The goal from the challenge was to get the password of user JohnDoe from a given memory dump,so lets get started
First, get Hashdump using the great Volatility :
root@kaliLinux:~/rootme# python /root/networkpentest/volatility-2.4/vol.py -f ch2.dmp --profile=Win7SP0x86 hashdump
Volatility Foundation Volatility Framework 2.4
Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
John Doe:1000:aad3b435b51404eeaad3b435b51404ee:b9f917853e3dbf6e6831ecce60725930:::
Then use john to crack John Doe Password :
root@kaliLinux:~/rootme# john ./pwlist --format=nt --wordlist=/root/rockyou.txt
Created directory: /root/.john
Loaded 1 password hash (NT MD4 [128/128 X2 SSE2-16])
-> passw0rd (John Doe)
guesses: 1 time: 0:00:00:00 DONE (Thu Jan 8 13:53:58 2015) c/s: 16000
HacKeD 
Hello,
you’ve published several solutions to Root-Me’s challenges.
As it’s written in the legal disclaimer, documents published on the site are covered by copyrights. Any retaking is conditioned to the respect of the intellectual property considering the authors and assignees.
That’s why the publishing of solutions, with a free access outside of the portal, is not allowed.
So, we ask you to remove this content.
If it’s not the case in a delay of 7 days, we will lock your account on our portal.
Root-Me already offers you to share solutions with other players directly on the website but respectfully for those who didn’t validate challenges.
These rules are here in order to keep an user-friendly and emulating spirit and to learn infosec together with fun.
You can find more infos at:
– http://www.root-me.org/en/Informations/Legal-Disclaimer/
– http://www.root-me.org/en/breve/Public-solutions-and-cheating
Thank you in advance for your action,
Faithfully,
Root-Me team
LikeLike
Hello,
we have detected that you’ve published several solutions to Root-Me’s challenges in this blog.
As it’s written in the legal disclaimer, documents published on the site are covered by copyrights. Any retaking is conditioned to the respect of the intellectual property considering the authors and assignees.
That’s why the publishing of solutions, with a free access outside of the portal, is not allowed.
So, we ask you to remove this content.
If it’s not the case in a delay of 7 days, we will lock your account on our portal.
Root-Me already offers you to share solutions with other players directly on the website but respectfully for those who didn’t validate challenges.
These rules are here in order to keep an user-friendly and emulating spirit and to learn infosec together with fun.
You can find more infos at:
– http://www.root-me.org/en/Informations/Legal-Disclaimer/
– http://www.root-me.org/en/breve/Public-solutions-and-cheating
Thank you in advance for your action,
Faithfully,
Root-Me team
LikeLiked by 1 person
Dears sorry for any inconvenient occured because of me all my posts have been edited to be private.
Sorry Again 🙂 🙂
LikeLike
Sorry, but your posts are currently NOT private.
LikeLike
Done Private Now 😀
LikeLike