+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Veracrypt Non-System Drive (/thread-7026.html)
Veracrypt Non-System Drive - anthony2 - 11-16-2017
Hey guys,
I have a work computer that I took out of storage needing access to some old work files that are pretty important. The problem is I encrypted the drive i used to store files and can't remember the password I used. I have a rough idea of what it would be, and have compiled a password list of about 6k entries.
I am armed with the pw list, hashcat and DD for windows.
I have successfully encrypted a USB with veracrypt and cracked it with hashcat.
I have been unsuccessful in cracking a veracrypt whole disk encryption for a non system drive.
My problem is trying to figure out which location to use when extracting the hash, because i don't think I am using the right command/location. My options seem to be:
dd if=\\.\Volume{cbdc7c52-bba5-11e7-814f-806e6f6e6963} of=c:\users\anthony\desktop\hash1.tc bs=512 count=1
dd if=\\?\Device\Harddisk1\DR1 of=c:\windows\system32\hashcat\hdhash2.tc bs=512 count=1
dd if=\\?\Device\Harddiskvolume3 of=c:\users\anthony\desktop\hdhash3.tc bs=512 count=1
dd if=\\?\Device\Harddisk1\Partition1 of=c:\users\anthony\desktop\hdhash4.tc bs=512 count=1
Any help on this would be greatly appreciated. Here is the ouput for dd --list and the drive im trying to crack is drive D:/
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All
C:\Windows\system32>dd2 --list
rawwrite dd for windows version 1.0beta1 WIN64.
Written by John Newbigin <jnewbigin@chrysocome.
This program is covered by terms of the GPL Ver
Win32 Available Volume Information
\\.\Volume{cbdc7c51-bba5-11e7-814f-806e6f6e6963
link to \\?\Device\HarddiskVolume1
fixed media
Mounted on \\.\c:
\\.\Volume{cbdc7c52-bba5-11e7-814f-806e6f6e6963
link to \\?\Device\HarddiskVolume3
fixed media
Mounted on \\.\d:
\\.\Volume{0b33d1aa-bba6-11e7-9a32-8de8b5e049e3
link to \\?\Device\HarddiskVolume5
fixed media
Mounted on \\.\g:
\\.\Volume{cbdc7c55-bba5-11e7-814f-806e6f6e6963
link to \\?\Device\CdRom0
CD-ROM
Mounted on \\.\e:
NT Block Device Objects
\\?\Device\CdRom0
size is 2147483647 bytes
\\?\Device\Harddisk0\Partition0
link to \\?\Device\Harddisk0\DR0
Fixed hard disk media. Block size = 512
size is 250059350016 bytes
\\?\Device\Harddisk0\Partition1
link to \\?\Device\HarddiskVolume1
\\?\Device\Harddisk0\Partition2
link to \\?\Device\HarddiskVolume2
Fixed hard disk media. Block size = 512
size is 11103371264 bytes
\\?\Device\Harddisk1\Partition0
link to \\?\Device\Harddisk1\DR1
Fixed hard disk media. Block size = 512
size is 1000204886016 bytes
\\?\Device\Harddisk1\Partition1
link to \\?\Device\HarddiskVolume3
Fixed hard disk media. Block size = 512
size is 1000201740288 bytes
\\?\Device\Harddisk2\Partition0
link to \\?\Device\Harddisk2\DR3
Fixed hard disk media. Block size = 512
size is 500074283008 bytes
\\?\Device\Harddisk2\Partition1
link to \\?\Device\HarddiskVolume5
Fixed hard disk media. Block size = 512
size is 500072353280 bytes
Virtual input devices
/dev/zero (null data)
/dev/random (pseudo-random data)
- (standard input)
Virtual output devices
- (standard output)
/dev/null (discard the data)
C:\Windows\system32>
What do you guys think?
RE: Veracrypt Non-System Drive - logistix111 - 11-16-2017
Here are a couple things you can try:
1. Put the SATA hard drive in a USB enclosure and then connect it via USB cable and run DD to see what path name you get.
2. If you have a The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux VM, try getting the binary data out of the path that it sees the external USB drive on and save it to a file.
https://hashcat.net/wiki/doku.php?id=frequently_asked_questions#how_do_i_extract_the_hashes_from_truecrypt_volumes
RE: Veracrypt Non-System Drive - anthony2 - 11-17-2017
(11-16-2017, 08:23 PM)logistix111 Wrote: Here are a couple things you can try:
1. Put the SATA hard drive in a USB enclosure and then connect it via USB cable and run DD to see what path name you get.
2. If you have a The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)) Linux VM, try getting the binary data out of the path that it sees the external USB drive on and save it to a file.
https://hashcat.net/wiki/doku.php?id=frequently_asked_questions#how_do_i_extract_the_hashes_from_truecrypt_volumes
So far I've ran almost all the paths, having about 5 different hashes and brute forcing each hash. I'm wondering if I am taking the right chunk of data for the hash.
I will have to look into a USB enclosure, I like the idea. Thank you
I can spin up a The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) vm, although I'm somewhat of a noob when it comes to linux commands and couldn't find much documentation on the matter.