Homemade CTF Challenge: 06 "I lost my password!"

John Hammond · Intermediate ·🔐 Cybersecurity ·9y ago

Key Takeaways

Solves the Homemade CTF Challenge 06 'I lost my password!' using password cracking techniques

Full Transcript

hello everyone welcome back to another simple and short video uh explaining and depicting how I created and solved some of the challenges that I put together for a local Capture the Flag competition for uh my school cyber team so uh I'm actually going to skip over the exor challenge because the way that I intended this to be solved was with a tool that we created inhouse um so I don't I don't I don't think I'll actually just demonstrate the one for you we'll just hop on over it and we'll move on to the I lost my password challenge so this one's pretty simple um it says okay oh no I've lost my password can you help me retrieve it and this actually isn't in the usual flag format it's just the password so you'd note here that we have a big Etc Shadow or Etc uh Etc password file um and it's actually already unshadowed for us Etc Shadow doesn't hide the hash with a star we see the full hash of this user John which is meant to be a hint that oh you should be using the John the Ripper utility to actually go ahead and solve this so um we would actually go ahead and download this I'll hop over to my terminal to kind of explain how we run through it so I'll HP over to I lost my password and there's our hashes so what I would end up doing is actually using John the Ripper which if you have not heard of him uh I recommend doing some research because the whole point of the CTF was to show off um John the Ripper as the password cracker so so other individuals get to know this tool and know that it exists and how to use it that kind of thing so um we do want to be able to crack the password and we're going to do a dictionary attack because a Brute Force attack is very long it would make more sense to initially use a dictionary file so uh that was the tactic that I wanted them to kind of hopefully figure out but the way we end up using a dictionary file with John is actually using a word list which I think we denote with dasl or Dash list maybe yeah word list so you can use the word list and we I'm going to set that equal to where I store The Rock you. text file and then I just give it the hashes and looks like it already created this I might have it in my home folder on let's just remove those so now I'd be able to run the program just fine and it's got to be in dictionary files that's where I actually store the rocku text file and if you haven't heard if you haven't seen it or heard of it before John the Ripper dictionary files one of those sites that I ended up seeing on sack overflow they note that Rowan boughs has a lot of good password lists and I think they say that rock you. text is pretty much the best list available you probably can't see that it's super small but it's huge and it's stolen unencrypted stuff so all right so John the Ripper is finished and it's noted that white rose is the password so just is a simple brute force uh not not not Brute Force but a a dictionary attack on it so white rose would be the password of the user which we just managed to uh crack and we would submit that as our flag and we get that 100 points awesome so super easy again simple stuff just wanting to show off those tools like John the Ripper and how to use them and so the individual will suffer for a little bit if they've never seen it before and figure it out so uh and hopefully learn something in that process okay thanks for watching everyone I'll see you in the next video

Original Description

If you would like to support me, please like, comment & subscribe, and check me out on Patreon: https://patreon.com/johnhammond010 E-mail: johnhammond010@gmail.com PayPal: http://paypal.me/johnhammond010 GitHub: https://github.com/JohnHammond Site: http://www.johnhammond.org Twitter: https://twitter.com/_johnhammond
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from John Hammond · John Hammond · 39 of 60

