[root-me]Command & Control Level 5

The goal from the challenge was to get the password of user JohnDoe from a given memory dump,so lets get started

First, get Hashdump using the great Volatility :

root@kaliLinux:~/rootme# python /root/networkpentest/volatility-2.4/vol.py -f ch2.dmp --profile=Win7SP0x86 hashdump

Volatility Foundation Volatility Framework 2.4
Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
John Doe:1000:aad3b435b51404eeaad3b435b51404ee:b9f917853e3dbf6e6831ecce60725930:::

Then use john to crack John Doe Password :

root@kaliLinux:~/rootme# john ./pwlist --format=nt --wordlist=/root/rockyou.txt
Created directory: /root/.john
Loaded 1 password hash (NT MD4 [128/128 X2 SSE2-16])
-> passw0rd         (John Doe)
guesses: 1  time: 0:00:00:00 DONE (Thu Jan  8 13:53:58 2015)  c/s: 16000

5 thoughts on “[root-me]Command & Control Level 5”

  1. Hello,

    you’ve published several solutions to Root-Me’s challenges.
    As it’s written in the legal disclaimer, documents published on the site are covered by copyrights. Any retaking is conditioned to the respect of the intellectual property considering the authors and assignees.

    That’s why the publishing of solutions, with a free access outside of the portal, is not allowed.

    So, we ask you to remove this content.
    If it’s not the case in a delay of 7 days, we will lock your account on our portal.

    Root-Me already offers you to share solutions with other players directly on the website but respectfully for those who didn’t validate challenges.
    These rules are here in order to keep an user-friendly and emulating spirit and to learn infosec together with fun.

    You can find more infos at:
    http://www.root-me.org/en/Informations/Legal-Disclaimer/
    http://www.root-me.org/en/breve/Public-solutions-and-cheating

    Thank you in advance for your action,
    Faithfully,
    Root-Me team

  2. Hello,

    we have detected that you’ve published several solutions to Root-Me’s challenges in this blog.

    As it’s written in the legal disclaimer, documents published on the site are covered by copyrights. Any retaking is conditioned to the respect of the intellectual property considering the authors and assignees.

    That’s why the publishing of solutions, with a free access outside of the portal, is not allowed.

    So, we ask you to remove this content.
    If it’s not the case in a delay of 7 days, we will lock your account on our portal.

    Root-Me already offers you to share solutions with other players directly on the website but respectfully for those who didn’t validate challenges.
    These rules are here in order to keep an user-friendly and emulating spirit and to learn infosec together with fun.

    You can find more infos at:
    http://www.root-me.org/en/Informations/Legal-Disclaimer/
    http://www.root-me.org/en/breve/Public-solutions-and-cheating

    Thank you in advance for your action,
    Faithfully,

    Root-Me team

Leave a Reply

Your email address will not be published. Required fields are marked *