Passwords and File Permissions

Plaintext passwords vs. password hashes

Method 1: Stored Passwords (Plaintext Passwords)

Enumeration

Passwords might be leaked through command line arguments. View terminal command history:

history

Or examine the .bash_history file:

cat ~/.bash_history | grep -i passw

LinPEAS will find potential passwords as well.

Method 2: Password Cracking (Password Hashes)

Unshadow

If we have read permission on both /etc/passwd and /etc/shadow, then we can use unshadow to combines passwd and shadow files and crack the password. Unshadow:

unshadow passwd.txt shadow.txt > unshadowed.txt

Hashcat

Search hash types in this table:

Suppose the hash starts with $6$ which corresponds to hash mode 1800. Crack the unshadowed password hash in Windows machine:

./hashcat.exe -m 1800 unshadowed.txt rockyou.txt -O

PreviousKernel Exploits NextSSH Keys

Last updated 2 years ago