I am new to using backtrack and I just went to a class to learn how to pen test. I am trying to complete a lab and part of the lab entails escalating your privileges to root after you gain access to the box. The target box is a Redhat 2.4.8-20 box and I currently only have regular user privileges. I am using Backtrack 4 as my "attack" server. I need to obtain the /etc/shadow file so that I can brute force it. I have tried to use Hydra, but I have not been able to get the root password. I have also tried looking for a program running as root to attempt to read the file, but I am afraid I am a little bit lost. Any help would be GREATLY appreciated.