How are passwords stored in Linux (/etc/shadow)

Let’s take,  from /etc/shadow file:

From the above shown example entry, our topic of interest is the second field(the field with the encoded hash of the password).


The above shown encoded hash value can be further classified into three different fields as below.

1. The first field is a numerical number that tell’s you the hashing algorithm that’s being used.

  • $1=MD5 hashing Algorithm
  • $2=Blowfish Algorithm
  • $2a=eksblowfish Algorithm
  • $5=SHA-256 Algorithm
  • $6=SHA-512 Algorithm

2. The second field is the salt value

Salt value is nothing but a random data that’s generated to combine with the original password, inorder to increase the strength of the hash..

3.The last field is the hash value of salt+user password.

So in our example entry of root, as shown below:


The above shown encoded password is using SHA-512 hashing algorithm (because the of $6$)

Salt value is lzI56fap (the content between the second and third $ sign). VPN in Kali 2.0

Open terminal and type:

apt-get -y install network-manager-openvpn network-manager-openvpn-gnome

Download the other files in your ctf365 account to machine.

Now go to Settings -> Network -> + -> VPN -> Import from file -> Select file config.conf

Copy the user name and password (from user-pass.txt file) to their places in the Add Network Connection window.

Now is ready to connect, turn this on and wait to confirm is connected (It is a lot).

(If you need to, run ‘update-resolv-conf.bash’ script…)

The Bright Goat Java Webshell…

WSH is Web-SHell written in Java; it is a web application that acts like a shell (and as a file manager too). It also gives you a way to open a backdoor on the target (if you have special needs).
You should deploy it as a common application in the Application Server management console (Tomcat Manager, Weblogic Console, SunAS console, etc…). The application consist in a single web page.