Files & Archives Cracking

Protected Files

Importance of File Encryption

  • Encryption ensures confidentiality in personal and business communication.

  • Lack of encryption in emails containing sensitive data is negligent and potentially violates laws (e.g., GDPR in the EU).

  • Symmetric encryption (e.g., AES-256):

    • Uses the same key for encryption and decryption.

  • Asymmetric encryption:

    • Requires a public key (to encrypt) and a private key (to decrypt).

  • Common tools and passwords can crack poorly implemented encryption.

File Hunting and Identifying Sensitive Files

Command for Hunting Specific File Extensions

for ext in $(echo ".xls .xls* .xltx .csv .od* .doc .doc* .pdf .pot .pot* .pp*"); do 
    echo -e "\nFile extension: $ext"; 
    find / -name *$ext 2>/dev/null | grep -v "lib\|fonts\|share\|core";
done

  • Purpose: Locate files with extensions that might store sensitive information.

  • Filtering: Avoid unnecessary system paths like libraries and fonts.

Finding SSH Keys

  • Purpose: Search for SSH keys across the filesystem.

  • Encrypted SSH keys:

    • Header indicates encryption method (e.g., AES-128-CBC).

    • Requires a passphrase to decrypt.

Cracking Encrypted Files

Tools for Extracting Hashes

  • Locate scripts for various file types:

  • Examples:

    • ssh2john.py: For SSH keys.

    • office2john.py: For Microsoft Office files.

    • pdf2john.py: For PDFs.

Steps to Crack Files

  1. Convert File to Hash:

  2. Crack Hash Using Wordlist:

  3. Display Cracked Passwords:

Example: Cracking SSH Keys

Document Cracking

Cracking Office Documents

Cracking PDF Documents

Protected Archives

What Are Archives?

  • Archives are compressed file formats that can bundle multiple files (e.g., PDFs, Word documents, etc.) into one for better organization and transfer.

  • Examples of archive file extensions:

    • Common Formats: .tar, .gz, .zip, .rar, .7z

    • Encrypted/Specialized Formats: .luks, .truecrypt, .bitlocker, .kdbx

Password-Protected Archives

  • Not all archive formats natively support password protection.

  • Tools like OpenSSL or GPG are often used to encrypt unprotected archive types like .tar.

Cracking Password-Protected Archives

1. ZIP Archives

  • Commonly used for bundling files in Windows environments.

Steps to Crack ZIP Passwords

  1. Extract Hashes

    Example Output:

  2. Use John the Ripper to Crack Hash

    Example Output:

  3. View Cracked Password

2. OpenSSL-Encrypted Archives

  • Gzip files can be encrypted with OpenSSL.

Steps to Crack OpenSSL Encrypted Archives

  1. Identify Encryption

    Example Output:

  2. Crack Password with a For-Loop

  3. Verify Extraction

    Example Output:

3. BitLocker Encrypted Drives

  • Used by Windows for partition or external drive encryption.

  • Based on AES encryption (128/256-bit).

Steps to Crack BitLocker Password

  1. Extract Hashes

  2. Use Hashcat to Crack Hash

    Example Output:

  3. View Cracked Password

    Example:

PreviousWindows Lateral MovementNextPassword Management