Cracking Protected Files and Archives

The use of file encryption is often neglected in both private and professional contexts. Even today, emails containing job applications, account statements, or contracts are frequently sent without encryption—sometimes in violation of legal regulations. For example, within the European Union, the General Data Protection Regulation (GDPR) requires that personal data be encrypted both in transit and at rest. Nevertheless, it remains standard practice to discuss confidential topics or transmit sensitive data via email, which may be intercepted by attackers positioned to exploit these communication channels.

As more companies enhance their IT security infrastructure through training programs and security awareness seminars, it is becoming increasingly common for employees to encrypt sensitive files. Nevertheless, encrypted files can still be cracked and accessed with the right combination of wordlists and tools.

Encryption Methods

In many cases, symmetric encryption algorithms such as AES-256 are used to securely store individual files or folders. In this method, the same key is used for both encryption and decryption.

For transmitting files, asymmetric encryption is typically employed, which uses two distinct keys: the sender encrypts the file with the recipient’s public key, and the recipient decrypts it using the corresponding private key.

Hunting for Encrypted Files

Many different extensions correspond to encrypted files—a useful reference list can be found on FileInfo.

Find Common Encrypted File Types

for ext in $(echo ".xls .xls* .xltx .od* .doc .doc* .pdf .pot .pot* .pp*"); do
  echo -e "\nFile extension: " $ext
  find / -name *$ext 2>/dev/null | grep -v "lib\|fonts\|share\|core"
done

Example output:

File extension:  .od*
/home/cry0l1t3/Docs/document-temp.odt
/home/cry0l1t3/Docs/product-improvements.odp
/home/cry0l1t3/Docs/mgmt-spreadsheet.ods

If you encounter unfamiliar file extensions, use search engines to research the technology behind them.

Hunting for SSH Keys

SSH keys do not have standard file extensions. They can be identified by their header and footer values. SSH private keys always begin with -----BEGIN [...] PRIVATE KEY-----.

Find SSH Private Keys

grep -rnE '^\-{5}BEGIN [A-Z0-9]+ PRIVATE KEY\-{5}$' /* 2>/dev/null

Example output:

/home/jsmith/.ssh/id_ed25519:1:-----BEGIN OPENSSH PRIVATE KEY-----
/home/jsmith/.ssh/SSH.private:1:-----BEGIN RSA PRIVATE KEY-----
/home/jsmith/Documents/id_rsa:1:-----BEGIN OPENSSH PRIVATE KEY-----

Identifying Encrypted SSH Keys

Some SSH keys are encrypted with a passphrase. With older PEM formats, encryption is visible in the header:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,2109D25CC91F8DBFCEB0F7589066B2CC

8Uboy0afrTahejVGmB7kgvxkqJLOczb1I0/hEzPU1leCqhCKBlxYldM2s65jhflD
4/OH4ENhU7qpJ62KlrnZhFX8UwYBmebNDvG12oE7i21hB/9UqZmmHktjD3+OYTsD

Modern SSH keys appear the same whether encrypted or not. To check if a key is encrypted:

ssh-keygen -yf ~/.ssh/id_ed25519
# Unencrypted: outputs public key
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIpNefJd834VkD5iq+22Zh59Gzmmtzo6rAffCx2UtaS6

ssh-keygen -yf ~/.ssh/id_rsa
# Encrypted: prompts for passphrase
Enter passphrase for "/home/jsmith/.ssh/id_rsa":

John the Ripper 2john Tools

JtR includes many scripts for extracting hashes from files. Find available tools:

locate *2john*

Common 2john tools:

Cracking Encrypted SSH Keys

Use ssh2john.py to extract the hash, then crack with JtR:

ssh2john.py SSH.private > ssh.hash
john --wordlist=rockyou.txt ssh.hash

Output:

Using default input encoding: UTF-8
Loaded 1 password hash (SSH [RSA/DSA/EC/OPENSSH (SSH private keys) 32/64])
Cost 1 (KDF/cipher [0=MD5/AES 1=MD5/3DES 2=Bcrypt/AES]) is 0 for all loaded hashes
Cost 2 (iteration count) is 1 for all loaded hashes
Will run 2 OpenMP threads
Note: This format may emit false positives, so it will keep trying even after
finding a possible candidate.
Press 'q' or Ctrl-C to abort, almost any other key for status
1234         (SSH.private)
1g 0:00:00:00 DONE (2022-02-08 03:03) 16.66g/s 1747Kp/s 1747Kc/s 1747KC/s Knightsing..Babying
Session completed

View cracked password:

john ssh.hash --show

SSH.private:1234

1 password hash cracked, 0 left

Cracking Password-Protected Documents

Most reports, documentation, and information sheets are distributed as Microsoft Office documents or PDFs.

Cracking Office Documents

office2john.py Protected.docx > protected-docx.hash
john --wordlist=rockyou.txt protected-docx.hash
john protected-docx.hash --show

Protected.docx:1234

1 password hash cracked, 0 left

Cracking PDF Files

pdf2john.py PDF.pdf > pdf.hash
john --wordlist=rockyou.txt pdf.hash
john pdf.hash --show

PDF.pdf:1234

1 password hash cracked, 0 left

Cracking Protected Archives

Archives allow organizing documents in a structured manner before compressing them into a single file. Many archive types support password protection.

Common Archive Types

Common extensions include: tar, gz, rar, zip, vmdb/vmx, cpt, truecrypt, bitlocker, kdbx, deb, 7z, and gzip.

