๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
  • Tried. Failed. Logged.
๐ŸดCTF/DreamHack

DreamHack - [wargame.kr] crack crack crack it ํ’€์ด

by Janger 2023. 9. 9.
728x90

htpassswd

blueh4g:$1$SVXyqAwy$iMW9SbLyUd1v6Fen7mNUe0

๋ณด์ž๋งˆ์ž shadow ํŒŒ์ผ์ด ๋– ์˜ฌ๋ž์œผ๋ฉฐ [username]:[$password_id]:[$salt]:[$encrypted_password] ์ผ ๊ฒƒ์ด๋ผ๊ณ  ์ƒ๊ฐํ–ˆ๋‹ค. ์ฒซ ๋ฒˆ์งธ ํ•„๋“œ $1์€ MD5๋ฅผ ๋‚˜ํƒ€๋‚ธ๋‹ค.

๋ฌธ์ œ์—์„œ ํŒจ์Šค์›Œ๋“œ๊ฐ€ ์ฒ˜์Œ์—๋Š” G4HeulB๋กœ ์‹œ์ž‘ํ•˜๋ฉฐ ์•ŒํŒŒ๋ฒณ ์†Œ๋ฌธ์ž์™€ ์ˆซ์ž๋“ค๋กœ ๊ตฌ์„ฑ ๋๋‹ค๊ณ  ์–ธ๊ธ‰ํ–ˆ๋‹ค.

์šฐ์„  ํŒจ์Šค์›Œ๋“œ ํฌ๋ž™ ๋„๊ตฌ์ธ john์„ ์‚ฌ์šฉ์„ ํ–ˆ์œผ๋ฉฐ mask ์˜ต์…˜์„ ์‚ฌ์šฉํ•˜์—ฌ ์›ํ•˜๋Š” ๋ฌธ์ž๋กœ ์ด๋ฃจ์–ด์ง„ ์ž„์˜์˜ ํŒจ์Šค์›Œ๋“œ๋ฅผ ์ƒ์„ฑํ•ด brute forcing ํ•˜์˜€๋‹ค.

john htpasswd -1=[0-9a-z] --mask='G4HeulB?1' --max-length=11

๋ช‡ ์ดˆ ์ง€๋‚˜์ง€ ์•Š์•„ ๋ฐ”๋กœ ํฌ๋ž˜ํ‚น์ด ์„ฑ๊ณต๋˜์—ˆ์œผ๋ฉฐ, ๋งŒ์•ฝ john์„ ๋‹ค์‹œ ๋Œ๋ฆฌ๊ณ  ์‹ถ๋‹ค๋ฉด rm -rf ~/.john/john.pot ๋ช…๋ น์–ด๋กœ john.pot์„ ์ง€์›Œ์•ผ ํ•œ๋‹ค.

reference

https://github.com/openwall/john/blob/bleeding-jumbo/doc/MASK

728x90

'๐ŸดCTF > DreamHack' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€

DreamHack - funjs ํ’€์ด  (0) 2023.09.09
DreamHack - [wargame.kr] tmitter ํ’€์ด  (0) 2023.09.09
DreamHack - broken-png ํ’€์ด  (0) 2023.09.08
DreamHack - phpreg ํ’€์ด  (0) 2023.09.08
DreamHack - out_of_boundary ํ’€์ด  (0) 2023.09.08

๊ด€๋ จ๊ธ€

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”