Seems I’ve run into a snag when attempting to complete this challenge. Now, I’ve tested this on Kali Linux and macOS, and in both cases, I keep running into the same issue. First, I’ll post the actual challenge information below with screenshots. The challenge question asks, “What is the plaintext password of the user’s password?” Now, this is for the given shadow file they provide you.
The line we’re working with is line 58: this displays the user, salt, and hash of the password along with the datestamp at the end. Let’s first get a few things in line regarding what this is using for its password list. This challenge uses the rockyou.txt file. To make this post shorter, I’ve used the cut command to show only the actual hash needed, since hashcat seems to be having issues parsing the data correctly. At first, I was using the entire line with the username and used the “–username” flag to try and run the command, which failed, which led me to use the cut command: “cut -d: -f1 /Users/hbx/Downloads/rockyou.txt-master/shadow.txt > /Users/hbx/Downloads/rockyou.txt-master/just_hash.txt” (NOTE: Yes I know that -f1 only extracts the username and -f2 is for extracting the hash, but issue is presistent and I’ve checked the text file and confirmed the hash is present.)
So now we have just the hash itself, with no other spaces or edits in the text file. And here is where I’m running into the same issue with both Kali Linux and macOS. I’ll provide screenshots below, but the error states “Separator unmatched,” which is caused by having to use the “–username” flag with Hashcat. I’ve run into a crossroads with this specific issue and will continue fiddling and researching further… as this is now happening on Kali and macOS…. (I’ve tried using different variations of flags for Hashcat and still get the same issue)
UPDATE: I was able to confirm what I thought was the issue originally but since last night it was late no one was around on the CyberSkyline Discord channel to ask, so I asked today and they confirmed what I was thinking was the issue, which is that Hashcat doesn’t support Yescrypt but it seems John does, and I’ll be attempting again this challenge with John instead.
I was able to use John on the Kali VM to get the password; everything went well, though it took a few hours to run on my NAS.