Collecting Archive Extensions

Query FileInfo for a comprehensive list:

curl -s https://fileinfo.com/filetypes/compressed | html2text | awk '{print tolower($1)}' | grep "\." | tee -a compressed_ext.txt

Note: Not all archive types support native password protection. In such cases, additional tools like openssl or gpg are used to encrypt the files.

Cracking ZIP Files

zip2john ZIP.zip > zip.hash
cat zip.hash
# ZIP.zip/customers.csv:$pkzip2$1*2*2*0*2a*1e*490e7510*0*42*0*2a*490e*409b*ef1e7feb7c1cf701a6ada7132e6a5c6c84c032401536faf7493df0294b0d5afc3464f14ec081cc0e18cb*$/pkzip2$:customers.csv:ZIP.zip::ZIP.zip

john --wordlist=rockyou.txt zip.hash
john zip.hash --show

ZIP.zip/customers.csv:1234:customers.csv:ZIP.zip::ZIP.zip

1 password hash cracked, 0 left

Cracking OpenSSL Encrypted GZIP Files

GZIP files don’t natively support password protection and are often encrypted using openssl. Identify such files with the file command:

file GZIP.gzip
# GZIP.gzip: openssl enc'd data with salted password

When cracking OpenSSL encrypted files, a reliable approach is to use openssl within a loop that attempts to extract contents directly:

for i in $(cat rockyou.txt); do
  openssl enc -aes-256-cbc -d -in GZIP.gzip -k $i 2>/dev/null | tar xz
done

GZIP-related error messages can be safely ignored:

gzip: stdin: not in gzip format
tar: Child returned status 1
tar: Error is not recoverable: exiting now

When the correct password is found, the file is extracted to the current directory:

ls
# customers.csv  GZIP.gzip  rockyou.txt

Cracking BitLocker-Encrypted Drives

BitLocker is a full-disk encryption feature developed by Microsoft for Windows. Available since Windows Vista, it uses AES with 128-bit or 256-bit key lengths. If the password or PIN is forgotten, decryption can still be performed using a recovery key—a 48-digit string generated during setup.

Extracting BitLocker Hashes

Use bitlocker2john to extract four different hashes:

• First two: BitLocker password
• Last two: Recovery key (48-digit, randomly generated—impractical to crack)

bitlocker2john -i Backup.vhd > backup.hashes
grep "bitlocker\$0" backup.hashes > backup.hash
cat backup.hash

# $bitlocker$0$16$02b329c0453b9273f2fc1b927443b5fe$1048576$12$00b0a67f961dd80103000000$60$d59f37e70696f7eab6b8f95ae93bd53f3f7067d5e33c0394b3d8e2d1fdb885cb86c1b978f6cc12ed26de0889cd2196b0510bbcd2a8c89187ba8ec54f

Cracking with John the Ripper

john --wordlist=rockyou.txt backup.hash

Cracking with Hashcat

The hashcat mode for $bitlocker$0$... hashes is -m 22100:

hashcat -a 0 -m 22100 '$bitlocker$0$16$02b329c0453b9273f2fc1b927443b5fe$1048576$12$00b0a67f961dd80103000000$60$d59f37e70696f7eab6b8f95ae93bd53f3f7067d5e33c0394b3d8e2d1fdb885cb86c1b978f6cc12ed26de0889cd2196b0510bbcd2a8c89187ba8ec54f' /usr/share/wordlists/rockyou.txt

Output:

Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 22100 (BitLocker)
Hash.Target......: $bitlocker$0$16$02b329c0453b9273f2fc1b927443b5fe$10...8ec54f
Time.Started.....: Sat Apr 19 17:49:25 2025 (1 min, 56 secs)
Time.Estimated...: Sat Apr 19 17:51:21 2025 (0 secs)
Speed.#1.........:       25 H/s (9.28ms) @ Accel:64 Loops:4096 Thr:1 Vec:8
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 2880/14344385 (0.02%)
Candidates.#1....: pirate -> soccer9

$bitlocker$0$...:1234qwer

Note: BitLocker uses strong AES encryption, so cracking may take considerable time depending on hardware.

Mounting BitLocker Drives

Windows

1. Double-click the .vhd file (Windows will initially show an error since it’s encrypted)
2. After mounting, double-click the BitLocker volume
3. Enter the password when prompted

Linux (or macOS)

Install dislocker:

sudo apt-get install dislocker

Create mount directories:

sudo mkdir -p /media/bitlocker
sudo mkdir -p /media/bitlockermount

Configure VHD as loop device, decrypt, and mount:

sudo losetup -f -P Backup.vhd
sudo dislocker /dev/loop0p2 -u1234qwer -- /media/bitlocker
sudo mount -o loop /media/bitlocker/dislocker-file /media/bitlockermount

Browse the files:

cd /media/bitlockermount/
ls -la

Unmount when done:

sudo umount /media/bitlockermount
sudo umount /media/bitlocker

Hashcat Modes for Files and Archives

Protected Files

Protected Archives

Key Considerations

One of the primary challenges in cracking protected files is the generation and mutation of password lists. In many cases, using standard or publicly known password lists is no longer sufficient, as such lists are often recognized and blocked by built-in security mechanisms.

Files may also be more difficult to crack—or not crackable at all within a reasonable timeframe—because users are increasingly required to choose longer, randomly generated passwords or complex passphrases.

Nevertheless, attempting to crack password-protected documents is often worthwhile, as they may contain sensitive information that can be leveraged to gain further access.