Hello everyone,
I am a forensic student and my final project is to find a password. I don get any help from the professor so it is difficult to do this task and I need your help!Â
-
- In this step, you need to use the provided wordlist.txt file.FSCS315 Final projectImage001: BitLocker encrypted image file. This file was generated from a BitLocker encrypted flash drive by FTK Imager. That means it has a password
- FSCS315 Final projectImage.txt: A metadata file.
Â
- wordlist.txt: The file contains key space. (A list of all possible passwords)
To break the encryption, two steps are needed:
Step 1-Extract the hash: Use the bitlocker2john tool to extract the hash from the password protected BitLocker encrypted volumes.
- That means you need to find the tool and figure out how to use the tool.
- You must complete this step first to proceed to the next step.
(Notes: You must put the image file in your computer's local drive. If you put the image file in One Drive, it will not work!)
Â
Â
Step 2-Attack: Use the tool HashCat to attack the hash and get password
- In this step, you need to use the provided wordlist.txt file.
Â
 Based on this information, anyone can help me?
Thank you!
- In this step, you need to use the provided wordlist.txt file.FSCS315 Final projectImage001: BitLocker encrypted image file. This file was generated from a BitLocker encrypted flash drive by FTK Imager. That means it has a password
Â
The task is very straight forward, which part is causing difficulties for you? There are just two steps:
Â
1.
Run the program "bitlocker2john" on your encrypted image file to extract the hash:
./bitlocker2john
Usage: ./bitlocker2john -i <Image of encrypted memory unit>
Options:
-h Show this help
-i Image path of encrypted memory unit encrypted with BitLocker
Â
2.
Attack the extracted hash with "hashcat" using the provided wordlist:
Read hashcat's help page to construct the command:Â
hashcat --help
Find out the ID of the hashmethod to crack BitLocker:Â
hashcat --help | grep -E -i bitlocker
22100 | BitLocker | Full-Disk Encryption (FDE)
Construct the command, it could be something like this:
hashcat -O -m 22100 -a 0 -w 3 extracted_hash.hash wordlist.txt -o cracked_password.txt
-O --optimized OpenCL kernels (max pwd length 32 symbols)
-m --hashmethod
-a --crack method (0 for standard dictionary, 3 for bruteforce)
-w --resource allocation (3 for high)
-o --output file
Â
Have fun!