glv2 / bruteforce-salted-openssl Goto Github PK

Would be nice to allow PBKDF2. Alternatively, is there any quick and dirty way to add it to the code if the number of iterations is known?

Error when running ./configure

checking for pthread.h... yes
checking for EVP_get_cipherbyname in -lcrypto... no
configure: error: OpenSSL libraries required

Found solution here

znort987/blockparser#38

apt-get install libssl-dev

From multiple tries trying to execute it:

[ 3180.271576] bruteforce-salt[27835]: segfault at 30 ip 00007f8276b99cb1 sp 00007ffe6604c810 error 4 in libc-2.23.so[7f8276aeb000+18f000]
[ 3207.350588] bruteforce-salt[9422]: segfault at 30 ip 00007f32a9b14cb1 sp 00007ffc8bbe5590 error 4 in libc-2.23.so[7f32a9a66000+18f000]
[ 3269.301142] bruteforce-salt[29315]: segfault at 30 ip 00007f30edec8cb1 sp 00007ffe8cd8f3d0 error 4 in libc-2.23.so[7f30ede1a000+18f000]
[ 3277.950932] bruteforce-salt[8141]: segfault at 30 ip 00007fe6e5d1bcb1 sp 00007ffc0e97b890 error 4 in libc-2.23.so[7fe6e5c6d000+18f000]
[ 3289.636518] bruteforce-salt[17753]: segfault at 30 ip 00007f115dec4cb1 sp 00007ffe476db790 error 4 in libc-2.23.so[7f115de16000+18f000]
[ 3315.260163] bruteforce-salt[12651]: segfault at 30 ip 00007fb547fd0cb1 sp 00007ffc2ca150d0 error 4 in libc-2.23.so[7fb547f22000+18f000]
[ 3334.709804] bruteforce-salt[18591]: segfault at 30 ip 00007f0ffbd90cb1 sp 00007ffd70c194d0 error 4 in libc-2.23.so[7f0ffbce2000+18f000]
[ 3343.803518] bruteforce-salt[18769]: segfault at 30 ip 00007ffb24a69cb1 sp 00007fff6d9b6050 error 4 in libc-2.23.so[7ffb249bb000+18f000]
[ 3354.690838] bruteforce-salt[18970]: segfault at 30 ip 00007f5e5e755cb1 sp 00007ffd7fed1b90 error 4 in libc-2.23.so[7f5e5e6a7000+18f000]
[ 3387.785988] bruteforce-salt[19423]: segfault at 30 ip 00007fd0fe5c0cb1 sp 00007fff6fea78d0 error 4 in libc-2.23.so[7fd0fe512000+18f000]
[ 3692.947123] bruteforce-salt[23474]: segfault at 30 ip 00007f0e3a867cb1 sp 00007fffa856ebe0 error 4 in libc-2.23.so[7f0e3a7b9000+18f000]

I have eventually made it work without the -v option, I'm on amd64 btw.

Hi,

I can't get your code to work.

Here is an example. I first created an encrypted file with password "test"

openssl enc -aes256 -salt -in secret_test.txt -out encrypted.txt -k test

Then I tried bruteforce-salted-openssl using a wordlist, but the password "test" was not found while it is present in wordlist.txt. In the output you can see that the last password tried was "test"

bruteforce-salted-openssl -t 2 -f wordlist.txt -c aes256 encrypted.txt

Tried passwords: 6
Tried passwords per second: inf
Last tried password: test
Password not found

But when I decrypt the file using openssl with the password "test" the original message is shown

openssl enc -d -aes256 -salt -in encrypted.txt -k test

Did I miss an option when calling bruteforce-salted-openssl?

Thanks,
Mark

working openssl des3 same file salted but not working same file same password

I'm pretty sure there are people to whom this is news - the tool can be used to decrypt binary files as well. As .tar.gz files are quite popular, I'd add to the "Examples" in README:

Try to find the password of a file which was compressed with gzip and then encrypted with des3. Supplying non-text characters via command line (ie. magic values which identify beginning of gzip file) may require specific shell - this example is prepared for bash. Using 8 threads, trying only passwords up to 9 characters, where characters are digits:

./bruteforce-salted-openssl -t 8 -v 5 -c des3 -m 9 -s "0123456789" -M "$(echo -ne "\x1f\x8b")" file.tar.gz.encrypted

(I was too lazy for pull request - sorry!)

This is not listed in the program with -a (all i see with DES is id-smime-alg-CMS3DESwrap) but is supported by openssl. I.E:
openssl enc -d -des-ecb -nopad -K e0e0e0e0f1f1f1f1

Please add support.
Thanks.

