利用John the Ripper工具破解Linux用户密码
利用John the Ripper工具破解Linux用户密码
- 在/etc/passwd文件中选取想要破解的用户名的所在行,拷贝创建以该行为内容的文件,同时在/etc/shadow文件中选取相应用户名的所在行,并拷贝创建以该行为内容的文件
┌──(kali㉿kali)-[~/Desktop/Vulnhub/Hacksudo_Search]
└─$ cat passwd_file
hacksudo:x:1000:1000:hacksudo,,,:/home/hacksudo:/bin/bash
┌──(kali㉿kali)-[~/Desktop/Vulnhub/Hacksudo_Search]
└─$ cat shadow_file
hacksudo:$6$nh9tUD84T7Bfrm8u$KYH9z3KrUQKcM8XgYrMOv4mSUDEnQ0n8P1b/Kup5KmM0hTtgVtntnpcRUQImLCw50ADm.sJkzZ6Ph3XlA/aiR.:1000:1000:hacksudo,,,:/home/hacksudo:/bin/bash
-
利用unshadow命令对上述两个文件进行合成:
┌──(kali㉿kali)-[~/Desktop/Vulnhub/Hacksudo_Search] └─$ unshadow passwd_file shadow_file > enc.txt ┌──(kali㉿kali)-[~/Desktop/Vulnhub/Hacksudo_Search] └─$ cat enc.txt hacksudo:$6$nh9tUD84T7Bfrm8u$KYH9z3KrUQKcM8XgYrMOv4mSUDEnQ0n8P1b/Kup5KmM0hTtgVtntnpcRUQImLCw50ADm.sJkzZ6Ph3XlA/aiR.:1000:1000:hacksudo,,,:/home/hacksudo:/bin/bash
-
使用rockyou.txt字典对密码进行破解:
┌──(kali㉿kali)-[~/Desktop/Vulnhub/Hacksudo_Search] └─$ john --wordlist=/usr/share/wordlists/rockyou.txt enc.txt Using default input encoding: UTF-8 Loaded 1 password hash (sha512crypt, crypt(3) $6$ [SHA512 256/256 AVX2 4x]) Cost 1 (iteration count) is 5000 for all loaded hashes Will run 2 OpenMP threads Press 'q' or Ctrl-C to abort, almost any other key for status redhat (hacksudo) 1g 0:00:00:18 DONE (2023-01-04 23:19) 0.05370g/s 2653p/s 2653c/s 2653C/s truckin..morgan6 Use the "--show" option to display all of the cracked passwords reliably Session completed.
STRIVE FOR PROGRESS,NOT FOR PERFECTION