This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.
Posted: Tue Jun 05, 2012 1:50 pm Post subject: Seeking Multiple Tools
I am a student studying digital forensics and I'm seeking several tools that do various things. Let me say that these are for assignments in a competition I'm enrolled in and that seeking outside advice is not against the rules.
Firstly, I'm seeking a Zip password recovery software that is able to recover Zipcrypto jpeg compressed and encrypted files. Products from companies like Elcomsoft return errors such as unknown compression method.
I've tried PRTK and I'm down to the password dictionaries that are stating 6 months to go through all 10 quadrillion passwords and I do not have that kind of time. I've also tried brute force up to 9 characters using fcrackzip.
Secondly, I'm seeking a Stego analysis tool that is able to recover hidden files without a known password. I've tried S-tools which can only recover with a password and VSL which has a java programming error I'm unable to sort out.
Lastly, I'm seeking a tool that can perform recovery of *nix files from the shadow and passwd files. I'm currrently trying JtR however it is only going at 71c/s which is obscenely slow. Any suggestions for speeding the process? I need to recover salted crypt and md5 hashed passwords. Or perhaps another software tool?
If anyone has any free or low-cost solutions for these I would greatly appreciate ANY suggestions at all.
Posted: Tue Jun 05, 2012 4:18 pm Post subject: Re: Seeking Multiple Tools
Bionic711 wrote:
Firstly, I'm seeking a Zip password recovery software that is able to recover Zipcrypto jpeg compressed and encrypted files. Products from companies like Elcomsoft return errors such as unknown compression method.
And what encryption method do the files claim? (I mean, what is the code used in the file to identify the encryption method?)
Quote:
I've tried PRTK and I'm down to the password dictionaries that are stating 6 months to go through all 10 quadrillion passwords and I do not have that kind of time. I've also tried brute force up to 9 characters using fcrackzip.
This may have less to do with the cracking tool than with how you use it. Brute force is used as the very last resort, when all previous, more targeted methods have failed. Typically you start by attempting known passwords -- say, these lists of common passwords that are posted from time to time. Then, you use dictionaries of various types. (All of these are used straight and with variations -- say, like adding a special character at the end, or in the middle, or altering letter case, etc. If your chosen tools does not provide such niceties, you either look for another tool, or do the modifications yourself. ) At least one such dictionary should be created from the case itself, using words that are case-relevant. It should contain words collected from the case, but it should not be restricted to a mechanically created collection. A corporate case, for example, should have words related to the corporation, its products, and its employees (even their user names, if they can be obtained).
People tend to follow similar paths for password creation. Car registration nunbers are definiteily a possibility: a dictionary can be created mechanically; phone numbers, too. Geographical names -- both places to go for the next vacation, and more mundane places -- often gives many more cracks. Popular culture, of course -- at one time names from Star Trek, Tolkien, Babylon, ... later, the Potter books, ... were very common. Football stars, music stars, car and motorcycle brand names and models, ... the list goes on. The lowest-priority lists are language dictionaries.
Only when all other attempts have failed do you start brute forcing. And even then, it helps if it can be done according to some kind of prioritization. John the Ripper does a very good brute-force in that way, as it goes by digram statistics (provided you are using that feature well) -- it is my preferred tool for encryption methods it (or the various add-on modules) support -- unless I already have a fixed-time method, like pre-cracked passwords, in place.
Password cracking is a bit of an art -- you need to spend time on learning it if you want to do it well. Otherwise, you need to have time (to wait), or money (to pay someone to do it).
Quote:
Lastly, I'm seeking a tool that can perform recovery of *nix files from the shadow and passwd files. I'm currrently trying JtR however it is only going at 71c/s which is obscenely slow. Any suggestions for speeding the process? I need to recover salted crypt and md5 hashed passwords. Or perhaps another software tool?
That's the main protection method against password cracking -- make it slow. There's little you can do about it, (assuming the encryption method is any good), except to rearrange time: instead of spending cracking time when the case is at hand, you spend it before the case appears. In other words, you create a collection of pre-cracked passwords. Whether that is practical or not depends on the encryption method. You can do a lot on your own with one or two encryption programs, a bit of Unix scripting, some disk storage and a lot of time.
If you have the programming skills, you *could* check the code of the particular cracking module -- some are easily optimized with a little bit of thought, and knowledge of the particular processor you are using. (For example, if you are running a 64-bit processor, you can sometimes use that wordlength better, than if you write portable code that operates on bytes or words.)
Posted: Tue Jun 05, 2012 4:56 pm Post subject: Re: Seeking Multiple Tools
Quote:
And what encryption method do the files claim? (I mean, what is the code used in the file to identify the encryption method?)
The hex bits 08 and 09 have 0x60 00. I believe that represents implosion?
Quote:
This may have less to do with the cracking tool than with how you use it.
I really appreciate the advice about how to use PRTK better. I may have to attempt to compile a custom dictionary based upon the 'case' but there's not much of a case for it. They kind of just give you a file and tell you to do it.
Quote:
If you have the programming skills, you *could* check the code of the particular cracking module -- some are easily optimized with a little bit of thought
I personally do not but I have a friend who may be able to help me on this. Appreciate the suggestion.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Forum FAQ
Search
Usergroups
Profile
Log in to check your private messages
Log in
