[project]How to hack a password with Kali Linux and countermeasures


In this article, the steps to hack a password with Kali Linux will be shown. The demonstration will be conducted in the Kali Linux OS in the VirtualBox environment.

2. Type the command below to see the hashed password. In this paper, the user “taka” password is the target to hack

3. Type the command below to dump the hashed password to “unshadow.txt.”

4. Check the unshadow.txt file is successfully made or not.

5. Check the content of the unshadow.txt file

6. Move to the following directory.

7. Check the file “rockyou.txt.gz” exists. This file exists as default in Kali Linux.

8. Unzip the file.

9. Check the file was unzipped, and “rockyou.txt” exists.

10. Check how many possible password lists are written in the “rockyou.txt” file.

11. Move back to the home directory

12. Check the files in the home directory

13. Type the command below to hack the password of user taka from the “unshadow.txt” file.

In this case, choose hash type 1800 since Kali Linux uses SHA-512 hash.

14. The command is conducted.

15. The output file “Crack-Password.txt” was created.

16. Check the content of the “Crack-Password.txt” file. The password was cracked.


You can set password requirements in Debian and Red hat-based systems with the directory below.

· /etc/pam.d/common-password on Debian

· /etc/security/pwquality.conf on Red hat

2. System administrators are recommended to configure salt hashing in the system.

3. Incorporate Multi-Factor-Authentication (MFA) into each user’s account.

4. Implement a breached password protection tool

5. Forbid the password hints

6. Limit the maximum number of password attempts



Cloud security engineer https://www.linkedin.com/in/takahiro-oda-881423197/

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store