Notifications
Clear all
Topic starter
15/05/2023 3:22 pm
Hello all, I'm new here.
I'm working on a memory dump and I used volatility to dump a file processed by 7zFM.exe
2176 7zFM.exe "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\IEUser\Documents\backup_development.zip"
So i used volatility too for dump it using windows.dumpfiles function
python3 removed link -f .. removed link windows.dumpfiles --pid 2176
and the result is this one file
backup_development.zip: Zip archive data, at least v1.0 to extract, compression method=store
so i unzipped it and the result is the following
Archive: backup_development.zip extracting: development.tc
The file tool respond me that the development.tc file is just "data" so i tried to find something on google and i find that tc should be a <a href=" removed link ">TrueCrypt file so i tried to extract the hashs using john the ripper
python3 truecrypt2john.py development.tc > output
but when I try to crack the hashs using john I receive the following error...
Â
The following lines is the output file content
development.tc:truecrypt_RIPEMD_160$5d5f87b5b14f41680647edee24431d987ecba413f784dace78f0d13b712c42b88cb7244d958b02464d82a563d67b014a47562fb67c0b18941f776acb38746b45f0a4adc1dbf55b3e7249bd35d41cfe34ca26d89c627d9296e8bb170076ca4f43f7032f2cd244c5b263d3b4fe0434f3e7837bcac2b46f5b830afa8c361e796030346a2a5f48f86a12b9c2035a57e56175c5ebdef3299043eab27e6a3dbabccb40043f2db30c66db7f25b8bece7774827bdefbe498274ef80ac52c348d557e96afe489b408f074cbe9abc555e8cdaaeb7ad3d130e21b60812b6ccbe4538af2857583fa51f5320045b78403ffb0aeda442da17ba1a98a42f3ce6f970e9589eb95b30884222f922e02a05476f435c0f258cdfc66b38953c65881d797354567e2c2ff722f0180386f05f387c4ac0284413aa37131fcee1736555965c4e58f3a2e9cab12c25c3ff65eeb36fd8117e444f5a316a0e881500adb5052fc3624e36097abbc184041c3e122d61a813d693232d10aeeff65f0d670ff93a7ad68e47df3bbf28e756a9755632fc9567e774e619582ea9cc50814a4fe44e930d5b1854c8aa8f14ff19f83f9020b00d40d64d184d2a6d542eea9ba4e4a90f57ae3be84da02ea5360ca50b65633ccc0a1b003e12f2752de9143901a78db05900fc0c59a38a6bc9933752d12874bfb281e24244bb4af33461b0dda0dca635dc4635ef153994c528de4:normal::::development.tc development.tc:truecrypt_SHA_512$5d5f87b5b14f41680647edee24431d987ecba413f784dace78f0d13b712c42b88cb7244d958b02464d82a563d67b014a47562fb67c0b18941f776acb38746b45f0a4adc1dbf55b3e7249bd35d41cfe34ca26d89c627d9296e8bb170076ca4f43f7032f2cd244c5b263d3b4fe0434f3e7837bcac2b46f5b830afa8c361e796030346a2a5f48f86a12b9c2035a57e56175c5ebdef3299043eab27e6a3dbabccb40043f2db30c66db7f25b8bece7774827bdefbe498274ef80ac52c348d557e96afe489b408f074cbe9abc555e8cdaaeb7ad3d130e21b60812b6ccbe4538af2857583fa51f5320045b78403ffb0aeda442da17ba1a98a42f3ce6f970e9589eb95b30884222f922e02a05476f435c0f258cdfc66b38953c65881d797354567e2c2ff722f0180386f05f387c4ac0284413aa37131fcee1736555965c4e58f3a2e9cab12c25c3ff65eeb36fd8117e444f5a316a0e881500adb5052fc3624e36097abbc184041c3e122d61a813d693232d10aeeff65f0d670ff93a7ad68e47df3bbf28e756a9755632fc9567e774e619582ea9cc50814a4fe44e930d5b1854c8aa8f14ff19f83f9020b00d40d64d184d2a6d542eea9ba4e4a90f57ae3be84da02ea5360ca50b65633ccc0a1b003e12f2752de9143901a78db05900fc0c59a38a6bc9933752d12874bfb281e24244bb4af33461b0dda0dca635dc4635ef153994c528de4:normal::::development.tc development.tc:truecrypt_WHIRLPOOL$5d5f87b5b14f41680647edee24431d987ecba413f784dace78f0d13b712c42b88cb7244d958b02464d82a563d67b014a47562fb67c0b18941f776acb38746b45f0a4adc1dbf55b3e7249bd35d41cfe34ca26d89c627d9296e8bb170076ca4f43f7032f2cd244c5b263d3b4fe0434f3e7837bcac2b46f5b830afa8c361e796030346a2a5f48f86a12b9c2035a57e56175c5ebdef3299043eab27e6a3dbabccb40043f2db30c66db7f25b8bece7774827bdefbe498274ef80ac52c348d557e96afe489b408f074cbe9abc555e8cdaaeb7ad3d130e21b60812b6ccbe4538af2857583fa51f5320045b78403ffb0aeda442da17ba1a98a42f3ce6f970e9589eb95b30884222f922e02a05476f435c0f258cdfc66b38953c65881d797354567e2c2ff722f0180386f05f387c4ac0284413aa37131fcee1736555965c4e58f3a2e9cab12c25c3ff65eeb36fd8117e444f5a316a0e881500adb5052fc3624e36097abbc184041c3e122d61a813d693232d10aeeff65f0d670ff93a7ad68e47df3bbf28e756a9755632fc9567e774e619582ea9cc50814a4fe44e930d5b1854c8aa8f14ff19f83f9020b00d40d64d184d2a6d542eea9ba4e4a90f57ae3be84da02ea5360ca50b65633ccc0a1b003e12f2752de9143901a78db05900fc0c59a38a6bc9933752d12874bfb281e24244bb4af33461b0dda0dca635dc4635ef153994c528de4:normal::::development.tc