Join Us!

Notifications
Clear all

.pgd password  

  RSS
mark777
(@mark777)
Active Member

I am doing a course and at the moment have a disk to examine with 8 windows partitions, 2 deleted windows partitions and 1 linux partition. The gentleman (and i use the term in the loosest sense) who set the assignment is a specially devious sort of chap and has renamed and hidden a.pgd encrypted drive on one of the windows partitions. I have tried all ways to find the password for it spending hours searching the file slack, swap file and unallocated and everything else to no avail. Have created text files for dictionary in FTK and the password cracker has been running for 9 days using 6 networked machines and still nothing. I am now looking to see if the password may be hidden in an image file using steganography (God i hope it is) and I was wondering if any one knew of any tools that i could use to check image (or any other file) for stegonography. Any ideas would be gratefully appreciated.
? evil x

Quote
Posted : 13/08/2005 4:28 am
andy1500mac
(@andy1500mac)
Member

Hi Mark,

There is a hash set available for steg software from I believe the NSRL. I used it a few months back in Winhex and was able to match up against some deleted files from a previous installation of s-tool.

Sorry I don’t have the link, googling steganography hash sets should do the trick.

Pretty hard core if the pwd ends up being hidden using the means you suspect….sounds extreme. What kind of course if I may ask?

Andrew-

ReplyQuote
Posted : 13/08/2005 5:44 am
mark777
(@mark777)
Active Member

Thanks for the pointer. The course I am doing is the PG Cert in Forensic computing at Cranfield university

ReplyQuote
Posted : 13/08/2005 4:42 pm
femur
(@femur)
New Member

You can try the demo of this product here
http//www.accessdata.com/Product00_Overview.htm
Works like a charm for PGP disks (.pgd)
Have Fun!

ReplyQuote
Posted : 15/08/2005 7:52 pm
mark777
(@mark777)
Active Member

Thanks for that but it has been running for 6 days with no luck so far

ReplyQuote
Posted : 17/08/2005 1:11 am
Brian
(@brian)
New Member

Hi Mark,
I'm going on the theory that the lecturer wouldn't expect you to have a Cray supercomputer at home trying to brute force a password for xx years.
I'd think I would have missed something and would go back to basics-
Is it really a pgd file? Is it something else that has been renamed etc to look like a .pgd?

Is there anything in the text of the assignment that gives you a clue as to the password itself? e.g "law enforcement raided Mr Blair's cottage "rosebud" and removed a number of laptops, CD roms and a hard disk labelled 123?" (Use rosebud and 123 as possible passwords)

What have you found so far? These might provide clues.
Was there a hidden encrypted word or excel file (or simple plain word, .jpg, .gif file etc). Use 'strings' on these files.
Is there something embedded in the file that doesn't show up when it is normally displayed on screen e.g. pwd=rosebud etc.

I hope this helps - happy hunting

Best Regards
Brian A Crawford

ReplyQuote
Posted : 17/08/2005 4:19 pm
Share: