Testing BitLocker Security

user IEUser
passowrd Passw0rd!
cd "%programfiles%\oracle\Virtualbox\"VBoxManage modifymedium disk "%USERPROFILE%\VirtualBox VMs\MSEdge - Win10\MSEdge - Win10-disk001.vdi" --type immutable
user kali 
passowrd kali
lsblk
sudo -s
bitlocker2john -i /dev/sdb2
User Password hash:$bitlocker$0$16$e41497352cb4e6c7e5cdb8f63446fa52$1048576$12$204c491885dad50103000000$60$9dfc6d4d2c16fc76b8bbdce16b3234bd4df708becf03fd127b1bac121c7f7e3d179eaa6c4b5438ef22bb053cff4776c861491afd80e1b419b99418b0
git clone https://github.com/hashcat/hashcat
cd hashcat && make 
./hashcat -m 22100 ~/hash.txt -a 3 ?l?l?l?l?l?l?l?l --force
Session..........: hashcat
Status...........: Running
Hash.Name........: BitLocker
Hash.Target......: $bitlocker$0$16$e41497352cb4e6c7e5cdb8f63446fa52$10...9418b0
Time.Started.....: Mon Feb 3 07:39:47 2020, (40 secs)
Time.Estimated...: Mon May 27 06:29:24 2419, (399 years, 112 days)
Guess.Mask.......: ?l?l?l?l?l?l?l?l [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 17 H/s (7.48ms) @ Accel:16 Loops:4096 Thr:1 Vec:8
Recovered........: 0/1 (0.00%) Digests
Progress.........: 640/208827064576 (0.00%)
Rejected.........: 0/640 (0.00%)
Restore.Point....: 0/8031810176 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:20-21 Iteration:921600-925696
Candidates.#1....: oarierin -> oranerin
./hashcat -m 22100 ~/hash.txt -a 3 passwo?l?l --force
$bitlocker$0$16$e41497352cb4e6c7e5cdb8f63446fa52$1048576$12$204c491885dad50103000000$60$9dfc6d4d2c16fc76b8bbdce16b3234bd4df708becf03fd127b1bac121c7f7e3d179eaa6c4b5438ef22bb053cff4776c861491afd80e1b419b99418b0:password

Session..........: hashcat
Status...........: Cracked
Hash.Name........: BitLocker
Hash.Target......: $bitlocker$0$16$e41497352cb4e6c7e5cdb8f63446fa52$10...9418b0
Time.Started.....: Mon Feb 3 07:55:15 2020, (2 secs)
Time.Estimated...: Mon Feb 3 07:55:17 2020, (0 secs)
Guess.Mask.......: passw?l?l?l [8]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 17 H/s (7.34ms) @ Accel:16 Loops:4096 Thr:1 Vec:8
Recovered........: 1/1 (100.00%) Digests
Progress.........: 32/17576 (0.18%)
Rejected.........: 0/32 (0.00%)
Restore.Point....: 0/17576 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:1044480-1048576
Candidates.#1....: passwone -> passwhin
sudo apt update && sudo apt install dislocker -y
mkdir -p /mnt/windowsDisk/
mkdir -p /mnt/bitlocker/
dislocker /dev/sdb2 -upassword /mnt/bitlocker/
l-o loop /mnt/bitlocker/dislocker-file /mnt/windowsDisk/
ls /mnt/windowsDisk/$RECYCLE.BIN/              System Volume Information/ test.rtf
cd "%programfiles%\oracle\Virtualbox\"VBoxManage modifymedium disk "%USERPROFILE%\VirtualBox VMs\MSEdge - Win10\MSEdge - Win10-disk001.vdi" --type normal
#1 https://images.offensive-security.com/virtual-images/kali-linux-2020.1-vbox-amd64.ova#2 https://az792536.vo.msecnd.net/vms/VMBuild_20190311/VirtualBox/MSEdge/MSEdge.Win10.VirtualBox.zip#3 https://openwall.info/wiki/john/OpenCL-BitLocker

--

--

--

Kibernetinio saugumo entuziastas; Aktyviausias Lietuvis TryHackMe platformoje; Inovacijų valdymo ir Antreprenerystės Magistrantas @ KTU

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

TryHackMe | CTF | Walkthrough |Troll 😅😂😭

{UPDATE} Sex Dice! Hack Free Resources Generator

TryHackMe | CTF | MyBox

{UPDATE} Candy Block Puzzle Classic Hack Free Resources Generator

INTERNET OF THINGS(IoT)

Excellent Article on Countering TOR Node Manipulation

You love me not. Protect yourself from spy apps and a vengeful ex

Digital Dystopia

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Tomas Savenas

Tomas Savenas

Kibernetinio saugumo entuziastas; Aktyviausias Lietuvis TryHackMe platformoje; Inovacijų valdymo ir Antreprenerystės Magistrantas @ KTU

More from Medium

Cyber Research #31

Careers in Cyber Security

CEH Practical Review/Guide — How to prepare and ace your exam in the first attempt

Security.txt: publishing a security policy for your websites