Prompt
We have obtained /etc/shadow from a Kali Linux machine. Help us obtain the password, we think this might be a using a password from the Rockyou wordlist.
daemon:*:17955:0:99999:7:::
bin:*:17955:0:99999:7:::
sys:*:17955:0:99999:7:::
sync:*:17955:0:99999:7:::
games:*:17955:0:99999:7:::
man:*:17955:0:99999:7:::
lp:*:17955:0:99999:7:::
mail:*:17955:0:99999:7:::
news:*:17955:0:99999:7:::
uucp:*:17955:0:99999:7:::
proxy:*:17955:0:99999:7:::
www-data:*:17955:0:99999:7:::
backup:*:17955:0:99999:7:::
list:*:17955:0:99999:7:::
irc:*:17955:0:99999:7:::
gnats:*:17955:0:99999:7:::
nobody:*:17955:0:99999:7:::
_apt:*:17955:0:99999:7:::
systemd-timesync:*:17955:0:99999:7:::
systemd-network:*:17955:0:99999:7:::
systemd-resolve:*:17955:0:99999:7:::
mysql:!:17955:0:99999:7:::
Debian-exim:!:17955:0:99999:7:::
uuidd:*:17955:0:99999:7:::
rwhod:*:17955:0:99999:7:::
redsocks:!:17955:0:99999:7:::
usbmux:*:17955:0:99999:7:::
miredo:*:17955:0:99999:7:::
ntp:*:17955:0:99999:7:::
stunnel4:!:17955:0:99999:7:::
postgres:*:17955:0:99999:7:::
dnsmasq:*:17955:0:99999:7:::
messagebus:*:17955:0:99999:7:::
iodine:*:17955:0:99999:7:::
arpwatch:!:17955:0:99999:7:::
Debian-snmp:!:17955:0:99999:7:::
sslh:!:17955:0:99999:7:::
rtkit:*:17955:0:99999:7:::
inetsim:*:17955:0:99999:7:::
avahi:*:17955:0:99999:7:::
geoclue:*:17955:0:99999:7:::
sshd:*:17955:0:99999:7:::
colord:*:17955:0:99999:7:::
saned:*:17955:0:99999:7:::
speech-dispatcher:!:17955:0:99999:7:::
pulse:*:17955:0:99999:7:::
king-phisher:*:17955:0:99999:7:::
Debian-gdm:*:17955:0:99999:7:::
dradis:*:17955:0:99999:7:::
beef-xss:*:17955:0:99999:7:::
systemd-coredump:!!:17981::::::
tss:*:17981:0:99999:7:::
tcpdump:*:18185:0:99999:7:::
_rpc:*:18185:0:99999:7:::
statd:*:18185:0:99999:7:::
ftp:*:18211:0:99999:7:::
redis:*:18766:0:99999:7:::
hollie:$y$j9T$/WzixhAsn8sdXhCquYzh01$KZlio78LilItobsx/17ecFf1e2SbsduhP1sZEWuHrL4:18934:0:99999:7:::Walk-Through
This challenge involves cracking a Kali Linux password that uses the yescrypt password hashing function. At the time of writing, this is not a hashing function supported by either john or hashcat.
However, if you are running john on a system that uses yescrypt natively (such as Kali Linux), it is still possible to crack yescrypt by using the --format=crypt option, which will have john use the local Unix hash crypt function when running the attack.
john --format=crypt --wordlist=/usr/share/wordlists/rockyou.txt passwords.txtQuestions
What is the username of the only user account with a password?
Look for the username of the only entry whose second field is not blank.
On what date was the user's password last changed?
The third field represents the date of the last password change (measured in days since Jan 1, 1970). There are online tools (e.g. Epoch Converter) that can help with converting this value into a date.
What is the salt used to secure the user's password?
Follow the format structure of crypt to determine which section of the encrypted password is the salt. The salt is bounded by a $ on each side and comes after param and before hash.
What is the hash digest of the user's password?
Follow the format structure of crypt to determine which section of the encrypted password is the salt. The hash digest comes after the salt.
What is the plaintext password of the user's password?
Run john using the --format=crypt option to crack the password.
©️ 2024 Cyber Skyline. All Rights Reserved. Unauthorized reproduction or distribution of this copyrighted work is illegal.