“unshadow” is a command-line utility provided by the John the Ripper password cracking tool to obtain the traditional Unix password file on systems that use shadow passwords. In Unix-like operating systems, passwords are typically stored in either the traditional Unix password file or the shadow password file. The traditional Unix password file stores user passwords in a hashed format directly in the file, which presents a security risk if the file is compromised. To address this issue, modern Unix-like operating systems store user passwords in a separate file called the shadow password file, which is only accessible by the system’s superuser.
However, in some cases, it may be necessary to obtain the traditional Unix password file, for example, if you need to migrate user accounts to a new system or perform a security audit. This is where the “unshadow” utility comes in. It allows you to combine the contents of the traditional Unix password file and the shadow password file into a single file, which can then be used by password cracking tools like John the Ripper to attempt to crack the passwords.
To use “unshadow”, you must have root access to the system and be able to read both the traditional Unix password file (/etc/passwd) and the shadow password file (/etc/shadow). The syntax for the “unshadow” command is:
# unshadow /etc/passwd /etc/shadow > password_file
This command combines the contents of the /etc/passwd and /etc/shadow files and writes them to a file called password_file, which can then be used as input to John the Ripper or other password cracking tools.
If you encounter the below error while running the command unshadow:
unshadow: command not found
you may try installing the below package as per your choice of distribution:
| Distribution | Command |
|---|---|
| Debian | apt-get install coreutils |
| Ubuntu | apt-get install coreutils |
| Alpine | apk add coreutils |
| Arch Linux | pacman -S coreutils |
| Kali Linux | apt-get install coreutils |
| CentOS | yum install coreutils |
| Fedora | dnf install coreutils |
| OS X | brew install coreutils |
| Raspbian | apt-get install coreutils |
unshadow Command Examples
1. Combine the `/etc/shadow` and `/etc/passwd` of the current system:
# sudo unshadow /etc/passwd /etc/shadow
2. Combine two arbitrary shadow and password files:
# sudo unshadow path/to/passwd path/to/shadow
Summary
It is worth noting that using password cracking tools like John the Ripper can be illegal and unethical if you do not have permission from the system owner or are not performing a legitimate security audit. Additionally, obtaining and using user passwords without their consent is a serious violation of their privacy and security, and should not be done without a legitimate reason and proper authorization.