Suninatas Game 14

Posted on Edited on In Views: Disqus:

challenges

Game 14

Challenge: Password cracking from Linux shadow file

Tool: John the Ripper

Step 1: Extract Archive

1
tar xf evidence.tar

Step 2: Examine Shadow File

The shadow file contains a hashed password entry:

1
suninatas:$6$QlRlqGhj$BZoS9PuMMRHZZXz1Gde99W01u3kD9nP/zYtl8O2dsshdnwsJT/1lZXsLar8asQZpqTAioiey4rKVpsLm/bqrX/:15427:0:99999:7:::

Step 3: Prepare for Cracking

Combine passwd and shadow files:

1
unshadow passwd shadow > unshadow

Step 4: Crack Password

Use John the Ripper with a wordlist:

1
john unshadow --wordlist=~/ctf/tool/dic/rockyou.txt

Output: 

1
iloveu1         (suninatas)

iloveu1