of the second time I ran this command. When I originally started this command, it recovered the password for test123 immediately. So fast, in fact, that I wasn’t ready to grab a screenshot. That’s okay though, because there’s an option you’ll need to know anyway. Once John cracks a password, it remembers it, and doesn’t try to crack it again. Should you ever need to see it again, the command option is -show.

So it recovered a password which was the same as the username; not very impressive huh? Well the reason it recovered that password so quickly is that it has three modes of recovery. First it tries variations of the username, then it tries it’s wordlists, then it tries a brute force attack.

If you have it running, and want to check the status, just hit enter in the terminal window.

Try it on your machine. See how long it takes to crack your passwords, and let me know in the comments.

Share This