![[Root-me] : Command & Control - level 5](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdna%2FcNqlXM%2FbtqUOCrd2A9%2FAAAAAAAAAAAAAAAAAAAAADCUhbTIi6Z1DScEH0EiX9OJ3_hZxHo175WzLHdhblQR%2Fimg.png%3Fcredential%3DyqXZFxpELC7KVnFOS48ylbz2pIh7yKj8%26expires%3D1753973999%26allow_ip%3D%26allow_referer%3D%26signature%3DSpOyViU%252Fh0FU%252FMXGrOMCG4eMwA8%253D)
비밀번호 추출
volatility 이용
1. image 에서 memory profile 추출
volatility imageinfo -f ch2.dmp
2. image 에서 registry hive 추출
volatility -f ch2.dmp hivelist --profile=Win7SP1x86_23418
3. 해시값 추출. (SYSTEM & SAM)
volatility -f ch2.dmp --profile=Win7SP1x86_23418 hashdump -y 0x8b21c008 -s 0x9aad6148 >hashes.txt
md5 해시인 것으로 추정. -> John 의 pw를 찾아야 하므로,
b9f917853e3dbf6e6831ecce60725930 가 그의 pw 이다.
crackstation을 이용해서 복호화를 ㅅ ㅣ도했다.
flag : passw0rd
'WriteUp > Root-me.org' 카테고리의 다른 글
| [Root-me] : Ugly Duckling (0) | 2021.01.27 |
|---|---|
| [Root-me] : Find the cat (0) | 2021.01.27 |
| [Root-me] : Logs analysis - web attack (0) | 2021.01.27 |
| JSON Web Token (JWT) - Weak secret (0) | 2021.01.02 |
| Root-me : File upload - Null byte (0) | 2020.12.31 |