Introduction

Today I was going through a new box on Hack the Box when I ran across an issue with ‘john‘ and ‘Warning: invalid UTF-8‘ causing a valid hash to not be found. I felt this deserved a dedicated article as if I hadn’t run hashcat locally and then validated the issue this could have caused me to be indefinitely stuck.

As you can see from the screenshots below I was attempting to decrypt a bcrypt hash found inside a userdb. Using the --w flag instead of --wordlist= pulled up the following error – Warning: invalid UTF-8 seen reading /usr/share/wordlists/rockyou.txt after which the program ran as normal but found no hash.

john bcrypt hash saying 'not found'.

john bcrypt hash saying ‘not found’.

john bcrypt hash saying 'found' after using a slightly different syntax.

john bcrypt hash saying ‘found’ after using a slightly different syntax.

I have been using the -w flag for a while now without issue. Guess I will need to undo that habit going forward. Hope this helps someone else.

Copy
Published On: October 7th, 2020 / Categories: Cyber Security, Technology / Tags: , , , /

Leave A Comment