Files & Archives Cracking

Protected Files

Importance of File Encryption

• Encryption ensures confidentiality in personal and business communication.

• Lack of encryption in emails containing sensitive data is negligent and potentially violates laws (e.g., GDPR in the EU).

• Symmetric encryption (e.g., AES-256):

  • Uses the same key for encryption and decryption.

• Asymmetric encryption:

  • Requires a public key (to encrypt) and a private key (to decrypt).

• Common tools and passwords can crack poorly implemented encryption.

File Hunting and Identifying Sensitive Files

Command for Hunting Specific File Extensions

for ext in $(echo ".xls .xls* .xltx .csv .od* .doc .doc* .pdf .pot .pot* .pp*"); do 
    echo -e "\nFile extension: $ext"; 
    find / -name *$ext 2>/dev/null | grep -v "lib\|fonts\|share\|core";
done

• Purpose: Locate files with extensions that might store sensitive information.

• Filtering: Avoid unnecessary system paths like libraries and fonts.

Finding SSH Keys

• Purpose: Search for SSH keys across the filesystem.

• Encrypted SSH keys:

  • Header indicates encryption method (e.g., AES-128-CBC).

  • Requires a passphrase to decrypt.

Cracking Encrypted Files

Tools for Extracting Hashes

• Locate scripts for various file types:

• Examples:

  • ssh2john.py: For SSH keys.

  • office2john.py: For Microsoft Office files.

  • pdf2john.py: For PDFs.

Steps to Crack Files

1. Convert File to Hash:

2. Crack Hash Using Wordlist:

3. Display Cracked Passwords:

Example: Cracking SSH Keys

Document Cracking

Cracking Office Documents

Cracking PDF Documents

Protected Archives

What Are Archives?

• Archives are compressed file formats that can bundle multiple files (e.g., PDFs, Word documents, etc.) into one for better organization and transfer.

• Examples of archive file extensions:

  • Common Formats: .tar, .gz, .zip, .rar, .7z

  • Encrypted/Specialized Formats: .luks, .truecrypt, .bitlocker, .kdbx

Password-Protected Archives

• Not all archive formats natively support password protection.

• Tools like OpenSSL or GPG are often used to encrypt unprotected archive types like .tar.

Cracking Password-Protected Archives

1. ZIP Archives

• Commonly used for bundling files in Windows environments.

Steps to Crack ZIP Passwords

1. Extract Hashes

   Example Output:

2. Use John the Ripper to Crack Hash

   Example Output:

3. View Cracked Password

2. OpenSSL-Encrypted Archives

• Gzip files can be encrypted with OpenSSL.

Steps to Crack OpenSSL Encrypted Archives

1. Identify Encryption

   Example Output:

2. Crack Password with a For-Loop

3. Verify Extraction

   Example Output:

3. BitLocker Encrypted Drives

• Used by Windows for partition or external drive encryption.

• Based on AES encryption (128/256-bit).

Steps to Crack BitLocker Password

1. Extract Hashes

2. Use Hashcat to Crack Hash

   Example Output:

3. View Cracked Password

   Example: