Ethical Hacking and Penetration Testing Guide


Cracking Linux Passwords with JTR



Yüklə 22,44 Mb.
Pdf görüntüsü
səhifə160/235
tarix07.08.2023
ölçüsü22,44 Mb.
#138846
1   ...   156   157   158   159   160   161   162   163   ...   235
Ethical Hacking and Penetration Testing Guide ( PDFDrive )

Cracking Linux Passwords with JTR
The passwords of users are stored in the /etc/shadows file inside of Linux; the /etc/shadow file is 
only accessible when you have root privileges on the machine. The Linux password hashes use a 
strong cryptographic function; each password is salted with a unique salt, making it much more 
difficult for us to crack them.
We can use the 
cat/etc/shadow
command to display the contents of the shadow file, 
which looks like the following:
We can use the following command from JTR to attempt to crack the hashes of the 
/etc/
shadow
file.
As you can see, JTR has successfully managed to crack the hashes of the shadow file.
Now that we have learned about bruteforce attacks from JTR, we will take a look at a tool 
called Rainbow crack.
Rainbow Crack
Rainbow crack can not only be used to crack password hashes by using rainbow tables, but it 
can also help you create your own rainbow tables in case you don’t want to download them; but 
remember that if you are generating a large rainbow table, you should make sure that you have 
ample hard drive space.

Postexploitation
◾ 
257
So let’s first learn how to generate a rainbow table by using the 
rtgen
tool in BackTrack; 
for the sake of simplicity I would generate a rainbow table of four characters. The Rainbow crack 
program is located in the /pentest/passwords/rainbowcrack directory inside of BackTrack; type 
./rtgen to view its options.
From the usage we can see the arguments it requires to generate a rainbow table; we will gener-
ate a rainbow table of lm hashes with numeric charset and the length would be from one to four 
numbers. To generate it we would use the following command:
./rtgen lm numeric 1 4 0 100 10000 file
This command tells rtgen to generate the rainbow table for lm hashes with a length of four 
characters (numeric), with 0 as the index, as this is our first rainbow table, followed by the chain 
length and chain count. You can research about them if interested as it’s a whole new topic.

Yüklə 22,44 Mb.

Dostları ilə paylaş:
1   ...   156   157   158   159   160   161   162   163   ...   235



Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət
gir | qeydiyyatdan keç
    Ana səhifə
Stomatologiya
Anesteziologiya
Cərrahlıq
Ginekologiya
Tibb

yükləyin