From ae9b82e03075926753f8c8c4b839e298d34e0dc0 Mon Sep 17 00:00:00 2001 From: Raphael Date: Mon, 26 Jan 2026 16:14:34 +0100 Subject: [PATCH] docs(lvl01): adding the readme for level01 --- level01/README.md | 73 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 level01/README.md diff --git a/level01/README.md b/level01/README.md new file mode 100644 index 0000000..619e317 --- /dev/null +++ b/level01/README.md @@ -0,0 +1,73 @@ +Le mot de passe du compte `level01` n'est pas donne mais est bien exitstant + +```bash +groups level01 +level01 : level01 users +``` + +En cherchant la connection je regarde sur le fichier system `/etc/passwd` + +###### Voici uniquement la partie interessante (avec la commande complete) +```bash +cat /etc/passwd | sed 's/:/ /g' | awk '{print $1, $2}' | grep '01' +level01 x +flag01 42hDRfypTqqnw +``` + +et tombe donc sur un hash de mot de passe dans le fichier /etc/passwd je decide donc le copier avec scp sur mon laptop +```bash +scp -P 4242 level00@localhost:/etc/passwd . + / ____| / ____| | | + | (___ _ __ _____ _| | _ __ __ _ ___| |__ + \___ \| '_ \ / _ \ \ /\ / / | | '__/ _` / __| '_ \ + ____) | | | | (_) \ V V /| |____| | | (_| \__ \ | | | + |_____/|_| |_|\___/ \_/\_/ \_____|_| \__,_|___/_| |_| + + Good luck & Have fun + +level00@localhost's password: +passwd 100% 2477 597.9KB/s 00:00 + + +ll +Permissions Size User Date Modified Name +.rw-r--r--@ 2.5k raphael 26 Jan 15:57  passwd + +``` + +John ne fonctionnant pas sur notre session a cause du flag00 alors nous allons faire utliser sur mon laptop +```bash +john ./passwd +Warning: detected hash type "descrypt", but the string is also recognized as "descrypt-opencl" +Use the "--format=descrypt-opencl" option to force loading these as that type instead +Using default input encoding: UTF-8 +Loaded 1 password hash (descrypt, traditional crypt(3) [DES 128/128 ASIMD]) +Proceeding with single, rules:Single +Press 'q' or Ctrl-C to abort, 'h' for help, almost any other key for status +Warning: Only 126 candidates buffered for the current salt, minimum 128 needed for performance. +Almost done: Processing the remaining buffered candidate passwords, if any. +0g 0:00:00:00 DONE 1/3 (2026-01-26 15:57) 0g/s 70200p/s 70200c/s 70200C/s Flag0168..Flag0159 +Proceeding with wordlist:/nix/store/sjnlaf0f50sb5p9l93rvlqfhi7xzjpvm-john-rolling-2404/share/john/password.lst +Enabling duplicate candidate password suppressor +abcdefg (flag01) +1g 0:00:00:00 DONE 2/3 (2026-01-26 15:57) 33.33g/s 49000p/s 49000c/s 49000C/s raquel..bigman +Use the "--show" option to display all of the cracked passwords reliably +Session completed. + + +john ./passwd --show +flag01:abcdefg:3001:3001::/home/flag/flag01:/bin/bash + +1 password hash cracked, 0 left +``` + +Et la connection et maintenant possible et je peux lancer +```bash +su flag01 +Password: +Don't forget to launch getflag ! + + +getflag +Check flag.Here is your token : f2av5il02puano7naaf6adaaf +```