some arbitrary website

[Altoidnerd]

I actually have a question about the second challenge, but did not know where to reach you. Who may I ask?

-A

[marcusball]

Yeah, the repo for the website is on my github, but here is fine. What would you like to ask?

[Altoidnerd]

I was able to make cewl create a custom wordlist, so I guess use john...but are we to use the same passwd and shadow files as the first? Or try to pull them off the server?

[marcusball]

No, for the website the hashes are separate from the first challenge.

I mostly intended you to pull them off the server. There are a few different methods of trying to get in. For one, I added in a hint of a 'guest' account. You should be able to use the 10000 password wordlist with Hydra and HTTP Digest auth (http://is.gd/3AlwXG) to break into that account. From there, you should be able to find a list of the remaining hashes. If you want to skip hydra, I tried to drop a few hints to maybe help you simply find the passwd file on the server without having to log in first.

After you get the hashes, you'll want to separate the salts and sha1 hashes into separate files and include the salts using the hashcat "-e [salt_file]" option. I assume john also has a salt file option, so you'd just want to use that.

The hashes are also formatted in the pattern sha1($salt.$hash) (which is mode 120 in hashcat, don't know about john).