Bitlocker-1 and 2
CHALLENGE DESCRIPTION
SOLUTION - Bitlock-1
First, we need to crack bitlock password using bitlocker2john to get hash, and crack hash by john
1
2
bitlocker2john -i bitlocker-1.dd > hash.txt
john hash.txt -w=[wordlist]
Make a directory to store the dislocker-file located inside the bitlocker.dd, a virtual file that represents the decrypted contents of the bitlocker encrypted volume.
1
mkdir disc
Afterwards, use the dislocker tool to unlock the bitlocker encrypted drive. The password “jacqueline” is specified with -u argument. The output is then, saved to the “dislocker” directory.
1
sudo dislocker -v bitlocker-1.dd -ujacqueline disc
Upon unlocking the bitlocker drive we can see that the dislocker-file is present. We now need to mount this file in our machine.
1
mkdir mnt
The command above mounts the unencrypted/unlocked bitlocker file to the “mnt” directory. The -o loop is used to tell the computer to treat the regular file (dislocker-file) as if it were a physical disk drive. This allows us to access all the folders and files inside it, just like a USB drive or HDD. The concept is similar to inserting a CD into your laptop.
1
sudo mount -o loop disc/dislocker-file mnt
SOLUTION - Bitlock-2
As we can see, they provide us RAM dump file. We need to unzip it first, then search for the flag.
1
strings memdump.mem | grep picoCTF