Tuesday, January 31, 2017

Checking Debian Linux user password without logging into system

Checking Debian Linux user password without logging into system

Problem


Imagine situation when you need to check a user's password without logging into system and any traces of action. I had this situation when I was able:
  1. can execute sudo command;
  2. I needed to check password of root user from my machine. Also, I was not interested of  password change for root user.
 Note: you can check password for any user of your system.






Solution

Information gathering



First of all you need to know salt and password hash (w: Salt (cryptography)). You can find it in shadow database using:
$ sudo cat /etc/shadow | grep root

Where root is target user name.

You will get something like this:
> root:$6$saltstring$originalhash:16744:0:99999:7:::

Where:
  • $6 - hashing algorithm (SHA-512 in this case);
  • saltstring - password salt;
  • originalhash - password hash

Checking passwords


You need tool which can generate password hash for given salt and supposed password. For this case $6 (SHA-512) you can use mkpasswd tool:

$ mkpasswd -m sha-512 supposed_password saltstring

> $6$saltstring$JmCliGfPf8dHPEOcKMHp9o5hjoejsRSbRAMNVY
g7LlolTk8vjm/nIFx0KdlW6Z8A.L6l04SzeH9jiuOGQgW9G.

Where:
  • saltstring - password salt; 
  • supposed_password- supposed password;
If your hash (in our case JmCliG<skipped>OGQgW9G.)is equal to originalhash the passwords identical.

Notes

Other hashing algorithm


If your hashing algorithm is not $6 and $1 it's MD5. Also, you can find more information here: (w: Passwd). In case you needed

No such utility

If you do not have mkpasswd  and see something like this:

> -bash: mkpasswd: command not found

You can install this utility with whois package:

$ sudo apt-get install whois

for Debian systems

Enjoy!


2 comments:

  1. It's interesting that many of the bloggers to  helped  clarify a few things for me as well as giving.Most of ideas can be nice content.The people to give them a good shake to get your point and across the command .
    Python Training in Chennai

    ReplyDelete
  2. It is amazing and wonderful to visit your site.Thanks for sharing this information,this is useful to me...
    Android Training in Chennai
    Ios Training in Chennai

    ReplyDelete