intercepting application that reads encrypted zip
#1
So I have an application that I want to get files from, and I know those files are in an ecrypted .zip that the program reads every time I run it (it says in resource monitor that the .zip file is being read). I have tried JTR and Hashcat with large dictionaries and it can't find the pass. Is there a way to somehow intercept the application to get the files from the .zip, or get the password it is using? Any help would be really appreciated Smile
#2
(11-07-2018, 10:52 AM)yourboi101 Wrote: So I have an application that I want to get files from, and I know those files are in an ecrypted .zip that the program reads every time I run it (it says in resource monitor that the .zip file is being read). I have tried JTR and Hashcat with large dictionaries and it can't find the pass. Is there a way to somehow intercept the application to get the files from the .zip, or get the password it is using? Any help would be really appreciated Smile

Seems like you want to reverse engineer the application....

If you are really lucky you may find the password in plaintext just by extracting strings from the application, but more likely than not you have to get your feet wet and debug the application in a debugger (like x64dbg), or do some static reversing in a disassembler. Prepare to spend a lot of time reading up and learning the x86/x64 assembly language.
#3
(11-07-2018, 11:11 AM)jallis Wrote:
(11-07-2018, 10:52 AM)yourboi101 Wrote: So I have an application that I want to get files from, and I know those files are in an ecrypted .zip that the program reads every time I run it (it says in resource monitor that the .zip file is being read). I have tried JTR and Hashcat with large dictionaries and it can't find the pass. Is there a way to somehow intercept the application to get the files from the .zip, or get the password it is using? Any help would be really appreciated Smile

Seems like you want to reverse engineer the application....

If you are really lucky you may find the password in plaintext just by extracting strings from the application, but more likely than not you have to get your feet wet and debug the application in a debugger (like x64dbg), or do some static reversing in a disassembler. Prepare to spend a lot of time reading up and learning the x86/x64 assembly language.

Thanks for the quick response! I tried getting the strings from Process Explorer and I used them as a dictionary but unfortunately none of the strings had the password. I'll check out x64dbg
#4
- Read from memory (RAM) the process space
or/and
- hook all API used by the process. You will be able to see for example the params given to function, so maybe the password.
#5
If you want to hook the api check out API Monitor ( http://www.rohitab.com/apimonitor ) I've had good results with that one in the past