unshadow is a utility that is part of the John the Ripper password cracking tool. It is used to combine the password hash files from the /etc/passwd and /etc/shadow files into a single file that can be used as input for the John the Ripper password cracking tool.
The /etc/passwd file contains a list of user accounts on a Linux system, along with information about each user such as the user's home directory and shell. However, the /etc/passwd file does not contain the actual password hashes for the user accounts. Instead, the password hashes are stored in a separate file called /etc/shadow, which is readable only by the root user.
The unshadow utility combines the information from the /etc/passwd and /etc/shadow files into a single file, with each line containing a username, a password hash, and other fields separated by colons. This file can then be used as input for the John the Ripper tool, which will attempt to crack the password hashes using a variety of password cracking techniques.
To use the unshadow utility, you would typically run a command similar to the following:
unshadow /etc/passwd /etc/shadow > hashfile
This will create a file called hashfile that contains the combined password hashes from the /etc/passwd and /etc/shadow files.
john is the actual password cracking tool included with John the Ripper. It takes a file containing password hashes as input, and attempts to crack the passwords using a variety of techniques such as dictionary attacks, brute force attacks, and rainbow table attacks.
To use the john tool, you would typically run a command similar to the following:
john hashfile
This will cause john to begin cracking the password hashes in the hashfile using the default cracking mode and settings. You can specify various options and arguments to customize the cracking process, such as the cracking mode to use, the number of threads to use, and the password cracking wordlist to use.
It is important to note that password cracking is generally considered a malicious activity, and should only be performed on systems that you have permission to access and test.