shadow_crack.py is a simple script to crack passwords from
Some time ago some popular Linux distributions (Ubuntu, notably)
added the option to encrypt home directories (using
ecryptfs, as in Ubuntu, or
Since then, if an user forgets his/her login password, the
sysop cannot simply use 'sudo passwd user', since that will change
the password in /etc/shadow but this will not unlock
the encrypted home directory.
This script was kept as simple as possible (but not more) to show
that it really does what it says (and is not secretly emailing your
passwords to an evil empire, or the NSA).
It is loosely based on the code in
The generative model is somewhat similar to what is described in
This is a very simple program, if you need something that really
cracks generic passwords, start from
this good review in ArsTechnica.
You may download the code from here.
Suppose that Mr. Abs Entmi Nded has changed his Ubuntu
login password in his home PC, called delta; then he went away for a short vacation; when he
came back, he could not recall the new password. This is very
troublesome, since Abs's O.S. has encrypted the home directory,
and there lies some important stuff (tax data, PhD thesis, work
project.. you name it) and there is no backup for that data.
He then goes to the local sysop/guru.
The sysop, being a wise sysop, does not simply use 'sudo passwd
user', since that will change the password
in /etc/shadow but will not unlock the encrypted home
(Moreover the proposed script uses /etc/shadow to try to
recover the password; so if the sysop really used
'sudo passwd user', then the script will not be useful
anymore, unless somebody adds a encfs/ecryptfs module to the script).
Currently Abs remembers that he used the names
of the two family dogs, sigma and bravo, to create the
password; and that he altered the names somehow, adding some '+' or
'-' or space characters in between, and capitalizing some letters.
So the password may be one of the following:
'braoS-igma','+bravo-','bra-sig','bRA vO','am-gis','aMgi+brav','mgisbravO','sIgMa','sig ma'.
The sysop then copies /etc/shadow
from delta to a directory in a powerful host, and downloads the
code from here to that same directory. The sysop
configures the downloaded file shadow_crack.conf and runs
python shadow_crack.py shadow_crack.conf.
Hopefully after a few hours the program will find the forgotten password.
To see a test run of the above situation, download the code
from here to a local directory, and run
python shadow_crack.py shadow_crack.conf-test
It would be useful to add some modules to shadow_crack.py
so as to support cracking encfs or ecryptfs passwords
(If you wish to help, look at the test_shadow class).
Do not be as Abs Entmi Nded!
- Always backup your data to a safe place.
- If your O.S. encrypts your data, write down the
master password on paper and save it to a safe
place. In the case of Ubuntu, that uses
ecryptfs, the command ecryptfs-unwrap-passphrase
will show the internal master password that is used
to crypt the home directory: print it on a piece of
paper and store it somewhere safe.
- Always backup your data to a safe place. Yes, really!