Kali Linux Tools

Cracking the User Credentials using the John the Ripper

I am going to demonstrate two ways in which we will crack the user credentials using John the Ripper.

So, before diving in, we need to know what a shadow file is. 

A shadow password file, also known as /etc/shadow, is a system file in Linux that stores encrypted user passwords and is accessible only to the root user, preventing unauthorized users or malicious actors from breaking into the system.

First Method

Now for the First method, I am going to crack the credentials of a particular user “EthicalEmpire”

  • Primarily we will open a shadow file using the command “cat /etc/shadow”
  • Now I will change the password of the user “EthicalEmpire” for demonstration purposes. I updated my password to “admin”.
  • Now I  will copy the credentials of the user “EthicalEmpire” and copy it from here and paste it into a text file.
  • Here is a text file named Ethical Empire.
  • Now I will use John the Ripper to crack it, Here I will use wordlist as a rockyou.txt, path in Kali Linux as “/usr/share/wordlists/rockyou.txt” and format as “crypt”

Command as follows – “john –wordlist=/usr/share/wordlists/rockyou.txt –format=crypt EthicalEmpire”

  • We successfully cracked the password for the user EthicalEmpire.

Second Method

I will now collectively crack all of the users’ credentials for the second method.

We will need to use John the Ripper’s “unshadow” utility to accomplish this and also the “/etc/passwd” file; which is used to keep track of every registered user that has access to a system. 

  • Firstly I will change the password of all users for demonstration purposes. I updated all user’s passwords as a “Kali”
  • Now I will use a utility called unshadow, command “unshadow /etc/passwd /etc/shadow > unshadowed.txt”
  • Here a file name saved as unshadowed.txt
  • Now I will use John the Ripper to crack the passwords of all the users collectively.
  • Here I used the same format as the crypt and a custom wordlist of my own where I didn’t give too many passwords so that it could brute force the password quickly, named “wordl.txt” for demonstration purposes. You can use any word list of your choice.

Command as Follow – “john -w=/usr/share/wordlists/rockyou.txt -form=crypt unshadowed.txt”

  • As you can see from the above result, we have successfully cracked the credentials of all the users.
Aman Mishra

Aman Mishra is a eJPT certified and always keen to learn new concepts and methodologies regarding cybersecurity.he is also a cyber security content writer and have passion for sharing my knowledge about the latest threads and trends in the industry.

Recent Posts

Playwright-MCP : A Powerful Tool For Browser Automation

Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…

2 weeks ago

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

2 weeks ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

2 weeks ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

2 weeks ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

2 weeks ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

2 weeks ago