Linux Password Hashes

Check this out: https://www.cyberciti.biz/faq/understanding-etcpasswd-file-format/

Intro:

! 1000

MSF Module:

search hashdump

• It's gonna be this: post/linux/gather/hashdump
  This module Unshadows the /etc/shadow file "Basically formats the hashes as a crackable file"

• auxiliary/analyze/crack_linux

More about Hashes Format:

/etc/passwd :

stores user account information: user ID, group ID, home directory, shell, and more. should have general read
permission. However, write access to the /etc/passwd must only limit for the superuser/root account.

/etc/shadow :

The shadow file stores the hashed passphrase (or “hash”) format for Linux user account with additional properties related to the user password.
This shadow file is directly accessible only to the root user. All fields are separated by a colon (:) symbol.