Tips
Hash (also known as hash algorithm) is not encryption, not encoding; hashing is irreversible, encryption is reversible; encoding and decoding do not require a key, encryption and decryption require a key
Common encoding & hashing & encryption and decryption algorithms are as follows
Encoding: base64 Hex encoding Huffman encoding
Hash: md5 SHA-1 SHA-128 SHA-256 SHA-512 SM3
encryption:
- Symmetric encryption (the encryption and decryption keys are the same): DES AES SM4
- Asymmetric encryption (encryption and decryption keys are different): RSA DSA SM2
1. Shadow file analysis
The format of the file is:
{user name}: {encrypted password}: {number of days since the last password modification time from the origin (1970-1-1)}: {minimum password modification interval (to prevent password modification, if the time limit has not expired) , will revert to the old password): {Maximum password change interval}: {Number of warning days before password expiration}: {Number of days of account inactivity}: {Number of days of account expiration}: {Reserved}
The format of {encrypted password} is $id$salt$encrypted
When the id is 1, the md5 algorithm is used to encrypt the
id. When the id is 5, the SHA256 algorithm is used to encrypt the
id. When the id is 6, the SHA512 algorithm is used to encrypt
the salt as the salt value, which is an interference value for hashing the password. Encrypted into the hash value
Like /etc/passwd, each field in the shadow file is also separated by ": ::" colon, as shown below:
- Username : A valid account name that exists on the system.
- Password : Your password is saved in hashed format. The hash value length should be at least 15-20 characters, including special characters, numbers, lowercase letters, etc. What is saved here is the hash value of the password. Currently, Linux passwords use the SHA512 hash algorithm, which originally used the MD5 or DES algorithm. The SHA512 hashing algorithm is more secure.
Note that the garbled characters generated by this string of passwords cannot be modified manually. If modified manually, the system will not be able to recognize the password, causing the password to become invalid. Many software use this function to add "!", "*" or "x" before the password string to temporarily invalidate the password.
The passwords of all pseudo users are "!!" or "*", which means they cannot log in without a password. Of course, if a newly created user does not set a password, its password item will also be "!!", which means that the user does not have a password and cannot log in. Password format is set to id ididsalt h a s h e d , hashed, ha s h e d , the id value corresponds to the hash algorithm used on GNU/Linux as follows:
1 1 1 is MD5
2 a 2a 2a is Blowfish
2 y 2y 2y is Blowfish
5 5 5 is SHA-256
6 6 6 is SHA-512
- Last changed : The date the password was last changed, expressed as the number of days since January 1, 1970 (Unix time). The value 0 has the special meaning that the user should change their password the next time they log into the system. An empty field indicates that the password aging function is disabled.
- Minimum : The minimum number of days required between password changes, i.e. the number of days remaining before a user is allowed to change their password again. An empty field and a value of 0 means there is no minimum password age.
- Maximum : The maximum number of days a password is valid before the user is forced to change her password again.
- Warning : Number of days before password expiration, warning the user that he/she must change his/her password
- Inactive : Number of days after password expiration that the account will be disabled.
- Expire : The expiration date of the account, expressed as the number of days since January 1, 1970.
2. John the Ripper
John the Ripper is a popular password cracking tool that supports Windows and Linux platforms and is an open source software. (There is also a paid version)
Here is the reference to the official address: http://www.openwall.com/john You can copy the download link and use wget to download
Crack software installation
1. Install John the Ripper
wget https://www.openwall.com/john/k/john-1.9.0.tar.gz #下载安装包
tar -xvf john-1.9.0.tar.gz
cd john-1.9.0/src/
make #找到属于自己的系统
My system belongs to linux-x86-64:
make clean linux-x86-64
cd ../run/ #编译好之后会产生john等文件
Start cracking
./unshadow /etc/passwd /etc/shadow > password.txt #将shadow文件导入password.txt,也可以直接复制shadow文件中所有字段或第2个字段
./john password.txt #对散列值进行破解
cat john.pot #查看破解结果
For more complex passwords, it will take longer to crack.
For example, only crack these two passwords.
