# Level01

The encrypted flag is in the file `/etc/passwd`

when we see in the file we can see a strange line :

```bash
level01@SnowCrash:~$ cat /etc/passwd
             ...
flag01:42hDRfypTqqnw:3001:3001::/home/flag/flag01:/bin/bash
             ...
```

and here we can see the an encrypted string **42hDRfypTqqnw**

{% hint style="info" %}
According to John The Ripper it is a DES encryption
{% endhint %}

We can use [**John The Ripper**](https://tools.kali.org/password-attacks/john) to decode this string.

To decrypt the string we save it in a file and use john the ripper to decode it.

```bash
echo "42hDRfypTqqnw" > pass
john pass --show
```

and it will give us the following result:

```bash
?:abcdefg

1 password hash cracked, 0 left
```

Thus revealing the decrypted flag : **abcdefg**

{% hint style="info" %}
John the ripper is not provided on the Snow Crash ISO so you should use john in an other OS
{% endhint %}

Now that we have the flag we can now login to `flag01` account and get the password for `level02` account.

```bash
## Use the decrypted password to login to flag01 account
level01@SnowCrash:~$ su flag01
Password: abcdefg

## Get the password for level02
flag01@SnowCrash:~$ getflag
Check flag.Here is your token : f2av5il02puano7naaf6adaaf
```

### Password for next level

The Password to connect to the account **level02** is `f2av5il02puano7naaf6adaaf`

### Command summery

```bash
## Get the file list accessible only by the level00 user
level01@SnowCrash:~$ cat /etc/passwd

## save the string in a file and use john to crac
## the encryption (use the command in a device where
## john is installed)
$> echo "42hDRfypTqqnw" > pass
$> john pass --show
?:abcdefg

1 password hash cracked, 0 left

## Use the decrypted password to login to flag01 account
level01@SnowCrash:~$ su flag01
Password: abcdefg

## Get the password for level02
flag01@SnowCrash:~$ getflag
Check flag.Here is your token : f2av5il02puano7naaf6adaaf

```