nerdexam
GIAC

GCIH · Question #727

A penetration tester is using John the Ripper to audit the password strength of Linux systems. The systems use shadow passwords. What command will he run to unshadow the passwords to a file, combined.

The correct answer is C. unshadow/etc/passwd /etc/shadow > combined.txt. The unshadow command merges /etc/passwd and /etc/shadow into a single crackable file, and requires passwd as the first argument followed by shadow.

Vulnerability Exploitation & Privilege Escalation

Question

A penetration tester is using John the Ripper to audit the password strength of Linux systems. The systems use shadow passwords. What command will he run to unshadow the passwords to a file, combined.txt?

Options

  • Aunshadow/etc/shadow/etc/passwd > combined.txt
  • Bjohn/etc/shadow/etc/passwd > combined.txt
  • Cunshadow/etc/passwd /etc/shadow > combined.txt
  • Djohn/etc/passwd/etc/shadow > combined.txt

How the community answered

(39 responses)
  • A
    3% (1)
  • B
    3% (1)
  • C
    87% (34)
  • D
    8% (3)

Why each option

The unshadow command merges /etc/passwd and /etc/shadow into a single crackable file, and requires passwd as the first argument followed by shadow.

Aunshadow/etc/shadow/etc/passwd > combined.txt

This reverses the argument order by placing /etc/shadow before /etc/passwd, which is incorrect syntax for the unshadow command.

Bjohn/etc/shadow/etc/passwd > combined.txt

This incorrectly uses the john binary instead of the unshadow utility, and also presents the wrong argument order for unshadowing.

Cunshadow/etc/passwd /etc/shadow > combined.txtCorrect

The correct syntax for the unshadow utility is 'unshadow /etc/passwd /etc/shadow', where /etc/passwd must be specified first and /etc/shadow second. This order matches the expected argument parsing of the tool, which combines user account information from passwd with hashed passwords from shadow into a format John the Ripper can process. Redirecting to combined.txt saves the merged output for subsequent cracking with john.

Djohn/etc/passwd/etc/shadow > combined.txt

This uses the john binary instead of unshadow, which does not perform the passwd/shadow merging function required before cracking shadow passwords.

Concept tested: John the Ripper unshadow command syntax for Linux

Source: https://www.openwall.com/john/doc/OPTIONS.shtml

Topics

#password cracking#unshadow#shadow passwords#John the Ripper

Community Discussion

No community discussion yet for this question.

Full GCIH Practice