Level01

What's that in /etc/passwd

The encrypted flag is in the file /etc/passwd

when we see in the file we can see a strange line :

level01@SnowCrash:~$ cat /etc/passwd
             ...
flag01:42hDRfypTqqnw:3001:3001::/home/flag/flag01:/bin/bash
             ...

and here we can see the an encrypted string 42hDRfypTqqnw

According to John The Ripper it is a DES encryption

We can use John The Ripper to decode this string.

To decrypt the string we save it in a file and use john the ripper to decode it.

echo "42hDRfypTqqnw" > pass
john pass --show

and it will give us the following result:

?:abcdefg

1 password hash cracked, 0 left

Thus revealing the decrypted flag : abcdefg

John the ripper is not provided on the Snow Crash ISO so you should use john in an other OS

Now that we have the flag we can now login to flag01 account and get the password for level02 account.

## Use the decrypted password to login to flag01 account
level01@SnowCrash:~$ su flag01
Password: abcdefg

## Get the password for level02
flag01@SnowCrash:~$ getflag
Check flag.Here is your token : f2av5il02puano7naaf6adaaf

Password for next level

The Password to connect to the account level02 is f2av5il02puano7naaf6adaaf

Command summery

## Get the file list accessible only by the level00 user
level01@SnowCrash:~$ cat /etc/passwd

## save the string in a file and use john to crac
## the encryption (use the command in a device where
## john is installed)
$> echo "42hDRfypTqqnw" > pass
$> john pass --show
?:abcdefg

1 password hash cracked, 0 left

## Use the decrypted password to login to flag01 account
level01@SnowCrash:~$ su flag01
Password: abcdefg

## Get the password for level02
flag01@SnowCrash:~$ getflag
Check flag.Here is your token : f2av5il02puano7naaf6adaaf