当前位置: 首页 > 工具软件 > TH-Nebula > 使用案例 >

Nebula: level06

司徒运锋
2023-12-01

exploit-exercises Nebula: level06

In level06, we are told that the account credentials for flag06 user account come from a legacy unix system. Let's go straight to the bank.
level06@nebula:~$ cat /etc/passwd | grep flag06
flag06: ueqwOCnSGdsuM:993:993::/home/flag06:/bin/sh
Back in the days, user password hashes were stored in /etc/passwd file. This is no longer the case as they are stored in /etc/shadow which is only readable by root (and shadow group).
We will use John the Ripper in order to find the password. JtR will go through the passwords in the provided word-list one-by-one, comparing the hash of each word with the hash found in /etc/passwd. The operation will stop once we find two matching hashes, thus guessing the right password. The password is hashed using unix' crypt.
kroosec@dojo:~$ cat pass06 flag06:ueqwOCnSGdsuM:993:993::/home/flag06:/bin/sh
kroosec@dojo:~$ john --wordlist=./cain.txt pass06 
Loaded 1 password hash (Traditional DES [128/128 BS SSE2-16])
hello            (flag06)
guesses: 1  time: 0:00:00:00 100%  c/s: 270933  trying: heliolog - helvella
Use the "--show" option to display all of the cracked passwords reliably
It didn't take long! the password is quite trivial, "hello". We login using the flag06 user account and getflag!
flag06@nebula:~$ getflag
You have successfully executed getflag on a target account
Posted 29th October 2012 by Hani Benhabiles
Labels: challenge exploit-exercises Linux nebula wargame

http://www.kroosec.com/2012/10/nebula-level06.html
 类似资料:

相关阅读

相关文章

相关问答