DIGITAL FORENSICS: Breaking Password and Encryption

DIGITAL FORENSICS: Breaking Password and Encryption

#sb_release -a

Example 1.Brute-Force Attacks

We will create & compress a text file name text.txt into a password-protected ZIP file named Protected.zip, with the password kali. The command we will be using is zip --encrypt Protected.zip text.txt.

• zip – Selects the tool we want to use
• –encrypt – Selections the function of the tool we want to use. ‘Encrypt’ will encrypt our ZIP archive and require a password to decrypt the contents.
• Protected.zip – The name of the outputted ZIP file.
• text.txt – The file we want to compress.

#zip --encrypt Protected.zip Desktop/text.txt 

Brute-Force Attacks

fcrackzip is a fast password cracker partly written in assembler. It is able to crack password protected zip files with brute force or dictionary based attacks, optionally testing with unzip its results. It can also crack cpmask’ed images.

This package is useful for pentesters, ethical hackers and forensics experts.

How to install: sudo apt install fcrackzip

#fcrackzip -h

Known Characters:

• If you recall parts of the password, fcrackzip can use this information to reduce cracking time: 
• -l denotes the password length(in this case, between 1 and 4 characters), and -c defines the character set (a for lower-case).

[-l|--length min-max] check password with length min to max

#fcrackzip -b Protected.zip -u -c a -l 1-4 –u

PASSWORD FOUND!!!!: pw == kali

Example 2. Brute-Force Attacks

#zip --encrypt Protected.zip Desktop/text.txt 

#fcrackzip -b Protected.zip -u -c a1 -l 1-4 –u

Example 3.Dictionary Attacks

In this example, our target ZIP is topsecret.zip  with the password monkeybutts. Here’s the command we’ll be using.

• fcrackzip – Selecting the tool we want to use.
• -D – Selecting the option for a dictionary attack.
• -u – This makes sure fcrackzip actually tries to unzip the file, without this we won’t actually get the right password.
• -p – Use strings as password.
• /usr/share/wordlists/rockyou.txt – This is the location of our wordlist, required to perform a dictionary attack.
• topsecret.zip – The file we want to crack.

#fcrackzip -D -u -p Downloads/rockyou.txt Downloads/topsecret.zip 

fcrackzip tells us that it has found the correct password

we can now successfully extract the contents of the file.

Credit:  kali 

หมายเหตุ:เนื้อหาในเว็บไซต์นี้มีขึ้นเพื่อวัตถุประสงค์ในการให้ข้อมูลและเพื่อการศึกษาเท่านั้น

* หากมีข้อมูลข้อผิดพลาดประการใด ขออภัยมา ณ ที่นี้ด้วย  รบกวนแจ้ง Admin เพื่อแก้ไขต่อไป
ขอบคุณครับ

#WINDOWSFORENSIC #COMPUTERFORENSICS #DFIR #FORENSICS #DIGITALFORENSICS #COMPUTERFORENSIC #INVESTIGATION #CYBERCRIME #FRAUD #คดีอาชญากรรมคอมพิวเตอร์ #พยานหลักฐานดิจิทัล