Protected Archives
| all | types | of | archives |
|---|---|---|---|
tar | gz | rar | zip |
vmdb/vmx | cpt | truecrypt | bitlocker |
kdbx | luks | deb | 7z |
pkg | rpm | war | gzip |
Table of Contents
- Download a list of all archived file extensions
- Cracking Archives
Download a list of all archived file extensions
curl -s https://fileinfo.com/filetypes/compressed | html2text | awk '{print tolower($1)}' | grep "\." | tee -a compressed_ext.txt
.mint
.htmi
.tpsr
.mpkg
.arduboy
.ice
.sifz
.fzpz
.rar
.comppkg.hauptwerk.rar
...SNIP...
Cracking Zip
/usr/sbin/zip2john Notes.zip > zip.hash
john --wordlist=/usr/share/wordlists/rockyou.txt zip.hash
john zip.hash --show
Checking if a GZIP if OpenSSL Encrypted
it might not be immediately apparent whether a file is encrypted. use file to check if a gzip file is encrypted with openssl
> file GZIP.gzip
GZIP.gzip: openssl enc'd data with salted password
Cracking an OpenSSL Encrypted GZIP file
for i in $(cat rockyou.txt);do openssl enc -aes-256-cbc -d -in GZIP.gzip -k $i 2>/dev/null| tar xz;done
will show many errors, which we can ignore
Cracking BitLocker Encrypted Drives
Windows OS Encryption algo. Uses AES Encryption.
- if Password/PIN for BitLocker is forgotten, can use Recovery Key to decrypt
- Recovery Key is a random 48 digit number, which can also be brute-forced
1. Turn BitLocker into Hash using John
bitlocker2john -i Backup.vhd > backup.hashes
grep "bitlocker\$0" backup.hashes > backup.hash
cat backup.hash
$bitlocker$0$16$02b329c0453b9273f2fc1b927443b5fe$1048576$12$00b0a67f961dd80103000000$60$d59f37e...SNIP...70696f7eab6b
2. Cracking BitLocker Hash using Hashcat
Hashcat mode -m 22100
hashcat -m 22100 backup.hash /usr/share/wordlists/rockyou.txt -o backup.cracked
cat backup.cracked
3. Viewing the decrypted drive
easiest way -> transfer the encrypted virtual drive to a Windows OS and mount it.
