利用John the Ripper工具破解Linux用户密码

利用John the Ripper工具破解Linux用户密码

1. 在/etc/passwd文件中选取想要破解的用户名的所在行，拷贝创建以该行为内容的文件，同时在/etc/shadow文件中选取相应用户名的所在行，并拷贝创建以该行为内容的文件

┌──(kali㉿kali)-[~/Desktop/Vulnhub/Hacksudo_Search]
└─$ cat passwd_file 
hacksudo:x:1000:1000:hacksudo,,,:/home/hacksudo:/bin/bash

┌──(kali㉿kali)-[~/Desktop/Vulnhub/Hacksudo_Search]
└─$ cat shadow_file 
hacksudo:$6$nh9tUD84T7Bfrm8u$KYH9z3KrUQKcM8XgYrMOv4mSUDEnQ0n8P1b/Kup5KmM0hTtgVtntnpcRUQImLCw50ADm.sJkzZ6Ph3XlA/aiR.:1000:1000:hacksudo,,,:/home/hacksudo:/bin/bash

2. 利用unshadow命令对上述两个文件进行合成：

   ┌──(kali㉿kali)-[~/Desktop/Vulnhub/Hacksudo_Search]
   └─$ unshadow passwd_file shadow_file > enc.txt
   
   ┌──(kali㉿kali)-[~/Desktop/Vulnhub/Hacksudo_Search]
   └─$ cat enc.txt                               
   hacksudo:$6$nh9tUD84T7Bfrm8u$KYH9z3KrUQKcM8XgYrMOv4mSUDEnQ0n8P1b/Kup5KmM0hTtgVtntnpcRUQImLCw50ADm.sJkzZ6Ph3XlA/aiR.:1000:1000:hacksudo,,,:/home/hacksudo:/bin/bash
   
   
   

3. 使用rockyou.txt字典对密码进行破解：

   
   ┌──(kali㉿kali)-[~/Desktop/Vulnhub/Hacksudo_Search]
   └─$ john --wordlist=/usr/share/wordlists/rockyou.txt enc.txt 
   Using default input encoding: UTF-8
   Loaded 1 password hash (sha512crypt, crypt(3) $6$ [SHA512 256/256 AVX2 4x])
   Cost 1 (iteration count) is 5000 for all loaded hashes
   Will run 2 OpenMP threads
   Press 'q' or Ctrl-C to abort, almost any other key for status
   redhat           (hacksudo)     
   1g 0:00:00:18 DONE (2023-01-04 23:19) 0.05370g/s 2653p/s 2653c/s 2653C/s truckin..morgan6
   Use the "--show" option to display all of the cracked passwords reliably
   Session completed.