December 24, 2017

Root me write-up : Command & Control - level 5

description of Root me(Command & Control - level 5)

Maybe password wekness...




a provided dmp file of Root me(Command & Control - level 5)

The Challenge privides the 512 MB dmp file.

I used Linux tool Volatility to extract passwords.




password extraction of Root me(Command & Control - level 5)

- volatility hivelist -f /root/test/ch2.dmp --profile=Win7SP0x86
- volatility hashdump -f /root/test/ch2.dmp --profile=Win7SP0x86 -y 0x8b21c008 -s 0x9aad6148 > rst.txt

I put the OS that I checked with imageinfo into --profile, put the SYSTEM/SAM address that I checked with hivelist into -y/-s.




password extraction result of Root me(Command & Control - level 5)

password cracking of Root me(Command & Control - level 5)

I wanted to use offline tools, but online tools were much easier to use. I could not solve it with hashcat and john because I was not doing well.

2017-12-24T23:28:00+09:00