1 Code Commentaries? PHP to JavaScript in Bash and PHP!
Code Commentaries? PHP to JavaScript in Bash and PHP!
John Hammond
2 Tutorials? MySQL connection with PHP and Bash!
Tutorials? MySQL connection with PHP and Bash!
John Hammond
3 Variable Naming in Python! Happy Birthday, Linux! Nokia N900!
Variable Naming in Python! Happy Birthday, Linux! Nokia N900!
John Hammond
4 JavaScript Splits The URL!
JavaScript Splits The URL!
John Hammond
5 HTML Tables in Python!
HTML Tables in Python!
John Hammond
6 HTML, Net Shares, GML!
HTML, Net Shares, GML!
John Hammond
7 Python 08 Programming Style and Comments
Python 08 Programming Style and Comments
John Hammond
8 Python 26 Object Oriented Programming
Python 26 Object Oriented Programming
John Hammond
9 75 Python Tutorials, Out Now!
75 Python Tutorials, Out Now!
John Hammond
10 Batch 14 Mathematical Expressions
Batch 14 Mathematical Expressions
John Hammond
11 Batch 85 Array Append
Batch 85 Array Append
John Hammond
12 Batch 86 Array Count
Batch 86 Array Count
John Hammond
13 Batch 87 Array Index
Batch 87 Array Index
John Hammond
14 Batch 88 Array Insert
Batch 88 Array Insert
John Hammond
15 Batch 89 Array Remove
Batch 89 Array Remove
John Hammond
16 Batch 90 Array Reverse
Batch 90 Array Reverse
John Hammond
17 Python [colorama] 00 Installing on Linux
Python [colorama] 00 Installing on Linux
John Hammond
18 Python [colorama] 09 Cursor Position
Python [colorama] 09 Cursor Position
John Hammond
19 Python [hashlib] 02 Algorithms
Python [hashlib] 02 Algorithms
John Hammond
20 Python 00 Installing IDLE on Linux
Python 00 Installing IDLE on Linux
John Hammond
21 Python [pygame] 11 Rectangular Collision Detection
Python [pygame] 11 Rectangular Collision Detection
John Hammond
22 Python [pygame] 12 Platforming Rectangular Collision Resolution
Python [pygame] 12 Platforming Rectangular Collision Resolution
John Hammond
23 Python [XML-RPC] 01 Research
Python [XML-RPC] 01 Research
John Hammond
24 Python [pyenchant] 03 Personal Word Lists
Python [pyenchant] 03 Personal Word Lists
John Hammond
25 FancyURLopener Authentication and User-Agent [urllib] 03
FancyURLopener Authentication and User-Agent [urllib] 03
John Hammond
26 Python 04: PEP8 Coding
Python 04: PEP8 Coding
John Hammond
27 Python Challenge! 17 COOKIES
Python Challenge! 17 COOKIES
John Hammond
28 Google CTF 2016: Ernst Echidna
Google CTF 2016: Ernst Echidna
John Hammond
29 Google CTF 2016: Spotted Quoll
Google CTF 2016: Spotted Quoll
John Hammond
30 Google CTF 2016: Can you Repo It?
Google CTF 2016: Can you Repo It?
John Hammond
31 Google CTF 2016: No Big Deal
Google CTF 2016: No Big Deal
John Hammond
32 Google CTF 2016: In Recorded Conversation
Google CTF 2016: In Recorded Conversation
John Hammond
33 Homemade CTF Challenge: 01 "Orchestra"
Homemade CTF Challenge: 01 "Orchestra"
John Hammond
34 Homemade CTF Challenge: 02 "Bae's Base"
Homemade CTF Challenge: 02 "Bae's Base"
John Hammond
35 Homemade CTF Challenge: 03 "Web Hunt"
Homemade CTF Challenge: 03 "Web Hunt"
John Hammond
36 Homemade CTF Challenge: 04 "UPX"
Homemade CTF Challenge: 04 "UPX"
John Hammond
37 Homemade CTF Challenge: 05 "The Assumption Song"
Homemade CTF Challenge: 05 "The Assumption Song"
John Hammond
38 Homemade CTF Challenge: 06 "A Brisk Stroll"
Homemade CTF Challenge: 06 "A Brisk Stroll"
John Hammond
Homemade CTF Challenge: 06 "I lost my password!"
Homemade CTF Challenge: 06 "I lost my password!"
John Hammond
40 web25 :: Mr. Robot : EKOPARTY CTF 2016
web25 :: Mr. Robot : EKOPARTY CTF 2016
John Hammond
41 web50 : RFC 7230 :: EKOPARTY CTF 2016
web50 : RFC 7230 :: EKOPARTY CTF 2016
John Hammond
42 misc50 : Hidden inside EKO :: EKOPARTY CTF 2016
misc50 : Hidden inside EKO :: EKOPARTY CTF 2016
John Hammond
43 Hack The Vote 2016 CTF: Sander's Fan Club [web100]
Hack The Vote 2016 CTF: Sander's Fan Club [web100]
John Hammond
44 Hack The Vote 2016 CTF Warpspeed [forensics150]
Hack The Vote 2016 CTF Warpspeed [forensics150]
John Hammond
45 Juniors CTF 2016 :: Black Suprematic Square
Juniors CTF 2016 :: Black Suprematic Square
John Hammond
46 Juniors CTF 2016 :: Six Strange Tales
Juniors CTF 2016 :: Six Strange Tales
John Hammond
47 Juniors CTF 2016 :: Lost Code
Juniors CTF 2016 :: Lost Code
John Hammond
48 Juniors CTF 2016 :: Here Goes!
Juniors CTF 2016 :: Here Goes!
John Hammond
49 Juniors CTF 2016 :: Southern Cross
Juniors CTF 2016 :: Southern Cross
John Hammond
50 Juniors CTF 2016 :: Clone Attack
Juniors CTF 2016 :: Clone Attack
John Hammond
51 Juniors CTF 2016 :: Dirty Repo
Juniors CTF 2016 :: Dirty Repo
John Hammond
52 Juniors CTF 2016 :: Hackers Blog
Juniors CTF 2016 :: Hackers Blog
John Hammond
53 Juniors CTF 2016 :: Voting!!!
Juniors CTF 2016 :: Voting!!!
John Hammond
54 Juniors CTF 2016 :: The Good, The Bad and The Junkman
Juniors CTF 2016 :: The Good, The Bad and The Junkman
John Hammond
55 Juniors CTF 2016 :: Stop Thief!
Juniors CTF 2016 :: Stop Thief!
John Hammond
56 Juniors CTF 2016 :: ROFL
Juniors CTF 2016 :: ROFL
John Hammond
57 Juniors CTF 2016 :: Restriced Area
Juniors CTF 2016 :: Restriced Area
John Hammond
58 Juniors CTF 2016 :: Oh SSH!
Juniors CTF 2016 :: Oh SSH!
John Hammond
59 HackCon CTF 2017 TRIVIA and BONUS Challenges
HackCon CTF 2017 TRIVIA and BONUS Challenges
John Hammond
60 HackCon CTF 2017 "Bacche" Challenges
HackCon CTF 2017 "Bacche" Challenges
John Hammond

Related Reads

📰
The Honeypot That Lied: Diagnosing a Silent 12-Day Telemetry Gap
Learn to diagnose a silent 12-day telemetry gap in a honeypot system and understand the importance of continuous monitoring in cybersecurity
Medium · Cybersecurity
📰
Can Hackers Sniff Wi-Fi from the Toilet?
Learn how hackers can exploit Wi-Fi vulnerabilities and ways to protect your network
Medium · Cybersecurity
📰
FBI Disrupts Major Botnet & Proxy Network Amidst Fresh Crypto Innovation
Learn how the FBI disrupted a major botnet and proxy network, and understand the implications for crypto innovation and cybersecurity
Dev.to AI
📰
Why Digital Privacy Matters More Than Ever in 2026
Learn why digital privacy is crucial in 2026 and how to protect yourself from data breaches and cyber threats
Medium · Cybersecurity
Up next
Why Cyber security is important for your SEO
Menerva Digital
Watch →