For this tutorial I used the most recent version of Kali Linux.
From the command line I added a few uses using the ‘adduser’ command. I assigned them easy to remember passwords of differing lengths and complexities.
I them combined the /etc/passowrd and /etc/shadow files into one:
[email protected]:~# unshadow
Usage: unshadow PASSWORD-FILE SHADOW-FILE
[email protected]:~# unshadow /etc/passwd /etc/shadow > ~/file_to_crack.txt
Now that we have some passwords that need cracking lets switch over to John the Ripper to actualy crack them.
The simplest way to crack password with john without using a password list is like this
[email protected]:~# john file_to_crack.txt
Using default input encoding: UTF-8
Loaded 3 password hashes with 3 different salts (sha512crypt, crypt(3) $6$ [SHA512 128/128 AVX 2x])
Press ‘q’ or Ctrl-C to abort, almost any other key for status
Use the “–show” option to display all of the cracked passwords reliably
[email protected]:~# john file_to_crack.txtt –show
1 password hash cracked, 2 left
This will try “single crack” mode first, then use a wordlist with rules, and finally go for “incremental” mode.
Now after running for a few minutes it got one of the passwords for user ‘alice’. However after the hour I ran it for it didnt get either of the other 2 passwords I created.
This type of password cracking is simple, but can be slow for longer and more complex passwords.