GCIH · Question #727
A penetration tester is using John the Ripper to audit the password strength of Linux systems. The systems use shadow passwords. What command will he run to unshadow the passwords to a file, combined.
The correct answer is C. unshadow/etc/passwd /etc/shadow > combined.txt. The unshadow command merges /etc/passwd and /etc/shadow into a single crackable file, and requires passwd as the first argument followed by shadow.
Question
A penetration tester is using John the Ripper to audit the password strength of Linux systems. The systems use shadow passwords. What command will he run to unshadow the passwords to a file, combined.txt?
Options
- Aunshadow/etc/shadow/etc/passwd > combined.txt
- Bjohn/etc/shadow/etc/passwd > combined.txt
- Cunshadow/etc/passwd /etc/shadow > combined.txt
- Djohn/etc/passwd/etc/shadow > combined.txt
How the community answered
(39 responses)- A3% (1)
- B3% (1)
- C87% (34)
- D8% (3)
Why each option
The unshadow command merges /etc/passwd and /etc/shadow into a single crackable file, and requires passwd as the first argument followed by shadow.
This reverses the argument order by placing /etc/shadow before /etc/passwd, which is incorrect syntax for the unshadow command.
This incorrectly uses the john binary instead of the unshadow utility, and also presents the wrong argument order for unshadowing.
The correct syntax for the unshadow utility is 'unshadow /etc/passwd /etc/shadow', where /etc/passwd must be specified first and /etc/shadow second. This order matches the expected argument parsing of the tool, which combines user account information from passwd with hashed passwords from shadow into a format John the Ripper can process. Redirecting to combined.txt saves the merged output for subsequent cracking with john.
This uses the john binary instead of unshadow, which does not perform the passwd/shadow merging function required before cracking shadow passwords.
Concept tested: John the Ripper unshadow command syntax for Linux
Source: https://www.openwall.com/john/doc/OPTIONS.shtml
Topics
Community Discussion
No community discussion yet for this question.