+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: General Talk (https://hashcat.net/forum/forum-33.html)
+--- Thread: intercepting application that reads encrypted zip (/thread-7931.html)
intercepting application that reads encrypted zip - yourboi101 - 11-07-2018
So I have an application that I want to get files from, and I know those files are in an ecrypted .zip that the program reads every time I run it (it says in resource monitor that the .zip file is being read). I have tried JTR and Hashcat with large dictionaries and it can't find the pass. Is there a way to somehow intercept the application to get the files from the .zip, or get the password it is using? Any help would be really appreciated
RE: intercepting application that reads encrypted zip - jallis - 11-07-2018
(11-07-2018, 10:52 AM)yourboi101 Wrote: So I have an application that I want to get files from, and I know those files are in an ecrypted .zip that the program reads every time I run it (it says in resource monitor that the .zip file is being read). I have tried JTR and Hashcat with large dictionaries and it can't find the pass. Is there a way to somehow intercept the application to get the files from the .zip, or get the password it is using? Any help would be really appreciated
Seems like you want to reverse engineer the application....
If you are really lucky you may find the password in plaintext just by extracting strings from the application, but more likely than not you have to get your feet wet and debug the application in a debugger (like x64dbg), or do some static reversing in a disassembler. Prepare to spend a lot of time reading up and learning the x86/x64 assembly language.
RE: intercepting application that reads encrypted zip - yourboi101 - 11-07-2018
(11-07-2018, 11:11 AM)jallis Wrote:(11-07-2018, 10:52 AM)yourboi101 Wrote: So I have an application that I want to get files from, and I know those files are in an ecrypted .zip that the program reads every time I run it (it says in resource monitor that the .zip file is being read). I have tried JTR and Hashcat with large dictionaries and it can't find the pass. Is there a way to somehow intercept the application to get the files from the .zip, or get the password it is using? Any help would be really appreciated
Seems like you want to reverse engineer the application....
If you are really lucky you may find the password in plaintext just by extracting strings from the application, but more likely than not you have to get your feet wet and debug the application in a debugger (like x64dbg), or do some static reversing in a disassembler. Prepare to spend a lot of time reading up and learning the x86/x64 assembly language.
Thanks for the quick response! I tried getting the strings from Process Explorer and I used them as a dictionary but unfortunately none of the strings had the password. I'll check out x64dbg
RE: intercepting application that reads encrypted zip - Mem5 - 11-07-2018
- Read from memory (RAM) the process space
or/and
- hook all API used by the process. You will be able to see for example the params given to function, so maybe the password.
RE: intercepting application that reads encrypted zip - rvn - 11-09-2018
If you want to hook the api check out API Monitor ( http://www.rohitab.com/apimonitor ) I've had good results with that one in the past