How to crack almost any OS password
Introduction
Use the infamous RockYou.txt password list containing 14 million used passwords to brute force the user passwords in almost any system you’ve got
Your computer is not safe, make your password stronger
Overview
- boot into the system using kali live usb
- create a hash of etc password and etc shadow (default location where passwords are stored in Linux)
- crack it using tools like john the ripper
Steps
- Create a live USB of Kali Linux
- Boot into this usb from the victim’s computer
- mount the root partition under /mnt
lsblk # shows connected drives
mount /dev/sda2 /mnt # mount the drive in /mnt. You'll have to change the sda name according to lsblk output
- Navigate to etc from /mnt and create hash out of shadow and password file using the
unshadow
util of kali linux. Save this in the home directory
In linux, the passwords of all users are stored as a hash in a /etc/shadow file. The corresponding names can be taken from
/etc/password
file
sudo unshadow /etc/passwd /etc/shadow > ~/shadowhash #storing the unshadowed file in home directory
- Crack this using tools like john-the-ripper. Pass in a wordlist if the password may be complex.
john --format=crypt shadowhash
# or
john shadowhash --wordlist=/usr/share/wordlists/rockyou.txt
This should give you the password in plain text format for the victim’s OS in 70% + cases.
Reboot the system and log in to the victim's OS with cracked password to gain full access to the system.
Note: This article focuses only on Linux machines. However, keep in mind that similar thing can be used for Windows systems as well.
P.S. It goes without saying that the purpose of the article is to show that we need to have a really complex password in our computers. Otherwise it can be cracked like above. Use proper long passwords containing both alphanumeric and special characters. Add a personal tinge something to the password as well so that it cannot be directly matched from a wordlist.
The End