Unix 20
This exercise is one of our challenges to help you learn more about Unix/Linux
This challenge involves gaining access to a system by exploiting issues with the MySQL system account. The user 'mysql' has a trivial password and a valid shell, allowing you to log in as this user. Once logged in, you can access the MySQL root password by using the strings
command on the file /var/lib/mysql/mysql/user.MYD
. The password is split into two parts and needs to be concatenated before cracking it with the jumbo patch version of John the Ripper.
The challenge emphasizes understanding and exploiting weak system configurations, such as using trivial passwords and improper account restrictions. After cracking the MySQL root password, you can log in to the MySQL database and retrieve the password for the 'admin' user, which serves as the key for completing the challenge. Ensuring you have the correct version of John the Ripper is crucial for cracking the password successfully.