0

I've been struggling with encrypting this hash for a school homework. (Backstory) I had to gain access from my Kali Linux machine to an "unknown" Linux machine and I've done it, but now I have to basically get the username and password of the unknown Linux machine. I located the passwords file "/etc/shadow" and I nano'd the file to see the passwords and this came up:

Root

The password that I need is for root, so I'm guessing it's this one?

root: $1$/avpfBJ1$x0z8w5UF9Iv./DR9E9Lid.

If you're able to decrypt it, can you please explain how you did it and what type of encryption it is?

JOW
  • 2,319
  • 2
  • 16
  • 24
Tenchu
  • 5
  • 1
  • 3
  • Does this help? https://hashcat.net/wiki/doku.php?id=example_hashes – multithr3at3d Apr 23 '20 at 14:21
  • I can't help but wonder if you are making invalid assumptions in your assignment. You said *you have gained access*. So you are on the machine as **what user** ? This relates to your other statement where you said, " *i have to basically get the username and password* ". There are many users and many passwords, including your own. Your use of the word **basically** suggests an interpretation. Is it possible that the assignment is to "get root" and you have incorrectly assumed that this requires the password? – user10216038 Apr 23 '20 at 17:58
  • i gained access by exploiting "exploit/multi/samba/usermap_script" on Kali, which is kinda like "shell access" but for linux, i can browse files, delete files, move files around. the "other" linux machine is locked out with a username and password and i have to get the username and password for that machine using Kali. – Tenchu Apr 23 '20 at 22:11
  • @Tenchu you have to specifically *retrieve* the password: simply resetting it to a known value is not an option? – lights0123 Apr 24 '20 at 00:45
  • the main goal for me is to gain access to the machine and i figured getting the shadow.txt file is the easiest way? can you explain how can i reset it to a known value? – Tenchu Apr 24 '20 at 01:33
  • **You keep saying things that lead me to believe you are missing fundamental concepts.** "*the main goal for me is to gain access to the machine ... i can browse files, delete files, move files around ...which is kinda like "shell access" but for linux*". You have already done that! You are already on the machine! It's not "kinda like shell," it **is** shell. Your access to the shadow file demonstrates that you already have high level access, or the Linux machine security is badly misconfigured, or both. You need to understand what you already have instead of throwing scripts at the problem. – user10216038 Apr 25 '20 at 15:34
  • i am missing some fundamental concepts since we started learning these things with online-sessions and the teacher threw everything at once on us and he wasn't being clear on everything. it turns out that the linux machine security is badly configured for us to hack into the machine, and you can't be more right about me having a high level access because all i had to do is go to terminal and type "passwd" to change the password to anything i want.. i feel stupid haha but i learned alot about salts and hashes so its not all bad. – Tenchu Apr 26 '20 at 04:11

3 Answers3

1

To quote Wikipedia:

$id$salt$hashed", the printable form of a password hash as produced by crypt (C), where "$id" is the algorithm used.

  • $1$ – MD5

So in your example $1$/avpfBJ1$x0z8w5UF9Iv./DR9E9Lid.

1 means it's an MD5 hash,

avpfBJ1 is the salt, and

x0z8w5UF9Iv./DR9E9Lid. is the password hash

You cannot decrypt a password hash; you can only brute-force it by hashing a large number of potential passwords and hoping you find a match.

gowenfawr
  • 71,975
  • 17
  • 161
  • 198
  • i'm currently using john the ripper to brute-force it, hopefully i can find the password, thank you!. – Tenchu Apr 23 '20 at 14:55
0

The first symbols (root in this case) indicates the username. The second part after the ":" is the hashed password.

$1$ usually indicates MD5 hash. If you want some more Information about the syntax for /etc/shadow here is a good source.

Valentin
  • 651
  • 3
  • 9
0

The pieces of information that you are seeing in the shadow file are the salted and hashed users' passwords. This means that the shadow file can be used to verify that the user has provided the correct password, when prompted. However, because these are hashes, there is no way to 'decrypt' these, to get the plaintext passwords of the users.

See https://stackoverflow.com/questions/18035093/given-a-linux-username-and-a-password-how-can-i-test-if-it-is-a-valid-account/18035305#18035305 for more info.

mti2935
  • 19,868
  • 2
  • 45
  • 64