Single crack mode uses information about the user, such as username or full name, from the supplied password values, where present, to attempt to build a short, highly focused dictionary of targeted passwords to crack.
Wordlist mode operates via a wordlist, either user-supplied or a built-in one, and tries all the values in the wordlist.
Incremental mode attempts to iterate through all possible character combinations according to adjustable length and complexity criteria -- for example, all strings between five and eight alphanumeric characters.
Unshadow command
unshadow /etc/passwd /etc/shadow > passwords.out
john --format=crypt ./passwords.out
This is distributed with John the Ripper in most packages. It combines the contents of /etc/passwd and /etc/shadow on a Linux VM, in this case, Kali. Then, we used the john command and specified the format -- in this case, the crypt mechanism. Since we haven't told it what cracking mode to use, John begins with single crack and then proceeds to wordlist -- none was specified, so it used the default. Ultimately, it will move to incremental mode.
