{
	"id": "b3d0636b-03cf-4c96-9dad-340741fd97d9",
	"created_at": "2026-04-06T00:13:07.321241Z",
	"updated_at": "2026-04-10T03:20:49.777001Z",
	"deleted_at": null,
	"sha1_hash": "54bcaa19dbb43def68a197f62cd4d3d01dc86ef4",
	"title": "Linux Password Cracking: Explain unshadow and john Commands ( John the Ripper Tool ) - nixCraft",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 93861,
	"plain_text": "Linux Password Cracking: Explain unshadow and john\r\nCommands ( John the Ripper Tool ) - nixCraft\r\nBy Vivek Gite\r\nPublished: 2008-01-11 · Archived: 2026-04-05 13:37:38 UTC\r\nCan you tell me more about unshadow and john command line tools? How does it protect my server from\r\ncrackers?\r\nBoth unshadow and john commands are distributed with “John the Ripper security” software. It act as a fast\r\npassword cracker software. It is a free and Open Source software. It runs on Windows, UNIX and Linux operating\r\nsystem. Use this tool to find out weak users passwords on your own server or workstation powered by Unix-like systems.\r\nJohn cracking modes\r\n[donotprint]\r\nTutorial details\r\nDifficulty level Easy\r\nRoot privileges Yes\r\nRequirements John the Ripper\r\nEst. reading time 3 minutes\r\n[/donotprint] John the Ripper can work in the following modes:\r\n[a] Wordlist : John will simply use a file with a list of words that will be checked against the passwords. See\r\nRULES for the format of wordlist files.\r\n[b] Single crack : In this mode, john will try to crack the password using the login/GECOS information as\r\npasswords.\r\nhttps://www.cyberciti.biz/faq/unix-linux-password-cracking-john-the-ripper/\r\nPage 1 of 3\n\nIncremental : This is the most powerful mode. John will try any character combination to resolve the password.\r\nDetails about these modes can be found in the MODES file in john’s documentation, including how to define your\r\nown cracking methods.\r\nInstall John the Ripper Password Cracking Tool\r\nJohn the ripper is not installed by default. If you are using Debian / Ubuntu Linux, enter:\r\n$ sudo apt-get install john\r\nRHEL, CentOS, Fedora, Redhat Linux user can grab john the ripper here. Once downloaded use the rpm\r\ncommand as follows to install the same:\r\n# rpm -ivh john*\r\nHow do I use John the ripper to check weak passwords or crack passwords?\r\nFirst use the unshadow command to combines the /etc/passwd and /etc/shadow files so John can use them. You\r\nmight need this since if you only used your shadow file, the GECOS information wouldn’t be used by the “single\r\ncrack” mode, and also you wouldn’t be able to use the -shells option. On a normal system you’ll need to run\r\nunshadow as root to be able to read the shadow file. So login as root or use old good sudo / su command under\r\nDebian / Ubuntu Linux:\r\n$ sudo /usr/sbin/unshadow /etc/passwd /etc/shadow \u003e /tmp/crack.password.db\r\nRHEL / CentOS / Fedora Linux user type the following command:\r\n# /usr/bin/unshadow /etc/passwd /etc/shadow \u003e /tmp/crack.password.db\r\nTo check weak password (crack password), enter the following command:\r\nWARNING! These examples uses brute-force ~ CPU-time consuming password cracking techniques.\r\nTo use John, you just need to supply it a password file created using unshadow command along with desired\r\noptions. If no mode is specified, john will try “single” first, then “wordlist” and finally “incremental” password\r\ncracking methods.\r\n$ john /tmp/crack.password.db\r\nOutput:\r\n john /tmp/crack.password.db\r\nLoaded 1 password (FreeBSD MD5 [32/32])\r\nThis procedure will take its own time. To see the cracked passwords, enter:\r\n$ john -show /tmp/crack.password.db\r\ntest:123456:1002:1002:test,,,:/home/test:/bin/bash\r\ndidi:abc123:1003:1003::/home/didi:/usr/bin/rssh\r\n2 passwords cracked, 1 left\r\nhttps://www.cyberciti.biz/faq/unix-linux-password-cracking-john-the-ripper/\r\nPage 2 of 3\n\nAbove output clearly indicates that user test has 123456 and didi has abc123 password.\r\nRelated:\r\nLinux check passwords against a dictionary attack\r\nJohn the ripper examples text file for more information.\r\nFurther readings:\r\nJohn the ripper project home page.\r\nSee john and unshadow command man pages.\r\nJohn the ripper examples text file\r\nJohn configuration file /etc/john/john.conf\r\nRainbow table – Rainbow Cracking uses differs from brute force crackers in that it uses large pre-computed tables called rainbow tables to reduce the length of time needed to crack a password drastically.\r\nSee Ophcrack Live CD.\r\n🥺 Was this helpful? Please add a comment to show your appreciation or feedback.\r\nVivek Gite is an expert IT Consultant with over 25 years of experience, specializing in Linux and open source\r\nsolutions. He writes about Linux, macOS, Unix, IT, programming, infosec, and open source. Follow his work via\r\nRSS feed.\r\nSource: https://www.cyberciti.biz/faq/unix-linux-password-cracking-john-the-ripper/\r\nhttps://www.cyberciti.biz/faq/unix-linux-password-cracking-john-the-ripper/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://www.cyberciti.biz/faq/unix-linux-password-cracking-john-the-ripper/"
	],
	"report_names": [
		"unix-linux-password-cracking-john-the-ripper"
	],
	"threat_actors": [],
	"ts_created_at": 1775434387,
	"ts_updated_at": 1775791249,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/54bcaa19dbb43def68a197f62cd4d3d01dc86ef4.pdf",
		"text": "https://archive.orkl.eu/54bcaa19dbb43def68a197f62cd4d3d01dc86ef4.txt",
		"img": "https://archive.orkl.eu/54bcaa19dbb43def68a197f62cd4d3d01dc86ef4.jpg"
	}
}