development.tc:truecrypt_RIPEMD_160$c746b19808eeaa9dcec489bed35631caf08d60685229c69e5add708cc53f1a18c1c2abdcc21982a68a6cafefd4cb0023eaf2595dd78a8394e005bebbf89b7ede81dee212f425fad0c4593668d149100c674fb67763693c48ad866eb1c87eba755673de581b60deb51b2c3ca33a11512dc2b923582fee3104bc4528c2c9af310d5c406a3c00a21aa103a11c26a61c571c063e26b68bd96075428411f7b6d19543368ae27b4d72ed6ea015e43518217cc1646dbabc6e430cf2d4808526deafed15a5326bb98fd9a5aff6759c3da5e455fc470321e8c2ec52904d7fbdfdf2d009c3fff33bd2f05c13096ea4aedc76955bd85cefaf479f4bdb5dc558cf6793d4e6b5c3695b6ac19d239940cf30f665e97bd7f0da107efc6296b56dca3b37ec4abe3c295789992173b672c7e1e5a046c9545fc47106e2dcdd19a7aa3c9bdd8eb22b195edde0228b6f840b83e55d2d4a1328251e39536f517c9dc1bd4e89a41c01e07f3dfe864f1deb62c122572978b438068ea2e256e05e49f8ee143ecd041b7625fed234c7d68a659d0e02430f3d22e4d3cd8d26940d84d47be5da833f53fde80743c89dcb4efdb37e92fcf08985a186f032bb60a4e9488764287d7974d7c4f6da5055db7e27eba1d05907e01d2596a2d9515d158874571bdc26580345d582720cc31fd2129c4fbddbe7eaa258ccb16f46db99bc0622a020ee3c90abc8ae32659bb9:hidden::::development.tc development.tc:truecrypt_SHA_512$c746b19808eeaa9dcec489bed35631caf08d60685229c69e5add708cc53f1a18c1c2abdcc21982a68a6cafefd4cb0023eaf2595dd78a8394e005bebbf89b7ede81dee212f425fad0c4593668d149100c674fb67763693c48ad866eb1c87eba755673de581b60deb51b2c3ca33a11512dc2b923582fee3104bc4528c2c9af310d5c406a3c00a21aa103a11c26a61c571c063e26b68bd96075428411f7b6d19543368ae27b4d72ed6ea015e43518217cc1646dbabc6e430cf2d4808526deafed15a5326bb98fd9a5aff6759c3da5e455fc470321e8c2ec52904d7fbdfdf2d009c3fff33bd2f05c13096ea4aedc76955bd85cefaf479f4bdb5dc558cf6793d4e6b5c3695b6ac19d239940cf30f665e97bd7f0da107efc6296b56dca3b37ec4abe3c295789992173b672c7e1e5a046c9545fc47106e2dcdd19a7aa3c9bdd8eb22b195edde0228b6f840b83e55d2d4a1328251e39536f517c9dc1bd4e89a41c01e07f3dfe864f1deb62c122572978b438068ea2e256e05e49f8ee143ecd041b7625fed234c7d68a659d0e02430f3d22e4d3cd8d26940d84d47be5da833f53fde80743c89dcb4efdb37e92fcf08985a186f032bb60a4e9488764287d7974d7c4f6da5055db7e27eba1d05907e01d2596a2d9515d158874571bdc26580345d582720cc31fd2129c4fbddbe7eaa258ccb16f46db99bc0622a020ee3c90abc8ae32659bb9:hidden::::development.tc development.tc:truecrypt_WHIRLPOOL$c746b19808eeaa9dcec489bed35631caf08d60685229c69e5add708cc53f1a18c1c2abdcc21982a68a6cafefd4cb0023eaf2595dd78a8394e005bebbf89b7ede81dee212f425fad0c4593668d149100c674fb67763693c48ad866eb1c87eba755673de581b60deb51b2c3ca33a11512dc2b923582fee3104bc4528c2c9af310d5c406a3c00a21aa103a11c26a61c571c063e26b68bd96075428411f7b6d19543368ae27b4d72ed6ea015e43518217cc1646dbabc6e430cf2d4808526deafed15a5326bb98fd9a5aff6759c3da5e455fc470321e8c2ec52904d7fbdfdf2d009c3fff33bd2f05c13096ea4aedc76955bd85cefaf479f4bdb5dc558cf6793d4e6b5c3695b6ac19d239940cf30f665e97bd7f0da107efc6296b56dca3b37ec4abe3c295789992173b672c7e1e5a046c9545fc47106e2dcdd19a7aa3c9bdd8eb22b195edde0228b6f840b83e55d2d4a1328251e39536f517c9dc1bd4e89a41c01e07f3dfe864f1deb62c122572978b438068ea2e256e05e49f8ee143ecd041b7625fed234c7d68a659d0e02430f3d22e4d3cd8d26940d84d47be5da833f53fde80743c89dcb4efdb37e92fcf08985a186f032bb60a4e9488764287d7974d7c4f6da5055db7e27eba1d05907e01d2596a2d9515d158874571bdc26580345d582720cc31fd2129c4fbddbe7eaa258ccb16f46db99bc0622a020ee3c90abc8ae32659bb9:hidden::::development.tc
This topic was modified 1 year ago by Aleff