Misc - 005

备注

created by || bit

⏲️ Release Date // 2022-03-04

💀 Solvers // 369

🧩 Type // misc

Hey! I got the /etc/shadow file from the machine, but I don't know how to crack the root password.
I think it is the flag in HMV{rootpassword} format.

得到的 shadow 文件内容

root:$6$xyz$ZGQOqL77wiYAgPxsNEv2Kz3INjzK4JdG29RbaHaW5lrkH8bA8W7kC3GK4CctGrFO7.E2va7kSgF3eQXNWYQee.:15758:0:99999:7:::

提取其中的哈希值

$6$xyz$ZGQOqL77wiYAgPxsNEv2Kz3INjzK4JdG29RbaHaW5lrkH8bA8W7kC3GK4CctGrFO7.E2va7kSgF3eQXNWYQee.

可以确定哈希类型为

Hash-Mode	Hash-Name
1800	sha512crypt $6$, SHA512 (Unix)

使用 hashcat 进行爆破

PS D:\_Tool\hashcat-6.2.6> .\hashcat.exe -d 2 -O -a 0 -m 1800 .\hash.txt .\dics\rockyou.txt
hashcat (v6.2.6) starting

Dictionary cache built:
* Filename..: .\dics\rockyou.txt
* Passwords.: 14344392
* Bytes.....: 139921507
* Keyspace..: 14344385
* Runtime...: 1 sec

$6$xyz$ZGQOqL77wiYAgPxsNEv2Kz3INjzK4JdG29RbaHaW5lrkH8bA8W7kC3GK4CctGrFO7.E2va7kSgF3eQXNWYQee.:reddragon

Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 1800 (sha512crypt $6$, SHA512 (Unix))
Hash.Target......: $6$xyz$ZGQOqL77wiYAgPxsNEv2Kz3INjzK4JdG29RbaHaW5lrk...WYQee.
Time.Started.....: Fri Feb 02 22:14:22 2024 (0 secs)
Time.Estimated...: Fri Feb 02 22:14:22 2024 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (.\dics\rockyou.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#2.........:    87718 H/s (8.98ms) @ Accel:1024 Loops:128 Thr:32 Vec:1
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 32780/14344385 (0.23%)
Rejected.........: 12/32780 (0.04%)
Restore.Point....: 0/14344385 (0.00%)
Restore.Sub.#2...: Salt:0 Amplifier:0-1 Iteration:4992-5000
Candidate.Engine.: Device Generator
Candidates.#2....: 123456 -> disneyworld
Hardware.Mon.#2..: Temp: 51c Util: 99% Core:1845MHz Mem:6000MHz Bus:8

flag

HMV{reddragon}

Misc - 005

flag​

flag