Skip to content

Protected Archives

  • Common archive extensions
  • Extensive list: https://fileinfo.com/filetypes/compressed

Cracking Archives

Zip

  • common in Windows
  • zip2john

gzip

  • openssl used to encrypt this
  • to check if encrypted: file archive.gzip

  • Cracking gzip encrypting is troublesome as many FPs may occur

  • for i in $(cat rockyou.txt);do openssl enc -aes-256-cbc -d -in GZIP.gzip -k $i 2>/dev/null| tar xz;done

    • Once this loop is finished, check the current folder for extracted docs

Cracking .docx files

  • office2john

Bitlocker encrypted drives

  • microsoft developed for windows
  • encrypts drives and partitions

  • If PIN/PASSWORD forgotten, we can use the 48-digit recovery key that was generated during the setup. It can also be brute-forced

  • Using bitlocker2john

    • 4 different hashes will be extracted

  • bitlocker2john -i Backup.vhd > backup.hashes - will create 4 hashes

  • grep "bitlocker\$0" backup.hashes > backup.hash - save bitlocker hash to another file
  • then john to crack the backup.hash OR
  • hashcat -m 21000 backup.hash rockyou.txt

Mounting on Linux - https://medium.com/@kartik.sharma522/mounting-bit-locker-encrypted-vhd-files-in-linux-4b3f543251f0 -

Mounting on Windows