How to crack Linux passwords using john the ripper?
Crack Linux password using brute-force attack. It will consume CPU and time.
How to Crack Linux password , Follow below steps to crack Linux password using brute-force attack
Installation procedure in Debian or Kali Linux
#apt-get install john
Centos / Redhat & Fedora
You can choose a suitable package to OS version at http://pkgs.repoforge.org/john/
#rpm -ivh http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/RPMS/john-1.7.6-2.el6.rf.x86_64.rpm
We are going to create a Linux account(test) to crack the password using the tool john the ripper. For the demo purpose, we are assigning test account password test123
There are two files maintain by the operating system to store user schema: /etc/passwd and password encrypted : /etc/shadow
shadow : – Stores, passwords encrypted
passwd : – Stores user profile details and associated home folder
Let’s create a folder “/demo” to copy /etc/passwd & /etc/shadow files to /demo
#cp -rp /etc/passwd /etc/shadow
The password list database of the Kali Linux located in /usr/share/wordlists/ or you can copy from online.
Under the /usr/share/wordlists/rockyou.txt by default it’s .gz format , we are going to use rockyou.txt to crack the password.
There are other password list database files for a variety of services, we are going to use rockyou.txt
Below command will show you the line count of rockyou.txt file
#wc -l rockyou.txt
Run the command ‘unshadow’ , it will combine two files (passwd and shadow) and redirect the output to a file. “>” The symbol used to redirect the output to a file.
#unshadow passwd shadow > mypass
Run the command “ls” to list the files . I shoud find the file “mypass”
Brute-force the password attack through a password file which contain well known passwords. It may take hour , day or week based on password complexity
#john –wordlist=/usr/share/wordlists/rockyou.txt mypass
#john “–format=crypt” –wordlist=/usr/share/wordlists/rockyou.txt mypass
Once the password cracked, below command list the cracked passwords
#john –show mypass
John the ripper perform the operation in the workspace .john under /root/