How to Crack Shadow Hashes After Getting Root on a Linux System

After gaining access to a root account, the next order of business is using that power to do something more significant. If the user passwords on the system can be obtained and cracked, an attacker can use them to pivot to other machines if the login is the same across systems. There are two tried-and-true password cracking tools that can accomplish this: John the Ripper and Hashcat.
Previously: Perform Local Privilege Escalation Using a Linux Kernel Exploit
Passwd & Shadow File Overview
A couple files of particular interest on Linux systems are the /etc/passwd and /etc/shadow files. The… more