Re: get MD5-Hash from /etc/shadow file

["Morgan Reed" <morgan.s.reed () gmail com>]

On Fri, Apr 11, 2008 at 7:53 AM, markus sesser <security () sesser eu> wrote:
>  is it possible to get the md5 hash of shadow password?
>
>  root:$1$GXJzVR5J$vS4wC7AW6hV8TvLu6Dtxt.:13979:0:::::
>
>  i'm looking not for a tool like john, crack, ...
>  i want to have a step by step instruction to get the md5 hash.

That is the MD5 hash;
$1 - denotes MD5
$GXJzVR5J - 8 character salt
$vS4wC7AW6hV8TvLu6Dtxt. - actual hash

The $ symbols are field delimiters.

The hash would have been generated by something similar to
crypt("test", "$1$GXJzVR5J") look at 'man 3 crypt' for further
details.

I assume you want to learn how to crack the password?

The only ways you can find the password from the hash are by rainbow
tables or direct brute force, in this case given the 8 character salt
the only real option is brute force, i.e. hash every possibility and
compare the hash to this one;

e.g. Pseudo code

hash("a", "$1$GXJzVR5J")
compare hash
hash("b", "$1$GXJzVR5J")
compare hash
...
hash("aa", "$1$GXJzVR5J")
compare hash
hash("ab", "$1$GXJzVR5J")
compare hash
...

And so on.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------