Password Cracking

Hash Analysis

Hashcat

Hash format: MD5 (-m 0)

hashcat -m 0 -a 0 hashes.txt /usr/share/wordlists/rockyou.txt

AES Encryption Cracking

Convert AES file to hashcat format

Download conversion script

curl "https://raw.githubusercontent.com/hashcat/hashcat/master/tools/aescrypt2hashcat.pl" -o aescrypt2hashcat.pl

Extract hash from AES file

perl aescrypt2hashcat.pl backup.zip.aes > hash

Crack with Hashcat

hashcat -m 22400 -a 0 hash /usr/share/wordlists/rockyou.txt

Decrypt the file with the found password

Using pyAesCrypt (Python):

import pyAesCrypt

# Buffer size for file operations (larger = faster for big files)
# 128KB is a good balance between memory usage and speed
bufferSize = 128 * 1024

# The password we cracked
password = "password"

# Decrypt: source.aes -> destination file
pyAesCrypt.decryptFile("file.zip.aes", "file.zip", password, bufferSize)
print("[+] File decrypted successfully")
EOF

Is possible to also use the aescrypt tool:

aescrypt -d -p password file.zip.aes

ZipCrypto Cracking

This attack requires us to know the unencrypted contents of a file that is included in the archive to use that as a clear text reference.

Calculate the Cyclic Redundancy Check (CRC) value of a file to check if it matches the one on the ZIP file:

python3 -c "import binascii; data = open('/FILE/PATH', 'rb').read(); print(hex(binascii.crc32(data) & 0xFFFFFFFF))"

Use this command to check the CRC of the compressed files:

7z l -slt <file>

Once you have a matching file is possible to perform the attack using bkcrack

First, zip the matching file

zip file.zip filename

Then, we use bkcrack to get the keys of the archive

bkcrack -C target.zip -c .filename -P file.zip -p filename

Afterwards, we can use bkcrack once again to unlock the archive:

bkcrack -C target.zip -k keys -U newtarget.zip yourpassword

Now, we can unzip the new archive with the password you choose

Check this blog

PreviousBinaries NextCryptosystems

Last updated 2 days ago