• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • VCS
  • Interview Questions
  • Database
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

unshadow Command Examples in Linux

by Deepika

“unshadow” is a command-line utility provided by the John the Ripper password cracking tool to obtain the traditional Unix password file on systems that use shadow passwords. In Unix-like operating systems, passwords are typically stored in either the traditional Unix password file or the shadow password file. The traditional Unix password file stores user passwords in a hashed format directly in the file, which presents a security risk if the file is compromised. To address this issue, modern Unix-like operating systems store user passwords in a separate file called the shadow password file, which is only accessible by the system’s superuser.

However, in some cases, it may be necessary to obtain the traditional Unix password file, for example, if you need to migrate user accounts to a new system or perform a security audit. This is where the “unshadow” utility comes in. It allows you to combine the contents of the traditional Unix password file and the shadow password file into a single file, which can then be used by password cracking tools like John the Ripper to attempt to crack the passwords.

To use “unshadow”, you must have root access to the system and be able to read both the traditional Unix password file (/etc/passwd) and the shadow password file (/etc/shadow). The syntax for the “unshadow” command is:

# unshadow /etc/passwd /etc/shadow > password_file

This command combines the contents of the /etc/passwd and /etc/shadow files and writes them to a file called password_file, which can then be used as input to John the Ripper or other password cracking tools.

unshadow Command Examples

1. Combine the `/etc/shadow` and `/etc/passwd` of the current system:

# sudo unshadow /etc/passwd /etc/shadow

2. Combine two arbitrary shadow and password files:

# sudo unshadow path/to/passwd path/to/shadow

Summary

It is worth noting that using password cracking tools like John the Ripper can be illegal and unethical if you do not have permission from the system owner or are not performing a legitimate security audit. Additionally, obtaining and using user passwords without their consent is a serious violation of their privacy and security, and should not be done without a legitimate reason and proper authorization.

Filed Under: Linux

Some more articles you might also be interested in …

  1. latte-dock Command Examples in Linux
  2. genkernel Command Examples in Linux
  3. kwriteconfig5: command not found
  4. How to recover deleted Logical volume (LV) in LVM using vgcfgrestore
  5. tshark: command not found
  6. CentOS / RHEL : How to Disable / Enable direct root and non-root user ssh login
  7. scsi_id Command Examples in Linux
  8. User Unable To Edit crontab, Error: “/tmp/crontab.Lm34gsJV: Permission denied”
  9. toilet: command not found
  10. dir: command not found

You May Also Like

Primary Sidebar

Recent Posts

  • gml2gv Command Examples
  • glow Command Examples
  • glib-compile-resources Command Examples
  • glances Command Examples

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright