Ubuntu
shadow package

How to crack passwords in Ubuntu

Asked by Sergio Ribeiro

I was wondering how to crack Ubuntu passwords in Ubuntu 10.04. I was reading "Red Hat Linux: Administrator's Handbook" by Mohammed J. Kabir and I was looking at the section on cracking passwords. The reason I am interested in cracking passwords is NOT for creating viruses and malware. I am currently setting up a system of four or five Ubuntu computers to work together. I am basically going through and trying to expose security holes and fix them. The book I read said to look in </etc/passwd> directory. However I find that when I do <cd /etc> and then do <ls>, I find that <passwd> and <passwd-> are files. The book then tells me to (after I downloaded "crack-md5") to do <Crack /etc/passwd>. But it just comes up with an error message. Does anyone else know of password cracking or hacking techniques that will give me a password or give me access to the root user? If so please tell me, because I would prefer to find the holes myself instead of another malicious hacker. I have also heard that Ubuntu uses the Linux code entirely, but now I am wondering if it isn't a modified Linux system.

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu shadow Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Michael Basse (michael-alpha-unix) said : 		#1

i guess you should by a better book. /etc/passwd is not storing any passwords. its /etc/shadow and of course its not using md5.

http://en.wikipedia.org/wiki/Brute-force_attack this is your only way to "crack" paasswords from /etc/shadow.
maybe this also http://en.wikipedia.org/wiki/Rainbow_table (if i am correct there is no salt for /etc/shadow)

but lets face it. This forum is for ubuntu-support, not for any cracking.

and yes, ubuntu is not using the vanilla kernel, there are ubuntu-specific patches which you will find in the source-package of the kernel

Revision history for this message
Sam_ (and-sam) said : 		#2

> expose security holes and fix them

http://www.debian.org/doc/manuals/securing-debian-howto/
http://www.gentoo.org/doc/en/security/security-handbook.xml

Revision history for this message
Sergio Ribeiro (sergio-alfred-ribeiro) said : 		#3

The point of me trying to crack passwords is so I can find any weaknesses and patch them. I also don't think brute force attacks are the only way to properly hack a system. I mean ophcrack can crack a windows password in merely just a few minutes by using the rainbow hash tables. I know Ubuntu works off of an entirely different OS, but I think in both cases there is a shortcut the brute force method. Many people these days can hack a system fairly easily without having that much expertise. My purpose is to find the shortcuts for hacking and then patching that hole. So in a sense I am an aspiring hacker, but I am not using my skills (or lack of) to destroy a system. I have also invested time in getting the Ubuntu security patches, and the Ubuntu updates.

Revision history for this message
Paul Stewart (paulbrianstewart) said : 		#4

Sergio,

If you search on the internet, or get the book 'Hacking exposed' (can't remember the author)...there are plenty of resources around to figure out what you want to do. I think that posting on this answers forum may not really be in the best 'spirit' of the community....that just my opinion.

Revision history for this message
Sergio Ribeiro (sergio-alfred-ribeiro) said : 		#5

Thank you very much I bought a few books on it and the one you advised me on was very helpful. I know it is not the general spirit of the forum, but then again every 15 or 16 year old computer geek (like me) wants to know these things. It gives you a sense of knowing both sides of the dilemma. I mean if you are debating an issue on anything you have to know both sides of the argument otherwise you aren't well prepared. I feel it's the same way with hacking.

Can you help with this problem?

Provide an answer of your own, or ask Sergio Ribeiro for more information if necessary.

To post a message you must log in.