There is an exploit that will dump the contents of /etc/shadow so you can brute force the hash much better. This depends on the kernel version as it exploits the binfmt handler. However I can't post it here as it would violate forum rules. Besides isn't this like your assignment like you said in the other thread. That is also against forum rules.
We won't make your homework for you, google a bit.
tip:
www.securityfocus.com
should have all you need to get your security homeworks done.