Collecting Linux password hashes
To obtain the password hashes for Linux, we will need to be able to run commands on the target Linux device. The means to obtain the ability to run commands on the device are outside the scope of this book and can be more broadly covered in other books that focus on penetration testing techniques. These techniques can include, but are not limited to, exploiting a service or running process on the system, accessing a user’s account and logging into the system via normal channels, and running commands remotely via injection flaws, web shells, and similar modes of access. Again, these are outside the scope of this book and are thoroughly covered in other resources. For now, we will assume you have access to a user account on your machine and show output as it would be presented in the Terminal.
Linux password hashes are commonly represented in a file typically located at /etc/shadow. Access to this file is restricted to the root user or someone...
