hashcat Forum
intercepting application that reads encrypted zip - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: General Talk (https://hashcat.net/forum/forum-33.html)
+--- Thread: intercepting application that reads encrypted zip (/thread-7931.html)



intercepting application that reads encrypted zip - yourboi101 - 11-07-2018

So I have an application that I want to get files from, and I know those files are in an ecrypted .zip that the program reads every time I run it (it says in resource monitor that the .zip file is being read). I have tried JTR and Hashcat with large dictionaries and it can't find the pass. Is there a way to somehow intercept the application to get the files from the .zip, or get the password it is using? Any help would be really appreciated Smile


RE: intercepting application that reads encrypted zip - jallis - 11-07-2018

(11-07-2018, 10:52 AM)yourboi101 Wrote: So I have an application that I want to get files from, and I know those files are in an ecrypted .zip that the program reads every time I run it (it says in resource monitor that the .zip file is being read). I have tried JTR and Hashcat with large dictionaries and it can't find the pass. Is there a way to somehow intercept the application to get the files from the .zip, or get the password it is using? Any help would be really appreciated Smile

Seems like you want to reverse engineer the application....

If you are really lucky you may find the password in plaintext just by extracting strings from the application, but more likely than not you have to get your feet wet and debug the application in a debugger (like x64dbg), or do some static reversing in a disassembler. Prepare to spend a lot of time reading up and learning the x86/x64 assembly language.


RE: intercepting application that reads encrypted zip - yourboi101 - 11-07-2018

(11-07-2018, 11:11 AM)jallis Wrote:
(11-07-2018, 10:52 AM)yourboi101 Wrote: So I have an application that I want to get files from, and I know those files are in an ecrypted .zip that the program reads every time I run it (it says in resource monitor that the .zip file is being read). I have tried JTR and Hashcat with large dictionaries and it can't find the pass. Is there a way to somehow intercept the application to get the files from the .zip, or get the password it is using? Any help would be really appreciated Smile

Seems like you want to reverse engineer the application....

If you are really lucky you may find the password in plaintext just by extracting strings from the application, but more likely than not you have to get your feet wet and debug the application in a debugger (like x64dbg), or do some static reversing in a disassembler. Prepare to spend a lot of time reading up and learning the x86/x64 assembly language.

Thanks for the quick response! I tried getting the strings from Process Explorer and I used them as a dictionary but unfortunately none of the strings had the password. I'll check out x64dbg


RE: intercepting application that reads encrypted zip - Mem5 - 11-07-2018

- Read from memory (RAM) the process space
or/and
- hook all API used by the process. You will be able to see for example the params given to function, so maybe the password.


RE: intercepting application that reads encrypted zip - rvn - 11-09-2018

If you want to hook the api check out API Monitor ( http://www.rohitab.com/apimonitor ) I've had good results with that one in the past