How are passwords stored in Linux (/etc/shadow)

Let’s take,  from /etc/shadow file:

From the above shown example entry, our topic of interest is the second field(the field with the encoded hash of the password).

$6$lzI56fap$jrSiosb1PF.37iQ2MNKMBBOSkdKyaUpaQlqzbYqZzJ1crEWQArX4keATupJda2S5KvaTGy6sLykD18zaDE50h0

The above shown encoded hash value can be further classified into three different fields as below.

1. The first field is a numerical number that tell’s you the hashing algorithm that’s being used.

  • $1=MD5 hashing Algorithm
  • $2=Blowfish Algorithm
  • $2a=eksblowfish Algorithm
  • $5=SHA-256 Algorithm
  • $6=SHA-512 Algorithm

2. The second field is the salt value

Salt value is nothing but a random data that’s generated to combine with the original password, inorder to increase the strength of the hash..

3.The last field is the hash value of salt+user password.

So in our example entry of root, as shown below:

$6$lzI56fap$jrSiosb1PF.37iQ2MNKMBBOSkdKyaUpaQlqzbYqZzJ1crEWQArX4keATupJda2S5KvaTGy6sLykD18zaDE50h0

The above shown encoded password is using SHA-512 hashing algorithm (because the of $6$)

Salt value is lzI56fap (the content between the second and third $ sign).

CTF365.com VPN in Kali 2.0

Open terminal and type:

apt-get -y install network-manager-openvpn network-manager-openvpn-gnome

Download the other files in your ctf365 account to machine.

Now go to Settings -> Network -> + -> VPN -> Import from file -> Select file config.conf

Copy the user name and password (from user-pass.txt file) to their places in the Add Network Connection window.

Now is ready to connect, turn this on and wait to confirm is connected (It is a lot).

(If you need to, run ‘update-resolv-conf.bash’ script…)

The Bright Goat Java Webshell…

WSH is Web-SHell written in Java; it is a web application that acts like a shell (and as a file manager too). It also gives you a way to open a backdoor on the target (if you have special needs).
You should deploy it as a common application in the Application Server management console (Tomcat Manager, Weblogic Console, SunAS console, etc…). The application consist in a single web page.

Download