nerdexam
GIAC

GCIH · Question #770

Which of the following programs is used by John the Ripper to merge the /etc/passwd and /etc/shadow files?

The correct answer is C. unshadow. John the Ripper includes the 'unshadow' utility to merge /etc/passwd and /etc/shadow into a single file suitable for password cracking.

Vulnerability Exploitation & Privilege Escalation

Question

Which of the following programs is used by John the Ripper to merge the /etc/passwd and /etc/shadow files?

Options

  • Acombine
  • Bpwdump
  • Cunshadow
  • Dcat
  • Emerge

How the community answered

(51 responses)
  • A
    4% (2)
  • B
    2% (1)
  • C
    92% (47)
  • E
    2% (1)

Why each option

John the Ripper includes the 'unshadow' utility to merge /etc/passwd and /etc/shadow into a single file suitable for password cracking.

Acombine

'combine' is not a utility included with John the Ripper or a standard Linux tool for merging password files.

Bpwdump

'pwdump' is a Windows-based tool for extracting NTLM password hashes from the SAM database, not a Linux shadow file merger.

CunshadowCorrect

The 'unshadow' tool ships with the John the Ripper suite and is specifically designed to combine the /etc/passwd file (containing usernames and account info) with the /etc/shadow file (containing hashed passwords) into a unified format. This merged output can then be fed directly into John the Ripper for offline password cracking. No other bundled JtR tool performs this merge function.

Dcat

'cat' could technically concatenate files but does not produce the correctly formatted output required by John the Ripper for shadow file cracking.

Emerge

'merge' is not a recognized utility in the John the Ripper suite or a standard Linux command for this purpose.

Concept tested: John the Ripper unshadow utility for password cracking

Source: https://www.openwall.com/john/doc/

Topics

#John the Ripper#unshadow#passwd shadow merge#password cracking

Community Discussion

No community discussion yet for this question.

Full GCIH Practice