password

Cracking a “shadow” password using John the Ripper

In this short article, I’ll walk you through the steps of cracking a password stored in the /etc/shadow file on a Linux machine. Keep in mind that in order to access the shadow and passwd files, you need root access.

Step 1:

Extract the user’s entry from the passwd file and the shadow file and put them in text files for John the ripper (replace the USERNAME with the username of your choice):

sudo cat /etc/passwd | grep USERNAME > passwd.txt
sudo cat /etc/shadow | grep USERNAME > shadow.txt

Step 2:

Use the unshadow tool that is part of John the ripper tool set to create a single text file that contains both entries of the user into on line:

unshadow passwd.txt shadow.txt > unshadow.txt

The resulting file would be a combination of the user’s entries from passwd and shadow. This step organizaes the data needed by John in a format that John recognizes.

Step 3:

Choose a dictionary of possible passwords, such as Kali’s rockyou.txt (contains over 14 million passwords), and run John:

john --wordlist=/usr/share/wordlists/rockyou.txt unshadow.txt

If the password is found within the given wordlist, you’d see the output like this:

password (USERNAME)

Step 4:

If you get the famous “No password hashes loaded”, then the cryptographic hashing algorithm used is not easily recognized by John.

Take a look at the unshadow.txt file. The field after the username (with a number or letter between two dollar signs) is the one that identifies the hash type used. It could be one of the following:

  1. $1$ is MD5
  2. $2a$ is Blowfish
  3. $2y$ is Blowfish
  4. $5$ is SHA-256
  5. $6$ is SHA-512
  6. $y$ is yescrypt

For $y$, for example, you can use the command:

john --format=crypt --wordlist=/usr/share/wordlists/rockyou.txt unshadow.txt

 

App: PASSWORDER

I have stopped developing for Windows Phone – This app is no longer available

 

PASSWORDER is a simple powerful application for Windows Phone 7 (WP7). This application generates passwords with very high randomness from CAPITAL LETTERS, small letters, numb3rs and symb()!s.

This application comes in two editions, PASSWORDER FREE (Free) and PASSWORDER PRO (paid).

PASSWORDER FREE PASSWORDER PRO
Current version 1.0 1.0
Features
  • Generate password from all capital letters, small letters, numbers, and passwords.
  • User-controlled password length. (4 to 100)
  • Uses 31 symbols used in MS Windows.
  • High Randomness in password generation.
  • Simple (one-tap) copy-to-clipboard feature to facilitate the use of password in browser or other applications.
  • Ad-supported
  • Generate passwords containing capital letters, small letters, numbers, and passwords.
  • Password Vault, to save all your passwords securely in the same easily-accessible place.
  • Integration of the generator and the vault to facilitate easy saving of generated passwords.
  • The user can control the letters, numbers, and symbols that participate in the password generation.
  • User-controlled password length. (4 to 100)
  • High Randomness in password generation.
  • User can eliminate the symbols that does not fit in his/her password requirements.
  • Simple (one-tap) copy-to-clipboard feature to facilitate the use of password in browser or other applications.
  • No Ads.
Next Version Features Waiting for your suggestions.
Price Free (Ad supported) USD 0.99
Links http://www.windowsphone.com/en-US/apps/dc5ab876-c1d5-4099-bf06-4e67914065f0 http://www.windowsphone.com/en-US/apps/1317802f-5110-47e5-be9d-3c8c18c28cb8

 

If you have any feature suggestions, bugs, anything to say about the apps, please feel free to contact me on info (at) mohammedalani.com

PassworderPro Changelog:

v1.1  Release Date: 10-Feb-2012

* Added the feature of a password vault. The user can save up to 1000 passwords along with descriptions of these passwords. This password vault is protected by a master password.

* Fixed some UI issues.

v1.0 Release Date: 17-Jan-2012

*First Version published.