Openssl bruteforce attack

Hi everyone,

I am finally back. I would like to talk about the openssl encryption which currently being used almost everywhere.

During penetration testing, we sometimes get the file which encrypted using openssl but as the penetration tester we need to open it to check what is the important message reside in it.

So let get the exercise, lets encrypt a file

  1. open your console
  2. create a flat text file with name flat
  3. let encrypt it using this using opessl using this command openssl enc -aes-256-cbc -in flat -out -k rioasmara
    Option description
    –> encryption algorithm
    -in –> the file that we want to encrypt
    -out –> the encrypted file name
    -k –> the password of the encryption
  4. ok done,now we have an encrypted file
  5. let brute force

The objective of the bruteforce is to know what is the encryption password which definde with option -k (in our sample is rioasmara)

in order to bruteforce, I use a tool to help me which you can download and install from its github As usual,  to make the bruteforce effective, I will do bruteforce with provided wordlist

the command will be like bruteforce-salted-openssl -t 1 -f wordlist -c aes-256-cbc -d sha256 -1

Option desciption

-t 1 –> is the number of thread that we want to do the parallel test
-f –> the path to the wordlist
-caes-256-cbc –> is the encryption algorithm *Cypher*
-d sha56 –> is digest algorithm
-1 –> stop at the first known password


Tried passwords: 4
Tried passwords per second: inf
Last tried password: rioasmara

Password candidate: rioasmara

as the information shown above, The bruteforce tools found the password candidate which is rioasmara that we defined as the password to encrypt the file

in order to really decrypt the file you can use the openssl as shown openssl enc -d -aes-256-cbc -in -out decrypted -k rioasmara

OK thats all a bit tutorial on how to bruteforce the openssl encryption.


  1. Hey there! When I want to run the ./ , it says “autoreconf: not found”.
    How am I supposed to install this?
    I am running this on a linux VM.

    Thanks in advance for help!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s