Rating:

The challenge simple provides a text file:

```
sys:$1$fUX6BPOt$Miyc3UpOzQJqz4s5wFD9l0:14742:0:99999:7:::
sys:x:3:3:sys:/dev:/bin/sh
```

This is clearly the shadow file (this is where passwords are stored in linux machines), so all there is to do iis to decrypt the hash.
By the hash's sugnature ($1$), I could determine that this is a MD5-crypt hash.

I wrote the following python script in order to brute force the password:

```
from passlib.hash import md5_crypt
import time

def check_md5_crypt(passwd, h):
return md5_crypt.verify(passwd, h)

HASH = "$1$fUX6BPOt$Miyc3UpOzQJqz4s5wFD9l0"

#get a list of the possible passwords
passwords_file = open("../../rockyou.txt", 'r', encoding='latin-1')
passwords = []
for password in passwords_file:
p = password.strip()
passwords.append(p)

print ("Starting...")
start = time.time()
for pwd in passwords:
if check_md5_crypt(pwd, HASH):
print ("==================\n"
f"{HASH} ===> {pwd}\n"
"==================")
print (f"It took {time.time() - start} seconds to crack this hash")
exit()

print ("Couldn't crack this hash. Try a better dictionary")
```

After running the script, I immediately got a hit!
Output:

Starting...

.==================

$1$fUX6BPOt$Miyc3UpOzQJqz4s5wFD9l0 ===> batman

.==================

It took 0.2066807746887207 seconds to crack this hash

flag: Trollcat{batman}