Tuesday, January 31, 2017

Checking Debian Linux user password without logging into system

Checking Debian Linux user password without logging into system

Problem


Imagine situation when you need to check a user's password without logging into system and any traces of action. I had this situation when I was able:
  1. can execute sudo command;
  2. I needed to check password of root user from my machine. Also, I was not interested of  password change for root user.
 Note: you can check password for any user of your system.






Solution

Information gathering



First of all you need to know salt and password hash (w: Salt (cryptography)). You can find it in shadow database using:
$ sudo cat /etc/shadow | grep root

Where root is target user name.

You will get something like this:
> root:$6$saltstring$originalhash:16744:0:99999:7:::

Where:
  • $6 - hashing algorithm (SHA-512 in this case);
  • saltstring - password salt;
  • originalhash - password hash

Checking passwords


You need tool which can generate password hash for given salt and supposed password. For this case $6 (SHA-512) you can use mkpasswd tool:

$ mkpasswd -m sha-512 supposed_password saltstring

> $6$saltstring$JmCliGfPf8dHPEOcKMHp9o5hjoejsRSbRAMNVY
g7LlolTk8vjm/nIFx0KdlW6Z8A.L6l04SzeH9jiuOGQgW9G.

Where:
  • saltstring - password salt; 
  • supposed_password- supposed password;
If your hash (in our case JmCliG<skipped>OGQgW9G.)is equal to originalhash the passwords identical.

Notes

Other hashing algorithm


If your hashing algorithm is not $6 and $1 it's MD5. Also, you can find more information here: (w: Passwd). In case you needed

No such utility

If you do not have mkpasswd  and see something like this:

> -bash: mkpasswd: command not found

You can install this utility with whois package:

$ sudo apt-get install whois

for Debian systems

Enjoy!


No comments:

Post a Comment