Passwords and File Permissions
Plaintext passwords vs. password hashes
Method 1: Stored Passwords (Plaintext Passwords)
Enumeration
Passwords might be leaked through command line arguments. View terminal command history:
history
Or examine the .bash_history
file:
cat ~/.bash_history | grep -i passw
Method 2: Password Cracking (Password Hashes)
Unshadow
If we have read permission on both /etc/passwd
and /etc/shadow
, then we can use unshadow
to combines passwd and shadow files and crack the password. Unshadow:
unshadow passwd.txt shadow.txt > unshadowed.txt
Hashcat
Search hash types in this table:
Suppose the hash starts with $6$
which corresponds to hash mode 1800. Crack the unshadowed password hash in Windows machine:
./hashcat.exe -m 1800 unshadowed.txt rockyou.txt -O
Last updated
Was this helpful?