Hey guys,
I have a work computer that I took out of storage needing access to some old work files that are pretty important. The problem is I encrypted the drive i used to store files and can't remember the password I used. I have a rough idea of what it would be, and have compiled a password list of about 6k entries.
I am armed with the pw list, hashcat and DD for windows.
I have successfully encrypted a USB with veracrypt and cracked it with hashcat.
I have been unsuccessful in cracking a veracrypt whole disk encryption for a non system drive.
My problem is trying to figure out which location to use when extracting the hash, because i don't think I am using the right command/location. My options seem to be:
dd if=\\.\Volume{cbdc7c52-bba5-11e7-814f-806e6f6e6963} of=c:\users\anthony\desktop\hash1.tc bs=512 count=1
dd if=\\?\Device\Harddisk1\DR1 of=c:\windows\system32\hashcat\hdhash2.tc bs=512 count=1
dd if=\\?\Device\Harddiskvolume3 of=c:\users\anthony\desktop\hdhash3.tc bs=512 count=1
dd if=\\?\Device\Harddisk1\Partition1 of=c:\users\anthony\desktop\hdhash4.tc bs=512 count=1
Any help on this would be greatly appreciated. Here is the ouput for dd --list and the drive im trying to crack is drive D:/
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All
C:\Windows\system32>dd2 --list
rawwrite dd for windows version 1.0beta1 WIN64.
Written by John Newbigin <jnewbigin@chrysocome.
This program is covered by terms of the GPL Ver
Win32 Available Volume Information
\\.\Volume{cbdc7c51-bba5-11e7-814f-806e6f6e6963
link to \\?\Device\HarddiskVolume1
fixed media
Mounted on \\.\c:
\\.\Volume{cbdc7c52-bba5-11e7-814f-806e6f6e6963
link to \\?\Device\HarddiskVolume3
fixed media
Mounted on \\.\d:
\\.\Volume{0b33d1aa-bba6-11e7-9a32-8de8b5e049e3
link to \\?\Device\HarddiskVolume5
fixed media
Mounted on \\.\g:
\\.\Volume{cbdc7c55-bba5-11e7-814f-806e6f6e6963
link to \\?\Device\CdRom0
CD-ROM
Mounted on \\.\e:
NT Block Device Objects
\\?\Device\CdRom0
size is 2147483647 bytes
\\?\Device\Harddisk0\Partition0
link to \\?\Device\Harddisk0\DR0
Fixed hard disk media. Block size = 512
size is 250059350016 bytes
\\?\Device\Harddisk0\Partition1
link to \\?\Device\HarddiskVolume1
\\?\Device\Harddisk0\Partition2
link to \\?\Device\HarddiskVolume2
Fixed hard disk media. Block size = 512
size is 11103371264 bytes
\\?\Device\Harddisk1\Partition0
link to \\?\Device\Harddisk1\DR1
Fixed hard disk media. Block size = 512
size is 1000204886016 bytes
\\?\Device\Harddisk1\Partition1
link to \\?\Device\HarddiskVolume3
Fixed hard disk media. Block size = 512
size is 1000201740288 bytes
\\?\Device\Harddisk2\Partition0
link to \\?\Device\Harddisk2\DR3
Fixed hard disk media. Block size = 512
size is 500074283008 bytes
\\?\Device\Harddisk2\Partition1
link to \\?\Device\HarddiskVolume5
Fixed hard disk media. Block size = 512
size is 500072353280 bytes
Virtual input devices
/dev/zero (null data)
/dev/random (pseudo-random data)
- (standard input)
Virtual output devices
- (standard output)
/dev/null (discard the data)
C:\Windows\system32>
What do you guys think?
I have a work computer that I took out of storage needing access to some old work files that are pretty important. The problem is I encrypted the drive i used to store files and can't remember the password I used. I have a rough idea of what it would be, and have compiled a password list of about 6k entries.
I am armed with the pw list, hashcat and DD for windows.
I have successfully encrypted a USB with veracrypt and cracked it with hashcat.
I have been unsuccessful in cracking a veracrypt whole disk encryption for a non system drive.
My problem is trying to figure out which location to use when extracting the hash, because i don't think I am using the right command/location. My options seem to be:
dd if=\\.\Volume{cbdc7c52-bba5-11e7-814f-806e6f6e6963} of=c:\users\anthony\desktop\hash1.tc bs=512 count=1
dd if=\\?\Device\Harddisk1\DR1 of=c:\windows\system32\hashcat\hdhash2.tc bs=512 count=1
dd if=\\?\Device\Harddiskvolume3 of=c:\users\anthony\desktop\hdhash3.tc bs=512 count=1
dd if=\\?\Device\Harddisk1\Partition1 of=c:\users\anthony\desktop\hdhash4.tc bs=512 count=1
Any help on this would be greatly appreciated. Here is the ouput for dd --list and the drive im trying to crack is drive D:/
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All
C:\Windows\system32>dd2 --list
rawwrite dd for windows version 1.0beta1 WIN64.
Written by John Newbigin <jnewbigin@chrysocome.
This program is covered by terms of the GPL Ver
Win32 Available Volume Information
\\.\Volume{cbdc7c51-bba5-11e7-814f-806e6f6e6963
link to \\?\Device\HarddiskVolume1
fixed media
Mounted on \\.\c:
\\.\Volume{cbdc7c52-bba5-11e7-814f-806e6f6e6963
link to \\?\Device\HarddiskVolume3
fixed media
Mounted on \\.\d:
\\.\Volume{0b33d1aa-bba6-11e7-9a32-8de8b5e049e3
link to \\?\Device\HarddiskVolume5
fixed media
Mounted on \\.\g:
\\.\Volume{cbdc7c55-bba5-11e7-814f-806e6f6e6963
link to \\?\Device\CdRom0
CD-ROM
Mounted on \\.\e:
NT Block Device Objects
\\?\Device\CdRom0
size is 2147483647 bytes
\\?\Device\Harddisk0\Partition0
link to \\?\Device\Harddisk0\DR0
Fixed hard disk media. Block size = 512
size is 250059350016 bytes
\\?\Device\Harddisk0\Partition1
link to \\?\Device\HarddiskVolume1
\\?\Device\Harddisk0\Partition2
link to \\?\Device\HarddiskVolume2
Fixed hard disk media. Block size = 512
size is 11103371264 bytes
\\?\Device\Harddisk1\Partition0
link to \\?\Device\Harddisk1\DR1
Fixed hard disk media. Block size = 512
size is 1000204886016 bytes
\\?\Device\Harddisk1\Partition1
link to \\?\Device\HarddiskVolume3
Fixed hard disk media. Block size = 512
size is 1000201740288 bytes
\\?\Device\Harddisk2\Partition0
link to \\?\Device\Harddisk2\DR3
Fixed hard disk media. Block size = 512
size is 500074283008 bytes
\\?\Device\Harddisk2\Partition1
link to \\?\Device\HarddiskVolume5
Fixed hard disk media. Block size = 512
size is 500072353280 bytes
Virtual input devices
/dev/zero (null data)
/dev/random (pseudo-random data)
- (standard input)
Virtual output devices
- (standard output)
/dev/null (discard the data)
C:\Windows\system32>
What do you guys think?