I don't know much of Ubuntu, but is Ubuntu able to decode these sort of things? Or do I need to install some program? If I don't, how do I use Ubuntu to read the file?
Asked
Active
Viewed 2.4e+01k times
11
-
you don't need to decrypt a hashed password, that defeats the point of hashing it... – Alvar Nov 27 '13 at 19:32
-
2go through this answer by echox at unix.stackexchange, to know more about hashed passwords. – sourav c. Nov 27 '13 at 19:36
-
I think what you really want is, is there a way to find the password for a given hash in the /etc/shadow file. The answer is yes. If the hash is an md5, try searching on hash-killer, http://www.hashkiller.co.uk/md5-decrypter.aspx. – sybind Sep 07 '14 at 09:34
7 Answers
17
You need to install "John the Ripper".
$ apt install john
Then only 2 commands
$ unshadow /etc/passwd /etc/shadow > mypasswd.txt
$ john mypasswd.txt
When it is finishes (in 1-5 min for password with 4 numbers), you'll see password you need.
$ john --show mypasswd.txt
Artur Meinild
- 26,018
Jule Rulez
- 171
-
It is likely that a dictionary attack will have better chance to make it. You can use rockyou.txt file from https://github.com/danielmiessler/SecLists/tree/master/Passwords/Leaked-Databases,and then
john mypasswd.txt --wordlist=/usr/share/wordlists/rockyou.txt– Smile.Hunter Jul 18 '21 at 19:14 -
I tried and got nothing with the msg: 0 password hashes cracked, 3 left – xiaojueguan Jul 22 '21 at 07:14
15
In short - you can't!
/etc/shadow stores a hashed version of the password. This is, for all intents and purposes, impossible to recover because hashing is a one way operation.
This stops malicious people being able to read the passwords of users on the system.
jackweirdy
- 3,440
5
Let's make it simple : No. Passwords are not meant to be decrypted, what would be the point ? No technique, no utility will allow you to do such a thing. Behind those passwords are huge algorithms meant to be one-way only.
However, you can read the file (and see encrypted passwords) by doing :
sudo cat /etc/shadow
You'll need to be a sudoer, or root himself (in which case, sudo is useless)
John WH Smith
- 2,018
- 14
- 21
5
here's the deal. You can't decrypt a hashed password, that would ruin the point of hashing.
Hashing works in basic terms, that you take a random string and mix that up (using a certain algorithm) with the password so that it becomes totally unreadable. Then you store this password + hash in a database.
Then how do you know what the correct password is? Well you enter the password and take that same hash string and then you will get the same hash. Then simply compare those hashes and you know if the password is correct.
You can find out what password the user used, but then you need to know what hash string was used to hash it and also you need to know what hashing algorithm was used. Then in the end the solution is still to brute-force the password(try every combination) then hash it and see if it matches the hash that's stored in the database. So for a conclusion, you can "decrypt" a hashed password, but it's not easy.
useful links on the topic:
-
Then, why is it bad if the /etc/shadow contents are known to stranger? He can't use it, correct? – mtk Nov 11 '14 at 06:09
-
2@mtk if you know the hash and the hashed password then you can just bruteforce. If you try enough passwords you will get the correct hash after a while. Hashing is just a way to slow the process once your server has been hacked. You still need to change the passwords that were leaked. – Alvar Nov 11 '14 at 10:24
2
Ubuntu can't decrypt passwords but you may find john useful:
http://manpages.ubuntu.com/manpages/jaunty/en/man8/john.8.html
Mausy5043
- 740
- 2
- 10
- 27
1
Yes you can
If you want to decode this password then you need to install john the ripper in your ubuntu with sudo apt-get install john. you just need to copy line of that hash code and create a new file with .PASSWD extension and insert that file into john the ripper tool. It will automatically crack those hashes and give you the password of that particular user.
Rinzwind
- 299,756
-
1Are you sure that this is not just to test for weak passswords? Can you add an example of a user with a (let's say) 16 or even 32 char password that John can crack? – Rinzwind Aug 14 '19 at 09:25
-
3The answer is technically incorrect because John the Ripper is unable to decrypt hashes - nothing can - it only attempts to find the string (or a string) that generates that hash on a brute force basis. This means as the above comment points out, sufficiently secure passwords will not be able to be cracked in this way. – thomasrutter Apr 20 '20 at 07:19
1
Never assume a "hashed" password is always safe, not decryptable and uncrackable.
It all depends how the passwords has been "hashed" and what cryptographic algorithm was used, what techniques was used to hash a password and so on. There are dedicated hardware just to crack weak hashed passwords.
Most common way to figure out a hashed password is to use brute force dictionary program to decrypt and figure out a hashed password. This by no means it always works but it is useful. You'll be surprised how many people uses common easy to figure passwords and the brute force dictionary has tons of common passwords which are hashed and it compares it's value with the hashed password to find a match.
Because of this cryptographic developers came up with the "salt" and "pepper" hashing. Basically makes the common easy to guess passwords harder to crack since they will always be a unique hashed password.
End of the day, yes hashed passwords can be cracked if it is weakly hashed.
Here is a video on how to crack hashed passwords using "Hashcat": https://www.youtube.com/watch?v=eq097dEB8Sw
Many factors comes to play when you want a hashed password uncrackable, making it extremely difficult to decrypt.
Max Dax
- 79