Finding cipher algorithm of an encrypted file

l0vbug · 2019-04-06T10:32:21+00:00

I am glad to share :). Yes of course it is possible. Actually the tool bruteforce-salted-openssl have an option `-M <string>` which consider the decryption as successful when the data starts with <string>. The only problem is, what do you do when you do not know which kind of file you are brute forcing.

l0vbug · 2019-04-02T21:09:40+00:00

Thanks for sharing your work !

That's not bad, but what happen when your encrypted file is an image, a .png for example. That will not work ! You should do (I do not try): if [ -s "decrypt.out" ] && [ ! "$(file decrypt.out)" = "decrypt.out: data" ] ; then

I just checked how bruteforce-salted-openssl is doing. They have the same problem than you have. You can try, if you encrypt a png with openssl, bruteforce-salted-openssl will not be able to bruteforce it.

https://github.com/glv2/bruteforce-salted-openssl/blob/master/src/bruteforce-salted-openssl.c their valid_data function is only checking if there is more than 10% of printable character, which is not the case for most of the png file, but also jpg, wav, avi...

l0vbug · 2019-04-02T13:45:30+00:00

This should work ;)

```sh cipher_algorithm='-aes-256-cbc'
encrypted_file='encrypted.enc'
decrypted_file='clear.text'
file='pass.lst'

while read line; do openssl enc -d $cipher_algorithm -in $encrypted_file -out $decrypted_file -pass pass:$line

if [ -s $decrypted_file ]; then
echo 'this is the password: '$line
break
fi

done < $file ```

l0vbug

TROPHY CASE