Information Technology | Softwares - Graphics - Programming - Hacking - Security

Aug 11, 2019

How to crack Linux shadow password file - Zydra

The /etc/shadow file stores actual password in encrypted format (more like the hash of the password) for user’s account with additional properties related to user password. Basically, it stores secure user account information.

Zydra is a file password recovery tool and Linux shadow file cracker. It uses the dictionary search or Brute force method for cracking passwords.

Supported Files
RAR Files
Legacy ZIP Files
PDF Files
Linux Shadow Files (zydra can find all the user’s password in the linux shadow file one after the other)

Python >= 3.3
debian-based linux distro
qpdf and unrar packages. Install it: sudo apt-get install qpdf unrar
some python modules: zipfile, rarfile, crypt, pyfiglet, py-term 
pip3 install zipfile rarfile crypt pyfiglet py-term 
notice: rar,zip and pdf files must have an extension, shadow files does not need an extension.

Cracking files password using two methods: 1. dictionary method 2. brute force method
In the brute force method, you can specify the min length and max length of the passwords.
In the brute force method, you can specify the type of characters that may be used in the password.
There is a percent progress bar showing how much of the process has been performed.
Error handling.
One of the most important features of Zydra is the multiprocessing feature that speeds up the program. For example if you have 8 CPU cores, Zydra will use all of them for processing at the same time.

git clone 
now, we can use Zydra without install
python3 -h to get help

crack a zip file password and use rockyou.txt dictionary
python3 –f –d rockyou.txt

Brute force search to find the password for the users in the shadow file 
Minimum length of password is 4 and maximum length is 4 and we try to find passwords that are composed of numbers and symbols letters. 
python3 –f /etc/shadow –b digits,symbols –m 4 –x 4


About Us