Created
May 1, 2019 22:05
-
-
Save mttjohnson/14db8952b2dbeff692c31f42b4a815ab to your computer and use it in GitHub Desktop.
cracking md5crypt shadow passwords
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://null-byte.wonderhowto.com/how-to/crack-shadow-hashes-after-getting-root-linux-system-0186386/ | |
| cat /etc/shadow | |
| root:$1$/avpfBJ1$x0z8w5UF9Iv./DR9E9Lid.:14747:0:99999:7::: | |
| daemon:*:14684:0:99999:7::: | |
| bin:*:14684:0:99999:7::: | |
| sys:$1$fUX6BPOt$Miyc3UpOzQJqz4s5wFD9l0:14742:0:99999:7::: | |
| sync:*:14684:0:99999:7::: | |
| cat hashes.txt | |
| $1$/avpfBJ1$x0z8w5UF9Iv./DR9E9Lid. | |
| $1$fUX6BPOt$Miyc3UpOzQJqz4s5wFD9l0 | |
| # example command | |
| hashcat -m 500 -a 3 -1 ?l?u?d -o cracked.txt hashes.txt ?1?1?1?1?1?1?1?1?1 -O | |
| # -1 ?l?u?d | |
| # this defines the custom mask | |
| # ?l (lowercase alpha characters) | |
| # ?u (upperacse alpha characters) | |
| # ?d (digits) | |
| # so this matches [a-zA-Z0-9] | |
| # after the hashes.txt is the mask to use for each character guess | |
| # ?1?1?1?1?1?1?1?1?1 indicates it should use the custom mask 1 for | |
| # each of 9 characters. | |
| using both my GPUs 1365.4 kH/s | |
| CPU only provided about 50 kH/s | |
| 9 character password 645 years estimated to crack... yeah I don't think I'm going to wait that long... next idea |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment