Please help me find...
 
Notifications
Clear all

Please help me find a password!

2 Posts
2 Users
0 Reactions
1,289 Views
(@torpilla)
New Member
Joined: 11 months ago
Posts: 1
Topic starter  

Hello everyone,

I am a forensic student and my final project is to find a password. I don get any help from the professor so it is difficult to do this task and I need your help! 

    • In this step, you need to use the provided wordlist.txt file.FSCS315 Final projectImage001: BitLocker encrypted image file. This file was generated from a BitLocker encrypted flash drive by FTK Imager. That means it has a password
      • FSCS315 Final projectImage.txt: A metadata file.

       

      • wordlist.txt: The file contains key space. (A list of all possible passwords)

      To break the encryption, two steps are needed:

      Step 1-Extract the hash: Use the bitlocker2john tool to extract the hash from the password protected BitLocker encrypted volumes.

      • That means you need to find the tool and figure out how to use the tool.
      • You must complete this step first to proceed to the next step.

      (Notes: You must put the image file in your computer's local drive. If you put the image file in One Drive, it will not work!)

       

       

      Step 2-Attack: Use the tool HashCat to attack the hash and get password

      • In this step, you need to use the provided wordlist.txt file.

       

     Based on this information, anyone can help me?

    Thank you!

 


   
Quote
Tic-Tac
(@tic-tac)
Eminent Member
Joined: 5 years ago
Posts: 26
 

The task is very straight forward, which part is causing difficulties for you? There are just two steps:

 

1.

Run the program "bitlocker2john" on your encrypted image file to extract the hash:

./bitlocker2john

Usage: ./bitlocker2john -i <Image of encrypted memory unit>

Options:

-h Show this help
-i Image path of encrypted memory unit encrypted with BitLocker

 

2.

Attack the extracted hash with "hashcat" using the provided wordlist:

Read hashcat's help page to construct the command: 

hashcat --help

Find out the ID of the hashmethod to crack BitLocker: 

hashcat --help | grep -E -i bitlocker
22100 | BitLocker | Full-Disk Encryption (FDE)

Construct the command, it could be something like this:

hashcat -O -m 22100 -a 0 -w 3 extracted_hash.hash wordlist.txt -o cracked_password.txt

-O --optimized OpenCL kernels (max pwd length 32 symbols)

-m --hashmethod

-a --crack method (0 for standard dictionary, 3 for bruteforce)

-w --resource allocation (3 for high)

-o --output file

 

Have fun!


   
ReplyQuote
Share: