Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
28 lines (16 sloc) 749 Bytes

Nebula level06


Call getflag with the flag06 account.


The flag06 account was created on a legacy Unix system.


On old Unix systems, the OS stored a hash of the password in /etc/passwd. Now, the OS only stores an 'x' in that file, and shadows the password hashes into another file.

In this case, displaying the contents of /etc/passwd gives:


We can use a password cracker to get a password with that hash. This particular password cracker tells us that the password for the flag06 account is hello. Now we can log into the flag06 account and execute getflag.