# Level01

The encrypted flag is in the file `/etc/passwd`

when we see in the file we can see a strange line :

```bash
level01@SnowCrash:~$ cat /etc/passwd
             ...
flag01:42hDRfypTqqnw:3001:3001::/home/flag/flag01:/bin/bash
             ...
```

and here we can see the an encrypted string **42hDRfypTqqnw**

{% hint style="info" %}
According to John The Ripper it is a DES encryption
{% endhint %}

We can use [**John The Ripper**](https://tools.kali.org/password-attacks/john) to decode this string.

To decrypt the string we save it in a file and use john the ripper to decode it.

```bash
echo "42hDRfypTqqnw" > pass
john pass --show
```

and it will give us the following result:

```bash
?:abcdefg

1 password hash cracked, 0 left
```

Thus revealing the decrypted flag : **abcdefg**

{% hint style="info" %}
John the ripper is not provided on the Snow Crash ISO so you should use john in an other OS
{% endhint %}

Now that we have the flag we can now login to `flag01` account and get the password for `level02` account.

```bash
## Use the decrypted password to login to flag01 account
level01@SnowCrash:~$ su flag01
Password: abcdefg

## Get the password for level02
flag01@SnowCrash:~$ getflag
Check flag.Here is your token : f2av5il02puano7naaf6adaaf
```

### Password for next level

The Password to connect to the account **level02** is `f2av5il02puano7naaf6adaaf`

### Command summery

```bash
## Get the file list accessible only by the level00 user
level01@SnowCrash:~$ cat /etc/passwd

## save the string in a file and use john to crac
## the encryption (use the command in a device where
## john is installed)
$> echo "42hDRfypTqqnw" > pass
$> john pass --show
?:abcdefg

1 password hash cracked, 0 left

## Use the decrypted password to login to flag01 account
level01@SnowCrash:~$ su flag01
Password: abcdefg

## Get the password for level02
flag01@SnowCrash:~$ getflag
Check flag.Here is your token : f2av5il02puano7naaf6adaaf

```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://suddin.gitbook.io/snow-crash/level01.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.