there are a couple of ways on this one. the easiest method IMO is to use the initial weakness and follow the source.
there’s another method that will get you the password without cracking.
a third approach is to actually crack the hash. didn’t try that personally but that could take a while…
dirb/wordlists may help but is not required. you can more or less guess what’s there.