I am finally back. I would like to talk about the openssl encryption which currently being used almost everywhere.
During penetration testing, we sometimes get the file which encrypted using openssl but as the penetration tester we need to open it to check what is the important message reside in it.
So let get the exercise, lets encrypt a file
- open your console
- create a flat text file with name flat
- let encrypt it using this using opessl using this command openssl enc -aes-256-cbc -in flat -out encrypted.data -k rioasmara
-aes-256-cbc –> encryption algorithm
-in –> the file that we want to encrypt
-out –> the encrypted file name
-k –> the password of the encryption
- ok done,now we have an encrypted file
- let brute force
The objective of the bruteforce is to know what is the encryption password which definde with option -k (in our sample is rioasmara)
in order to bruteforce, I use a tool to help me which you can download and install from its github https://github.com/glv2/bruteforce-salted-openssl. As usual, to make the bruteforce effective, I will do bruteforce with provided wordlist
the command will be like bruteforce-salted-openssl -t 1 -f wordlist -c aes-256-cbc -d sha256 encrypted.data -1
-t 1 –> is the number of thread that we want to do the parallel test
-f –> the path to the wordlist
-caes-256-cbc –> is the encryption algorithm *Cypher*
-d sha56 –> is digest algorithm
-1 –> stop at the first known password
Tried passwords: 4
Tried passwords per second: inf
Last tried password: rioasmara
Password candidate: rioasmara
as the information shown above, The bruteforce tools found the password candidate which is rioasmara that we defined as the password to encrypt the file
in order to really decrypt the file you can use the openssl as shown openssl enc -d -aes-256-cbc -in encrypted.data -out decrypted -k rioasmara
OK thats all a bit tutorial on how to bruteforce the openssl encryption.
Hey there! When I want to run the ./autogen.sh , it says “autoreconf: not found”.
How am I supposed to install this?
I am running this on a linux VM.
Thanks in advance for help!
apt-get install autoconf