If we are cracking local accounts passwords in a Unix/Linux environment. First you will need to merge “/etc/passwd” and “/etc/shadow” system files into one:
unshadow passwd shadow > passwd.1
Then there are two possible techniques.
Technique #1: Dictionary Attack
This is useful when we have a long dictionary with common passwords, so we want to audit that no user is using a weak password. One good dictionary you can get in Kali Linux is rockyou.txt, it contains a nice selection of 14,344,392 most common passwords (Kali 2021.1).
cp /usr/share/wordlists/rockyou.txt.gz . gunzip rockyou.txt.gz john -w:rockyou.txt passwd.1
Technique #2: Brute-force Attack
If the passwords are very short, we can use brute-force to get them easily:
john -i passwd.1
Learn more john the ripper advanced techniques in the Password Cracking section.
