This article provides a detailed overview of Linux password storage methods, hashing techniques, and the tools available for password hash analysis and cracking, including John the Ripper and Hashcat. It highlights the importance of understanding these elements in achieving system security and testing resistance levels. Affected: Linux systems, cybersecurity sector
Keypoints :
- Password information in Linux is stored in the /etc/shadow file.
- Common hashing algorithms include MD5, SHA-256, SHA-512, and yescrypt.
- John the Ripper supports various hash formats and offers dictionary and brute-force attack options.
- Hashcat is a GPU-accelerated cracking tool that supports multiple hash modes.
- Techniques for hash cracking include rule-based attacks, mask attacks, and using Rainbow tables.
- Understanding password hashing is essential for ethical hackers and system administrators.
MITRE Techniques :
- Test for Password Hashes (T1557.002) – Analyze password hashes stored in /etc/shadow with tools like John the Ripper or Hashcat.
- Brute Force Password Attack (T1110) – Use John the Ripper or Hashcat to perform brute-force attacks on password hashes.
- Credential Dumping (T1003) – Extract and save password hashes from /etc/shadow.
Indicator of Compromise :
- [File] /etc/shadow
- [Hash] $y$j9T$ufXTBpN1QpgwlgqRFmb/B0$/.y0ybAF4iNQXniErsDWf9QSl2HZH7LnBeRHB4ZiQa9
- [Wordlist] /usr/share/wordlists/rockyou.txt
- [Example Command] john — format=crypt — wordlist=/usr/share/wordlists/rockyou.txt passwords.txt
- [Example Command] hashcat -m 28800 -a 0 passwords.txt /usr/share/wordlists/rockyou.txt
Full Story: https://infosecwriteups.com/cracking-linux-password-hashes-12dfb9e1dc2f?source=rss—-7b722bfd1b8d—4