Misc - 005
备注
created by || bit
⏲️ Release Date // 2022-03-04
💀 Solvers // 369
🧩 Type // misc
Hey! I got the /etc/shadow file from the machine, but I don't know how to crack the root password.
I think it is the flag in HMV{rootpassword} format.
得到的 shadow 文件内容
root:$6$xyz$ZGQOqL77wiYAgPxsNEv2Kz3INjzK4JdG29RbaHaW5lrkH8bA8W7kC3GK4CctGrFO7.E2va7kSgF3eQXNWYQee.:15758:0:99999:7:::
提取其中的哈希值
$6$xyz$ZGQOqL77wiYAgPxsNEv2Kz3INjzK4JdG29RbaHaW5lrkH8bA8W7kC3GK4CctGrFO7.E2va7kSgF3eQXNWYQee.
可以确定哈希类型为
| Hash-Mode | Hash-Name |
|---|---|
| 1800 | sha512crypt $6$, SHA512 (Unix) |
使用 hashcat 进行爆破
PS D:\_Tool\hashcat-6.2.6> .\hashcat.exe -d 2 -O -a 0 -m 1800 .\hash.txt .\dics\rockyou.txt
hashcat (v6.2.6) starting
Dictionary cache built:
* Filename..: .\dics\rockyou.txt
* Passwords.: 14344392
* Bytes.....: 139921507
* Keyspace..: 14344385
* Runtime...: 1 sec
$6$xyz$ZGQOqL77wiYAgPxsNEv2Kz3INjzK4JdG29RbaHaW5lrkH8bA8W7kC3GK4CctGrFO7.E2va7kSgF3eQXNWYQee.:reddragon
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 1800 (sha512crypt $6$, SHA512 (Unix))
Hash.Target......: $6$xyz$ZGQOqL77wiYAgPxsNEv2Kz3INjzK4JdG29RbaHaW5lrk...WYQee.
Time.Started.....: Fri Feb 02 22:14:22 2024 (0 secs)
Time.Estimated...: Fri Feb 02 22:14:22 2024 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (.\dics\rockyou.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#2.........: 87718 H/s (8.98ms) @ Accel:1024 Loops:128 Thr:32 Vec:1
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 32780/14344385 (0.23%)
Rejected.........: 12/32780 (0.04%)
Restore.Point....: 0/14344385 (0.00%)
Restore.Sub.#2...: Salt:0 Amplifier:0-1 Iteration:4992-5000
Candidate.Engine.: Device Generator
Candidates.#2....: 123456 -> disneyworld
Hardware.Mon.#2..: Temp: 51c Util: 99% Core:1845MHz Mem:6000MHz Bus:8
flag
HMV{reddragon}