Hello All,

recently I came across a few new tools in my search for knowledge and one of them is the IDS distro Security Onion. Now I wont go over the situation at this time, but long story short, I needed access to the root account. During install you create a user account and according to the project documentation the root password is blank. I found that not to be true.

So I booted from the install media and entered debug mode which allowed me to login as an account that doesnt exist on the install version (the securityonion account referred to in the documentation...) IAC I was able to sudo cat the /etc/shadow file and send it to my linux VM with John on it.

Again, to keep this short, John did not seem to detect this hash, and online hash programs seem to have issue with it as well. I have two questions for you super hackers, 1. what kind of has is this, and 2. what is the password?

FYI, before anyone says anything, I figured out that my user account has suo and changed the password, so there is no risk of disclosure... as long as everyone using this distro changed the default password...

root:$6$AlvPANXN$U01UG4dM95nb/tAdSZe0bFxOuT0E9PX2SgxI2GLWp5QQJHTvxzpDhtW4nk4XZqLozPKzTj13jM1elzfdPV0M71

You may not need access to *that* root password.

sudo -s
type in your user password.

Should give you a root prompt.

Then you can

passwd root

to change the password.  I have not played with that distro yet, but should work.