Hi, I am currently in a forensics course and am trying to use john the ripper to crack a windows password. Whenever I try to use the command 'bkhive' it says command not found. When I load from a bootable Backtrack DVD it works no problem however. Why am I unable to get this to work? 949

You can install bkhive from the repos:

apt-get update
apt-get install bkhive

The
apt-get install bkhive
command runs, but bkhive is not actually installed. I found this workaround, however, downgrading to previous versions of bkhive and pwdump2:

apt-get purge bkhive
apt-get purge pwdump2

apt-get purge samdump2

curl http://http.us.debian.org/debian/pool/main/s/samdump2/samdump2_1.1.1-1.1_i386.deb > samdump2_1.1.1-1.1_i386.deb

dpkg -i samdump2_1.1.1-1.1_i386.deb

curl http://http.us.debian.org/debian/pool/main/b/bkhive/bkhive_1.1.1-1_i386.deb > bkhive_1.1.1-1_i386.deb

dpkg -i bkhive_1.1.1-1_i386.deb

https://packages.debian.org/source/wheezy/bkhive

After that bkhive and pwdump2 work.

Is it not true that bkhive has bean removed because samdump2 can do everything bkhive could??

1030

so in old instructions we insert samdump2 were it says bkhive?

The original "samdump2" in Kali can do "bkhive" what can do.


samdump2 SYSTEM_FILE SAM_FILE

Get the Hash Completed !