This level is comparatively easy. We have only a clue in this level -> “The flag06 account credentials came from a legacy unix system”. So i google’d about it and found a very interesting website -> http://www.governmentsecurity.org/articles/crack-unix-linux-passwords.html. In this link its is clearly written how to crack the encoded passwords stored in
/etc/password. I followed the steps given in it.
1. I installed John The Ripper in my local linux box
2. Copied the
"flag06:ueqwOCnSGdsuM:993:993::/home/flag06:/bin/sh" to a text file.
3. Ran the john with the text file as the argument and got the encoded password from the file.
I logged in to flag06 using the password that John found and then ran getflag command.