2

The error I'm getting is this:

Using default input encoding: UTF-8
No password hashes loaded (see FAQ)

I'm not sure if there's something wrong with using this directory. Must I use a different user account than root? Must that other user account have root or bash authority, I have no idea about most of this stuff. I'm sort of just following the instructions on the LAMPSecurity CTF exercise 7 PDF.

The password file I'm using was from a dump off of a CTF8 server's website is rockyou.txt

The command I'm using is this:

john --wordlist=/usr/share/wordlists/rockyou.txt –-format=raw-MD5 /root/hashes.txt

And yes, both files are in those correct directories. rockyou.txt is the default common-passwords list that comes with Kali's default version of John the Ripper. I had to actually pull the rockyou.txt file out of the rockyou.txt.gz compressed file, and I merely left it in that same folder.

I have tried moving both files into the same directory, /usr/share/wordlists. I have even tried to use the unshadow command and point the command to create a myhashes.txt. The myhashes.txt didn't work at that point either.

Kali Linux 2016.2 kali-rolling.

BACKGROUND:

I'm doing the LAMPSecurity CTF Exercise 7. I'm stuck on page 49 of the PDF instructions for hours doing internet searches and not being sure what to do. It has us using a CTF8 linux server and the instructions are for backtrack, but I'm using Kali Linux instead.

It has us run a version of the server before it's been updated and patched so that it has plenty of vulnerabilities. Using a vmware, I set the network cards to the host-only private network on both Kali linux and CTF8.

I was able to exploit the vulnerability as per instructions in the comment box in order to obtain a password hash dump file named hashes.txt.

I'm not really sure what to do next. I'm hoping someone else has done this exercise and knows what they did to solve it, or if you have more experience with Linux and can intuit what I'm doing wrong, that would be great as well.

UPDATE: Thanks a lot for your help, HAlmussajjen. HAlmussajjen helped me solve this in a chat. All of the hashes in the file were listed as `username.number`. "Number" of course meaning the actual hash value. Apparently, all stupid me needed to do was to delete the "username." before each hash number. Boy, was that an ordeal just for something simple.
schroeder
  • 123,438
  • 55
  • 284
  • 319
Progfram
  • 23
  • 1
  • 1
  • 4

1 Answers1

0

Just make sure the hashes are in the correct file and path and then I would recommend you to try the following command:

john --wordlist=/usr/share/wordlists/rockyou.txt –-format=raw-MD5 /root/hashes.txt

or

john --wordlist=/usr/share/wordlists/rockyou.txt /root/hashes.txt

if this didn't work and you're logged in as root, I think there is a problem in the tool it self, delete it and reinstall it

schroeder
  • 123,438
  • 55
  • 284
  • 319
HAlmusajjen
  • 44
  • 6
  • Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/52668/discussion-between-progfram-and-halmusajjen). – Progfram Jan 29 '17 at 00:29
  • Thanks a lot for your help. HAlmussajjen helped me solve this in a chat. All of the hashes in the file were listed as username.number. "Number" of course meaning the actual hash value. Apparently, all stupid me needed to do was to delete the "username." before each hash number. Boy, was that an ordeal just for something simple. – Progfram Jan 29 '17 at 01:03