With John the Ripper you provide the encrypted password files. We will combine the passwd file and the shadow file to one single file and direct John the Ripper to that file.
The passwd file store account information while the shadow contains the encrypted passwords.
It’s important to remember that after you run John the Ripper against a file to clear the John.pot file after. If not then you will get the results of previous test.
In the tutorial 2 test accounts are create called ‘Ronan’ and ‘Tester’ and both are given a password.
useradd ronan -s /sbin/nologin
useradd gary -s /sbin/nologin
useradd brian-s /sbin/nologin
Once the account are created we check if the shadow password file exist.
It does so we can no copy the shadow and passwd file to a tmp directory.
cp /etc/passwd /tmp/passwd_copy cp /etc/shadow /tmp/shadow_copy
Now its time to start up John the Ripper and use the unshadow script to obtain the password file.
./unshadow /tmp/passwd_copy /tmp/shadow_copy > /tmp/combined
Now to crack the files we run John the Ripper against our combines passwd and shadow file.
As you see from the results above it took no time to crack the passwords for our test accounts. The final step after cracking is complete is to shred the accounts, the created files and the John.pot file.
userdel -r ronan userdel -r tester shred --remove /tmp/passwd_copy shred --remove /tmp/shadow_copy shred --remove /home/tools/john-1.7.2/run/john.pot