So we just get a sha1 :
05d3693c0781227771b97a9e3cf972d44c2d4439 and the hint that ‘the first char is a digit’.
After a quick check on online database, it looks like we need to crack it.
First hope there is no special char, and try only uppercase/lowercase/digits.
We run JTR with custom mask and some threads:
$ echo 'admin:05d3693c0781227771b97a9e3cf972d44c2d4439 > hash' $ ./john -max-len=10 -mask="?d[a-zA-Z0-9]" --format=Raw-SHA1 --fork=32 hash
And after some time:
$ ./john --show hash admin:1stOrder 1 password hash cracked, 0 left
Note : BF in CTF has nothing really interesting. The challenge had a few hints to restrict the pattern, which would have saved us some time.