Author: Marin Radu
Crack Linux user password hashes to find the longest password.
- Understanding Linux filesystem and password storage
unshadowandjohnrockyou.txtwordlist
Use unshadow to merge the passwd and shadow files, then crack with john.
unzip chall.zip
sudo unshadow passwd shadow > hash-all.txt
grep 'bash$' hash-all.txt | grep -v root > hash-users.txt
john --format=crypt hash-users.txt --wordlist=/usr/share/wordlists/rockyou.txt
john hash-users.txt --showThe longest password extracted will be manchesterunited.
Flag:
CSCTF{manchesterunited}