Hi,

Maybe I am doing something wrong. I was reading #4 and I did a basic test:

# openssl enc -aes256 -salt -in text.txt -out text.enc

The key used was 'test'. I can decrypt my text:

# openssl enc -d -aes256 -salt -in text.enc -k test
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
It is a text.

The Salted flag is present:

# cat text.enc 
Salted__yi�U�E%�U��*��֏�Xy��;]�

However, bruteforce-salted-openssl fails.

# bruteforce-salted-openssl -t 2 -f dict -c aes256 text.enc 
Warning: using dictionary mode, ignoring options -b, -e, -l, -m and -s.

Tried passwords: 3
Tried passwords per second: inf
Last tried password: orange

Password not found

I attached all used files inside brute.zip. I am using Debian Sid with bruteforce-salted-openssl 1.4.0.

Thanks

Eriberto

brute.zip

Hi~Where is autoreconf?Did you delete it?
$ ./autogen.sh
./autogen.sh: 6: autoreconf: not found
Thanks

Tested this program out and I've had this issue twice now:

• Full disclosure - Compiled with -O3 and native optimizations etc. rather than defaults
• glibc and libssl etc. are compiled with native optimizations as well
• Launched in character generating mode, with -v option for periodic status
• Collecting stderr & stdout in log file
• After around 37 billion iterations, I noticed that it stopped iterating, but the -v status output still continues periodically, just with no change in the current status report.
• Nothing is reported in stderr and there is nothing in dmesg or system logs that coincides. The system is running Debian 12 (bookworm) and is headless with no additional software running on the system besides the absolute basics. There are no other services e.g. webserver etc.
• The save state file is replaced with a 0 byte file when this occurs. The durability of writing a new state is called into question here. It shouldn't be possible for the old state to be lost while writing the new state, as this kind of makes the state saving mechanism a lot less useful. Some suggestions would be either double-buffering between 2 files, or leaning on a battle-tested implementation like sqlite which can be made very durable - though it may be overkill here for a simple and lean program like this.

I highly recommend logging & monitoring, and having a process that backs up the save state file, and tails the logs periodically to see if the current password has stopped advancing. This would be a signal to kill the process, try to restore the save state file, etc.

This is making it very difficult to run the search unattended, I'm curious if anyone has had a similar experience.

Hi !
Can you tak a look at this log please.
I don't understand why it didn't work.
If I found anything I will put it here.

Regards.

gcc -g -O2 -o bruteforce-salted-openssl src/bruteforce-salted-openssl.o -lcrypto -lpthread
Undefined symbols for architecture x86_64:
"_EVP_CIPHER_do_all_sorted", referenced from:
_list_algorithms in bruteforce-salted-openssl.o
_main in bruteforce-salted-openssl.o
"_EVP_MD_do_all_sorted", referenced from:
_list_algorithms in bruteforce-salted-openssl.o
_main in bruteforce-salted-openssl.o
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)

I have backup from my router which is AES ECB encrypted. I know the key it's Renjx%2$CjM but when I try to decrypt it it does not want to, Im not sure why, here is myfile
Im using this command

$ ./bruteforce-salted-openssl -f ~/Desktop/key ~/Desktop/H201LV2.0_Cur_config.bin -c aes-128-ecb -n 1
Here is content of key file

cat ~/Desktop/key 
Renjx%2$CjM\x00\x00\x00\x00\x00

Hey,

I have a text and a pdf file both encrypted with openssl, I want to crack the passwords for both of them but seems it does not work for pdf whereas for text file it work. Any idea whats wrong or I am missing something? or this tools doesn't support pdf files? Would be thankful if anyone could nudge me in the right direction.

autoreconf: not found when executing ./autogen.sh
Edit:
nevermind, autoconf was missing

Hi I am not sure if anyone checks this github anymore, the app seems to run amazingly fast and is well written.

