How to Crack Linux Password Hash

Example of Linux Password Hash: $1$e7NfNpNi$A6nCwOTqrNR2oDuIKirRZ

• $1 = MD5 hashing algorithm.
• $2 =Blowfish Algorithm is in use.
• $2a=eksblowfish Algorithm
• $5 =SHA-256 Algorithm
• $6 =SHA-512 Algorithm

So this is MD5 hash
The second field is salt value so e7NfNpNi is the salt
The last field is the hash value of salt+user password i.e A6nCwOTqrNR2oDuIKirRZ

Now comes the cracking part. But unless this is a common hash which it isn’t you can’t decrypt it.

You can use Johntheripper to crack the password. This might take a long time if you are keyspace bruteforcing. If you want you can use a dictionary based attack to crack it. To do this first you need to setup the hash file.

• cp /etc/passwd ./
• cp /etc/shadow ./
• unshadow passwd shadow > hashes

After this you can do one of the following

Dictionary Based Cracking

• john -w /path/to/wordlist — format=md5crypt hashes

Key-space Brute-forcing

• john — show hashes

Other Methods

If you have access to a GPU, you can harness its power for your cracking process. For this you can use hash-cat.

• hashcat -m 1800 -a 0 [Path-to-Hashes] [Path-to-Word-list] -o [Path-to-Output-Cracked-Hashes]

you can set m to either 500 or 1800, depending on your setup.

To solve this Common Password problems use a Complex Password:

Disclaimer:

The information published in this article is only for educational purposes. The content of this article is based on my personal learning and experience. Any misuse of information will not be the responsibility of the author.

Feel free to point out any mistakes or let me know if there is anything I should add!