- Check file with info about users
cat /etc/passwd- Every user here have it's password stored in
/etc/shadow(xcharacter means it), but user flag01 stores its password here
...
flag00:x:3000:3000::/home/flag/flag00:/bin/bash
flag01:42hDRfypTqqnw:3001:3001::/home/flag/flag01:/bin/bash
flag02:x:3002:3002::/home/flag/flag02:/bin/bash
...
- 42hDRfypTqqnw not applies as password for flag01. Maybe it's encrypted.
- (On outer Linux/MacOS host) Let's copy string with ecrypted password from VM's
/etc/passwdsto filepwd_tmp - (On outer Linux/MacOS host) Install John program and use it
john ./pwd_tmp --show- John cracked this password: abcdefg
- Go to flag01 user and get flag:
su flag01
getflag- Flag for level02: f2av5il02puano7naaf6adaaf