I am trying to use it for a CTF

U2FsdGVkX18GKGYS1D7X7VjxWz6uUyPFszr8dVvtOIrJqioWHgT69JJnzJGDVOvF
QYWh5BEZxFPXmMq1cbyy3dVVDgLhF050xlDy2J5grtKw9jUOO4oFNRgoD+1dlukX
pd8ccg++kkXgE9mGBP6lQbukDiSjY4mnR2Mv6ydIncrRqacQNVEmEgM4fGTi1ANz
nHsGn7mP+P3UyrJCRbuFmpZJc4CNdPj6YuxwR4HkHkqcfxh0L5CaEu4VbY70+fmk
qgZQyMJqiUlaV9KC4UPuRVj0r7MYbVRazkhsjeIcogmdJGEeBwD47lEB7X9PNKWm
ojTvRZg6R+sZzRZE26VLaF+s9cpTo4Y8PZUxKvQ86HXC8QIavUgDfw7HxIxkTatv
CW2yq3ZOXl5naR6oSNxdX9alyhTzB+/2623oGdlWev5Oo8xHJqUi7QjVP+mNC8BA
+Cg0DJwcOFGO5K7g8Rm06+sLogwntdIgTo70X3FegAtipHboeUNKefiAguvkDoIf
8iMPc+83PygvlZPDNQCOKugwDEUimhHwQrMsmalRNoFEQEb+ZIC+na15cPoRAlOD
NJfXIJ96ihAy9wWis39mQW6JFqZmUags4xoP3lJ35bCrXsNOPFZ4WH+f4YC/Ov8C
QW5bjtxno8GG4b/wBWevhcRVMK6KmRJj8NBCssnrlz0sQ70rMNkiN2wiSPcwX3Ad
JgLs8vQAUM59x9fkKFFzD4+Sc1sJztUTB7CMGGfpZOA8W33VZnEdmGcoaHlDsR8G
vAkZ+jg+QJs9ZNHqWE1+1zgm/6NsWWgWH8OI2PPCfXHxDbfDk8uD/Zibr/yjSKvu
Sb8OecflOT2hw37WL49uADgeWgnp2bzkfGIq7EYS7OImjZZwY5h4sfcPfhvQ9kOV

This is the encrypted aes-256-cbc

the password to decrypt it is causality however the password is converted to sha256 first so the decrypt password is
eb3efb5151e6255994711fe8f2264427ceeebf88109e1d7fad5b0a8b6d07e5bf

I have tried -d SHA256 and using -f pass.txt with the word causality in the pass.txt

I have also tried to base64 -d encrypted.txt > enc.out (vice versa without base64 decoding the encrypted txt)

it decodes fine with openssl using

openssl enc -aes-256-cbc -d -a -in enc.out -pass pass:eb3efb5151e6255994711fe8f2264427ceeebf88109e1d7fad5b0a8b6d07e5bf

Is there something I am doing wrong?

I have a paper wallet with a lost password encrypted with AES 256 (by strongcoin).
With the correct password, "openssl enc -d -aes-256-cbc -in enc.txt -a -base64 -k PASSWORD' decrypts it.

Can you suggest how to fork this tool to brute force unsalted cypertext?

The file contains a string like this:
U2FsdGVkX191rPJP6/wzxZW3uM6pZTC
DoXWv853CTdjrsF1eJplyHNPjSwJqU6bU
yhfUEL4yqRDUF7n1UTyq+Ksm4CY9gNS
6PLfiKMVd5fE=

Hi! Lets say I have a string, encrypted with

echo "This is a test"|openssl enc -aes-256-cbc -base64 -nosalt

w2j7eABqUq2t6HxucMP8hg==

How to i approach this with a password table?

Hello; Would it be possible to create the Windows 32bit binary? It could be for Cygwin or CoreUtils. I tried to compile the source code with gcc, but was unsuccessful. I believe I am not competent to do so.

Can you help me run on Windows7? Compiling or teaching me how to do it?

Thankful.

Hi, I see that you have multi-thread support which works nicely. I'd like to be able to split the task across multiple PCs, do you have any suggestions on how the keyspace can be defined for each of the machines?

For example with '-t 2 -s "12345678"' threading appears to test
Thread 1: 1, 2, 3, 4, 11, 12, 13, 14, 15, 16, 17, 18, 21, 22, 23, etc
Thread 2: 5, 6, 7, 8, 51, 52, 53, 54, 55, 56, 57, 58, 61, 62, 63, etc

Do I just hard code a different prefix on different machines, and run multiple times to cover all options?

It would also be nice to be able to restart at particular location in the sequence. Maybe these are the same request...

Hello, are you planning to add an -nosalt option to your code.

Thank you.

Can you add an option to automatically guess the encryption algorithm?

Hi,

I have an encrypted file which supposedly can be decrypted with the following command:
openssl aes-256-cbc -K my_key -iv my_iv -in my_key.enc -out my_key -d

However, then I run the bruteforcer (bruteforce-salted-openssl -t 4 -c aes-256-cbc my_key.enc), I'm getting the following:
Error: my_key.enc is not a salted openssl file

Any ideas?

As they are using openssl.
Please test below BTC Protkey.
Encrypytion Password: password
BTC Address: 1LosTCk8ybHaYc9Ht759ym21xHSPe3pskw
BTC Protkey: PsV3ocy3nbUL37oLrmFvePXciKtnZzqspjmKgm5HqdBwoNwgkzc4XHzWoHMHvkkWMj4F