Passwd file

Format:

htb-student:x:1000:1000:,,,:/home/htb-student:/bin/bash

Field	Value
Username	`htb-student`
Password	`x`
User ID	`1000`
Group ID	`1000`
GECOS	`,,,`
Home directory	`/home/htb-student`
Default shell	`/bin/bash`

ShadowFile

Format:

htb-student:$y$j9T$3QSBB6CbHEu...SNIP...f8Ms:18955:0:99999:7:::

Field	Value
Username	`htb-student`
Password	`$y$j9T$3QSBB6CbHEu...SNIP...f8Ms`
Last change	`18955`
Min age	`0`
Max age	`99999`
Warning period	`7`
Inactivity period	`-`
Expiration date	`-`
Reserved field

Opasswd

PAM(pam_unix.so) library can prevent users from reusing old passwords.

They are stored in the /etc/security/opasswd file.

Cracking

cp /etc/passwd /tmp/passwd.bak 
cp /etc/shadow /tmp/shadow.bak 

unshadow /tmp/passwd.bak /tmp/shadow.bak > /tmp/unshadowed.hashes
hashcat -m 1800 -a 0 /tmp/unshadowed.hashes rockyou.txt -o /tmp/unshadowed.cracked