Hmm what did I do wrong? Oh, lets try to sudo first and see if that works
There it is. The password for root. Pretty clear isnt it? Wait, its encrypted. Of course. Lets take a look at the different fields in the shadow file, focusing just on root. Each field is separated by a colon :
Login name
Encrypted password
Days since Jan 1 1970 that the password was last changed
Days before password may be changed
Days after which password must be changed
Days before password is to expire that the user is warned
Days after password expires that the account is disabled
Days since Jan 1 1970 that account disabled
A reserve field
Now I copied the entire field for root and pasted it into Kate. Im sure you could download the shadow file to your attacking pc, but this was easier
Now that I have the encrypted password for root I needed a way to decrypt it. I used John for this
And there we go. We now have the root password for our target machine
No comments:
Post a Comment