Hashcat runs, showing a brief help message, as shown below.
sudo apt update sudo apt install hashcat -y hashcat
At the "Enter new UNIX password" enter a password of password
sudo adduser jose
At the "Retype new UNIX password" enter a password of password
Press Enter to accept defaults for the other options, as shown below:
The password hash for jose appears, as shown below (your hash will be different):
sudo tail -n 1 /etc/shadow
In my example, the SALT is NArMeZ5Qr9Vtn8T0
As you can see, Debian 10 Linux uses SHA-512 hashes, with the default value of 5000 rounds:
sudo grep -A 18 ENCRYPT_METHOD /etc/login.defs
In the nano text editor, carefully delete the username jose and the colon after it, and all the numbers at the end of the file, including all the colons., leaving only the hash, as shown below:
sudo tail -n 1 /etc/shadow > crack1.hash nano crack1.hash
Press Ctrl+X, Y, Enter to save the file.
As shown below, this file contains over 128,000 words, including the correct password of "password":
sudo apt install wget -y wget https://github.com/hashcat/hashcat/raw/master/example.dict head example.dict tail example.dict grep password example.dict wc -l example.dict
Explanation: This uses hashcat with these options:
sudo hashcat --force -m 1800 -a 0 -o found1.txt --remove crack1.hash example.dict
After a few seconds, press Enter.
Hashcat shows that it has made some progress. When I did it, it was 16% through the wordlist, as shown below.
After a few minutes, hashcat will find the password and stop, as shown below.
To see the password, execute this command:
H 520.1: Status (10 pts)The flag is covered by a green rectangle in the image above.
The password appears at the end of the line, after the hash, as shown below.
sudo cat found1.txt
You should see four password hashes, as shown below:
wget https://samsclass.info/123/proj10/crack2.hash cat crack2.hash
H 520.2: P-Password (10 pts)Crack the hashes using the same wordlist. One of the passwords begins with the letter "p". That password is the flag.
If you're waiting for 20 minutes, you're doing it the hard way.
H 520.3: S-Password (10 pts)Crack the hashes using the same wordlist. One of the passwords begins with the letter "s". That password is the flag.
Crack them to find the flags, as shown below.
wagner:"":"":AAD3B435B51404EEAAD3B435B51404EE:4F2D47B681C9FCFFBE11ED6E9F7DF1BA waldo:"":"":AAD3B435B51404EEAAD3B435B51404EE:76BF100CEA9B9F7B9E0C78419998AE1B walter:"":"":AAD3B435B51404EEAAD3B435B51404EE:A60E7EB7B49FD0C2E7DD4739FF2AE76B
H 520.4: Word (10 pts)One of the passwords is in the example wordlist, like "password". That password is the flag.
H 520.5: Word Plus Digit (10 pts)One of the passwords is a word in the example wordlist with a digit added to it, like "password1".
That password is the flag.
H 520.6: Wordlist (10 pts)One of the passwords is a word in the example wordlist with two digits added to it, like "password11".
That password is the flag.
How To Use hashcat On CPU Only