Protected Files

Hunting for Encoded Files

 A useful list can be found on FileInfo  

Hunting for Files

 
for ext in $(echo ".xls .xls* .xltx .csv .od* .doc .doc* .pdf .pot .pot* .pp*");do echo -e "\nFile extension: " $ext; find / -name *$ext 2>/dev/null | grep -v "lib\|fonts\|share\|core" ;done

Hunting for SSH Keys

grep -rnw "PRIVATE KEY" /* 2>/dev/null | grep ":1"

Encrypted SSH Keys

cat /home/cry0l1t3/.ssh/SSH.private

• encrypted SSH keys are protected with a passphrase
• must be entered before use
• lightweight AES-128-CBC can be cracked.

---

Cracking with John

John Hashing Scripts

locate *2john*

We can convert many different formats into single hashes and try to crack the passwords with this. Then, we can open, read, and use the file if we succeed.

ssh2john.py for SSH keys, which generates the corresponding hashes for encrypted SSH keys, which we can then store in files.

ssh2john.py SSH.private > ssh.hash

cat ssh.hash 

Cracking SSH Keys

john --wordlist=rockyou.txt ssh.hash

john ssh.hash --show

---

Cracking Documents

• office2john.py

office2john.py Protected.docx > protected-docx.hash

cat protected-docx.hash

john --wordlist=rockyou.txt protected-docx.hash

john protected-docx.hash --show

Cracking PDFs

pdf2john.py PDF.pdf > pdf.hash

cat pdf.hash 

john --wordlist=rockyou.txt pdf.hash

john pdf.hash --show