-2

Consider the following line taken from /etc/shadow file:

root:$1$NFEf74q.$bmukkxAq9dOMJINgEtP7u0:15258:0:::::

From this I understand that the hashing algorithm is md5 ($1) and starting from third $ sign is the hashed password consisting of 22 characters. From what I've read, this length is due to the hash being further encoded with base64 algorithm, is this correct? And If yes, how would you get the original md5 (32 chars) from it?

astralmaster
  • 109
  • 4
  • 1
    Anytime your plans involve directly reading or writing the shadow file...you're probably doing it wrong. There are standard utilities for manipulating accounts that are already thoroughly bugtested. – Grant Dec 06 '14 at 16:49
  • Would that include trying to recover a password (left by previous IT technitian) that is vital to company processes having only the shadow file itself? Please specify those thoroughly tested utilities. – astralmaster Dec 06 '14 at 16:57
  • And if that's not the case, what If my plans are simply learning the process itself through practice? – astralmaster Dec 06 '14 at 16:59
  • And why did this receive a downvote? – astralmaster Dec 06 '14 at 17:01
  • 1
    Humm, IMHO this issue is very relevant to a professional SA. – fpmurphy Dec 08 '14 at 00:50

1 Answers1

2

You base64_decode the string, and then you convert the binary string in hex representation.

In php you would use

$md5 = bin2hex(base64_decode($string));
Lorenz Meyer
  • 430
  • 2
  • 9
  • 25
  • Thanks, I tried online base64 decoders but didn't receive any data back at all. Probably something to do with binary2hex conversion – astralmaster Dec 06 '14 at 17:05