Printable View
I'm looking for a good program to break some encyption. Anyone know of any good ones. I don't know what type of encyption it is... but maybe something that runs through it all and tells me any type of patterns or something.
Preferably something free. We have a employee that left and decided to encrypt some files we need. I open them and I get gibberish stuff like this
1a7R7W1D3K9G6E6W4
It doesn't prompt for a username/password before I open it so I'm lost. Any ideas?
Doh.
Shitcreek - paddle == You.
Sorry...you're not likely to find a program that will simply run through any and all known encryption algorithms and protocols and crack files. That's kind of the point of encryption...to make it so people can't just crack it and read the file.
I do have some suggestions that might help though. Have you tried the utterly obvious? ROT13 and all it's common variations? Are they MS Office documents? If so, do you know what VERSION created them? What kind of doc's ARE they.
Providing details along these lines may help narrow down a point to where it stands a chance of being answered. But as far as I know, there is no omnipotent free all-encompassing encryption breaking program...at least not outside the walls of the NSA. ;)
This may help you go here
But then if he used something other than EFS..............You are as zen has posted.
you are trying a known cypertext attact.
its really hard and unethical.
Please forgive me if this sounds a little foolish, or if you have already tried.
as you say that you are not prompted for a password, this implies that some application must be used to open the documents first?
You need to check his computer and shared drives for anything unusual............it should be an executable of some sort. Also look around his work area for CDs and floppy disks, it might be on one of those.
If the documents are in one single file/folder then it could be a scramdisk, that is, a virtual drive that needs to be mounted first.
Good luck :)
EDIT:
You might also look at temporary files etc, depending on what created the documents there might be an unencrypted version left. Also try restoring the files from your oldest backups............the employee may not have used encryption from day one?
More information on the type of documents would be helpful.
[offtopic..well sorta]anban, you are a raging idiot... did you not read the word 'employee' in his post? does this not mean that the documents are most likely company property, with him being the boss? That makes it perfectly legal now doesn't it? :rolleyes:[/offtopic..well sorta]
Did a bit of googling on 'decryption brute force tools' and found this site... it's got solid definitions plus links to (we hope, I'm too lazy to follow 'em myself) the tools to solve your problem:
http://www.infoanarchy.org/wiki/index.php/Brute_Force
Now after a bit of thinking on the matter - there should be evidence somewhere on this employee's box which will indicate which program was used to encrypt. Since different encryption progs use different encryption algorithms, there's a good chance if you know the program he used, we can find a tool to defeat it. You might do a bit of fishing around and see - my gut says PgP since it's so easily acquired, but gut instinct only goes so far.
Mr.|3lack|ce
I am sorry, but to remind you I am not an Idiot CISSP.
Ah, then let me rephrase Anban -
You are completely lacking in any common sense whatsoever; a stereotypical nerd, and by association a complete IDIOT. You are the prime example of why I don't use or advertise my phd publicly nor try to garner false respect from it; the exact reason why the various degrees attainable are completely devoid of both form and content, and why no original contributions to mankind or field have been made in YEARS. Quite frankly I'm embarrassed of mine and the complete lack of effort it took to acquire it. Take your 'aspiring cissp' (quoting your profile), fold it until it's all sharp corners, and shove it squarely up your supposed phd (also from your profile) ass.
The rest of us will try to help the guy with his problem.
Hey BlackIce, I'm not trying to take sides or anything, You know, just trying to be objective, so please don't consider this a flame ('cause you could Neg me to hell and back) :D But just because someone says that their 'employee' did this, doesn't mean it's not social engineering. I am not (yet) a very wise security guru, but I am paranoid enough to take this kind of thing with a grain of salt...
Hey,
dmorgan I can see what you are saying, but might I respectfully point out that Mr Clarkman has been a member for over a year and has over 100 posts to his name. Now that does not fit my profile of a skiddie or a guy up to no good...............far too patient? and certainly not a "post whore"
Also I must admit that I have been asked to do the same sort of thing myself, so I have some empathy.
If you look at his posts they bear all the markings of a regular guy trying to do a good job, but who gets called upon to do things "above and beyond the call of duty"............which is why I suppose he comes to us for help?
Don't lose your cynicism though....................I get lonely very easily :D
Was it Benjamin Franklin who said "we must hang together, gentlemen, or we will most assuredly hand separately"? I guess IT is like that.
Just my £0.02 :)