Bitlocker

Cracking Bitlocker

Note

We can get hashes for the password protected file using 2john (or locate *2john*).
Link to original

We are going to use bitlocker2john here.

bitlocker2john -i Backup.vhd > backuphash

Now that you have the hash, we need to find the actual hash

grep "bitlocker\$0" backuphash > backup.hash

It searches for the usable hash and then saves it as backup.hash

Now we can either use JohnTheRipper or Hashcat to crack it.

hashcat -a 0 -m 22100 backup.hash /usr/share/wordlists/rockyou.txt

Mounting Bitlocker

To mount bitlocker we first need dislocker:

sudo apt-get install dislocker

Then we create folders where we want to mount the bitlocker:

sudo mkdir -p /media/bitlocker
sudo mkdir -p /media/bitlockermount

We then use losetup to configure the VHD as loop device, decrypt the drive using dislocker, and finally mount the decrypted volume:

sudo losetup -f -P Backup.vhd
sudo dislocker /dev/loop0p2 -u<password no space> -- /media/bitlocker
sudo mount -o loop /media/bitlocker/dislocker-file /media/bitlockermount

notes

Explorer

Bitlocker

Cracking Bitlocker

Mounting Bitlocker

Graph View

Table of Contents