In order to unshadow to the two files we need to execute unshadow passwd.txt shadow.txt > unshadowed.txt An example is the following: # /etc/passwd line In order to unshadow the shadow file we need to also have the equivalent line from the passwd for the user of our interest. Unshadow is a tool that handles this task and it is part of the John package. Unshadowing is a process where we combine the /etc/passwd file along with the /etc/shadow in order for John to be able to understand what we are feeding to it. The process involves two basic steps, the first is called unshadowing while the second is the cracking itself.
It is common in CTF like events to somehow get access to the shadow file or part of it and having to crack it so you can get the password of a user. In this article we are going to show how we can crack /etc/shadow file using John the Ripper.