DEV Community

Cover image for Password Cracking Project #1 – From Privilege Escalation to Hashcat
Seif Eldien Ahmad Mohammad
Seif Eldien Ahmad Mohammad

Posted on

Password Cracking Project #1 – From Privilege Escalation to Hashcat

#cybersecurity #offsec #redteam #internship

πŸ”Ή Objective:
Learn and apply the end-to-end process of password cracking on Metasploitable2.

πŸ”Ή Steps Taken:
``

1. Dump shadow and passwd files

scp msfadmin@:/etc/passwd ./passwd
scp msfadmin@:/etc/shadow ./shadow

2. Combine them into a hash file

unshadow passwd shadow > combined.txt

3. Run Hashcat against the hashes

hashcat -m 500 -a 0 combined.txt /usr/share/wordlists/rockyou.txt
``
πŸ”Ή Outcome:

Extracted hashes successfully.

Attempted cracking with Hashcat.

Root password did not crack with the default wordlist.

πŸ”Ή Lessons Learned:

Password cracking requires strong wordlists and sometimes brute-force.

The workflow matters more than the result.

Defenders should always enforce strong passwords and modern hashing algorithms.

πŸ’‘ Next Steps:

Experiment with custom wordlists.

Try brute-force methods.

Move to the next Red Teaming challenge (DVWA SQL injection).

Top comments (0)