BiCH0's WebPage

Buscar

SearchSearch

HackMyVM - Misc

03 jun 20242 min read

005

Descripción:

El primer paso será eliminar los registros innecesarios (cualquiera que no sea root)

┌─[bicho@balam]─[/tmp]
└─[]=> grep root shadow.txt
root:$6$xyz$ZGQOqL77wiYAgPxsNEv2Kz3INjzK4JdG29RbaHaW5lrkH8bA8W7kC3GK4CctGrFO7.E2va7kSgF3eQXNWYQee.:15758:0:99999:7:::
┌─[bicho@balam]─[/tmp]
└─[]=> grep root shadow.txt > parsed.txt

Ahora vamos a usar hashcat para obtener la contraseña del usuario root

┌─[bicho@balam]─[/tmp]
└─[]=> hashcat parsed.txt /usr/share/wordlists/passwords/rockyou.txt.tar.gz
hashcat (v6.2.6) starting in autodetect mode

nvmlDeviceGetFanSpeed(): Not Supported

CUDA API (CUDA 12.4)
====================
* Device #1: NVIDIA GeForce RTX 2070 with Max-Q Design, 7864/7967 MB, 36MCU

...

Dictionary cache hit:
* Filename..: /usr/share/wordlists/passwords/rockyou.txt.tar.gz
* Passwords.: 14344383
* Bytes.....: 53291283
* Keyspace..: 14344383

$6$xyz$ZGQOqL77wiYAgPxsNEv2Kz3INjzK4JdG29RbaHaW5lrkH8bA8W7kC3GK4CctGrFO7.E2va7kSgF3eQXNWYQee.:<redacted>

Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 1800 (sha512crypt $6$, SHA512 (Unix))
Hash.Target......: $6$xyz$ZGQOqL77wiYAgPxsNEv2Kz3INjzK4JdG29RbaHaW5lrk...WYQee.
Time.Started.....: Mon Jun  3 10:15:36 2024 (1 sec)
Time.Estimated...: Mon Jun  3 10:15:37 2024 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (/usr/share/wordlists/passwords/rockyou.txt.tar.gz)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:    12911 H/s (15.12ms) @ Accel:128 Loops:128 Thr:64 Vec:1
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 16384/14344383 (0.11%)
Rejected.........: 0/16384 (0.00%)
Restore.Point....: 8192/14344383 (0.06%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:4992-5000
Candidate.Engine.: Device Generator
Candidates.#1....: tigger7 -> chatty
Hardware.Mon.#1..: Temp: 60c Util: 78% Core:1215MHz Mem: 810MHz Bus:8

Started: Mon Jun  3 10:15:16 2024
Stopped: Mon Jun  3 10:15:39 2024

Y ya tendríamos la contraseña

008

Descripción: Flag inside the zip file

┌─[bicho@balam]─[/tmp]
└─[]=> 7z x 008.zip

7-Zip [64] 17.05 : Copyright (c) 1999-2021 Igor Pavlov : 2017-08-28
p7zip Version 17.05 (locale=es_ES.UTF-8,Utf16=on,HugeFiles=on,64 bits,12 CPUs x64)

Scanning the drive for archives:
1 file, 178 bytes (1 KiB)

Extracting archive: 008.zip
--
Path = 008.zip
Type = zip
Physical Size = 178


Enter password (will not be echoed):
ERROR: Wrong password : flag.txt

Sub items Errors: 1

Archives with Errors: 1

Sub items Errors: 1

Vista Gráfica