Find the IDIOT user (felicity breakin 2016) writeup

1 minute read

You can find the material for this task here

In This problem, I am given a zipped folder and told that there is an idiot user. Not enough information is provided.

After I had unzipped the folder I noticed 2 things: 1- The folder size is too small 2- It has a form that resembles Linux’s root directory

So I explored the folders and deleted empty directories until I found something interesting. I found the shadow file in there. Bingo! I almost understood how to figure who the idiot user is. Ofcourse, he is the one who uses a weak password that can be cracked. I immediately downloaded “John the Ripper”. I ran john --fork=4 shadow.

After a few minutes of the dictionary attack on the 7 hashes found, I guessed the password of the user “johan” (dragon1) and it was the required flag.


Leave a Comment