yescrypt 是最近版本的 ALT Linux、Arch Linux、Debian 11+、Fedora 35+、Kali Linux 2021.1+ 和 Ubuntu 22.04+ 的默认密码哈希算法。它也被 Fedora 29+、RHEL 9+ 和 Ubuntu 20.04+ 支持,并且在 Fedora CoreOS 中推荐用于新密码。
如果需要保持密码哈希兼容性,可以修改 /etc/pam.d/common-password 配置,找到类似以下的行:
password [success=1 default=ignore] pam_unix.so obscure yescrypt
并将 yescrypt 替换为 sha512。
破解 Kali 密码(使用 Yescrypt 哈希)
❯ sudo cat /etc/shadow | grep kali
kali:$y$j9T$zY1oKFxJlTgP2WcJhzbNl1$xhkUmB8R9fzETc/1kgL/nOPcWFTvhn17clxXCgyFjpC:19953:0:99999:7:::
❯ sudo john /etc/shadow --format=crypt
Created directory: /root/.john
Using default input encoding: UTF-8
Loaded 1 password hash (crypt, generic crypt(3) [?/64])
Cost 1 (algorithm [1:descrypt 2:md5crypt 3:sunmd5 4:bcrypt 5:sha256crypt 6:sha512crypt]) is 0 for all loaded hashes
Cost 2 (algorithm specific iterations) is 1 for all loaded hashes
Will run 4 OpenMP threads
Proceeding with single, rules:Single
Press 'q' or Ctrl-C to abort, almost any other key for status
kali (kali)
1g 0:00:00:00 DONE 1/3 (2024-11-25 08:45) 4.166g/s 400.0p/s 400.0c/s 400.0C/s kali..kali999994
Use the "--show" option to display all of the cracked passwords reliably
Session completed.
❯ sudo john /etc/shadow --show
kali:kali:19953:0:99999:7:::
1 password hash cracked, 0 left
