Posts: 11
Threads: 4
Joined: Aug 2017
11-07-2018, 10:52 AM
(This post was last modified: 11-07-2018, 10:53 AM by yourboi101.)
So I have an application that I want to get files from, and I know those files are in an ecrypted .zip that the program reads every time I run it (it says in resource monitor that the .zip file is being read). I have tried JTR and Hashcat with large dictionaries and it can't find the pass. Is there a way to somehow intercept the application to get the files from the .zip, or get the password it is using? Any help would be really appreciated
Posts: 12
Threads: 4
Joined: Mar 2017
(11-07-2018, 10:52 AM)yourboi101 Wrote: So I have an application that I want to get files from, and I know those files are in an ecrypted .zip that the program reads every time I run it (it says in resource monitor that the .zip file is being read). I have tried JTR and Hashcat with large dictionaries and it can't find the pass. Is there a way to somehow intercept the application to get the files from the .zip, or get the password it is using? Any help would be really appreciated
Seems like you want to reverse engineer the application....
If you are really lucky you may find the password in plaintext just by extracting strings from the application, but more likely than not you have to get your feet wet and debug the application in a debugger (like x64dbg), or do some static reversing in a disassembler. Prepare to spend a lot of time reading up and learning the x86/x64 assembly language.
Posts: 11
Threads: 4
Joined: Aug 2017
11-07-2018, 11:18 AM
(This post was last modified: 11-07-2018, 11:41 AM by yourboi101.)
(11-07-2018, 11:11 AM)jallis Wrote: (11-07-2018, 10:52 AM)yourboi101 Wrote: So I have an application that I want to get files from, and I know those files are in an ecrypted .zip that the program reads every time I run it (it says in resource monitor that the .zip file is being read). I have tried JTR and Hashcat with large dictionaries and it can't find the pass. Is there a way to somehow intercept the application to get the files from the .zip, or get the password it is using? Any help would be really appreciated
Seems like you want to reverse engineer the application....
If you are really lucky you may find the password in plaintext just by extracting strings from the application, but more likely than not you have to get your feet wet and debug the application in a debugger (like x64dbg), or do some static reversing in a disassembler. Prepare to spend a lot of time reading up and learning the x86/x64 assembly language.
Thanks for the quick response! I tried getting the strings from Process Explorer and I used them as a dictionary but unfortunately none of the strings had the password. I'll check out x64dbg
Posts: 803
Threads: 135
Joined: Feb 2011
- Read from memory (RAM) the process space
or/and
- hook all API used by the process. You will be able to see for example the params given to function, so maybe the password.
Posts: 22
Threads: 1
Joined: Jun 2015
If you want to hook the api check out API Monitor (
http://www.rohitab.com/apimonitor ) I've had good results with that one in the past
