Password attacks "Passwd, Shadow & Opasswd"

Hello, i’m stuck as well but earlier. I dont know how to get s** cred. Can u give me a hint to start this section?

which mutated pass list i use i am in very confusion plzz tell me or give me a hint i tried the all mutated password i tried the custom.list and kira passwd custom list too

tried to cp the passwd/shadow files to perform the unshadow command but no correct privileges therefore these files must be there somewhere on the target machine to be able to continue the cracking using the hashcat with all given information in the resources file

you are heading on the right direction

I have unshadowed the hashes and mutated the password with 90k+ passwords and trying brute forcing with hashcat but shows ‘Exhausted’.!
Can anyone help me?

I have used: hashcat -m 1800 -a 0 unshadowed.hashes mut_password1.list -o unshadowed.cracked

But root password not cracked. Can you help?

it will crack two root passwords but there is a second one I just used the mut_password1.list which you helped me sed it after around 12 minutes

unshadow X.bak X.bak > unshadowed.hashes
hashcat -m 1800 -a 0 unshadowed.hashes mut_password1.list

I used the first mutates wordlist with 186850 words and it didn’t crack. Do we use the Kira wordlist?

I just got the answer using another tool. I had the answer in my list hashcat was not reading it for some reason, but it worked with the other tool.

Dear, I successfully got the unshadow file, but I cannot crack the file, Any Hints?
-Should I try to get s** user creds?
-Any Other hints in the target host?
-Or crack the unshadow file with the mutation pw list ?


did you ever figure this answer out im having such a hard time could you help me please

Can anyone give me a hint as to what I am doing wrong?

I moved to the machine with Will’s credentials and found the needed files. I checked the md5hash before transferring and after. Both .bak files were transferred correctly. Then I unshadowed them and started cracking. I tried several lists as mentioned in this threat already - without any luck!

When I start hashcat there are a lot of hints, such as

Hashfile ‘unshadowed.hashes’ on line 2 (daemon…emon:/usr/sbin:/usr/sbin/nologin): Token length exception

Might this be the error? Is something wrong with the unshadowed file?

UPDATE: I was able to reduce the messages about “length exception” by reducing the file to just the root user. BUT… still not able to crack the password with hashcat. JOHN did well! If you stuck try JOHN.