Monday, December 5, 2022

Cracking Passwords

Enforcing password security with a multiple-user system can be a hassle —
users all too often use inadequate passwords. john-the-ripper (also available
via most distros) is a password-cracking tool that enables the identification of
vulnerable passwords before someone with nefarious intentions finds the

The first step is to extract the username/password information from the relevant files, using the provided unshadow tool:

unshadow /etc/passwd /etc/shadow > /tmp/password.db

After that, john has three cracking modes:

  • Dictionary mode, which tests passwords based on dictionary words. You can
    use the provided dictionary or provide your own, and there’s an option to
    enable “word mangling” rules.
  • “Single crack” mode, which uses login names and various
    /etc/passwd values as password candidates, as well as applying

    word mangling rules.

  • Incremental mode, which tries all possible character combinations and
    will obviously take a very, very long time to run. You can change the
    parameters for this via the config file.

    You can run one at a time (in which case, try “single crack” mode
    first), or run all of them consecutively with

    john /tmp/password.db

    To show results, use

    john --show /tmp/password.db

    unshadow will produce a password database only on systems that
    use /etc/passwd and /etc/shadow for login. For centralized
    systems, there’s a Kerberos5
    available, or the supplied unafs utility extracts
    Kerberos AFS passwords. There’s also a LDAP module.

    Also remember that you can limit cracking attempts
    through measures such as locking out specific IP addresses after multiple failed ssh attempts or limiting the number of times a user can get a password wrong when logging on.

    This article was first published on

    Similar articles

    Latest Articles