How to use of brute force tool

Greetings

I apologize if I was not allowed to @ someone, but I am in serious distress right now. I created a vault and forgot the whole password – I only remember parts. I do not have a recovery key and came upon a tool which a user (?) named “overheadhunter” created (cf. Forgot Password but not Entirely, does a Dictionary Attack Exist for Cryptomator? - #11 by tobihagemann AND https://github.com/cryptomator/cracker). However, I am not a tech-savvy user and do not know how to proceed. I first tried to download the “cracker-win-exe-file” only and tried to run it, but nothing happened. That is where I do not know how to proceed at all (from what I understand, you need to download Java which I did and then downloaded the fat jar file which did not open). If someone could explan to me what I need to do in order to “hack” the password, I would be forever grateful, but please explain it like I was five (aka please try to remember that I am not a tech-savvy person at all, I never even heard of Java before all of this). Thank you again and I really hope someone can save me.

Thanks again.

2 Likes

It worked for me this way:

1st: create your password list
Open a txt editor and enter all possible passwords you want to try out. One password for each line. Safe that file as “passwords.txt” in the folder where you masterkey.cryptomator file is stored.

2nd: install a suitable JAVA Version
If you are sure you have Java Runtme Environment installed in version 11 or higher you can skip that. If Java RTE 11+ is not installed, you can download it for example here: https://adoptopenjdk.net/
Please read this if you struggle to find the correct version on adoptopenjdk

3rd: Download the latest release of the cracker
Download here the latest file of cracker-0.x.x-fat.jar. Right now this is cracker-0.1.1-fat.jar
Store it in the same folder where you have stored your passwords.txt file and your masterkey.cryptomator file

4th: run the tool with powershell
Assuming you are on windows, press the windows key, enter (means search) for the App “windows PowerShell” and start it.
4.1 Navigate to the folder where your file are.
You can do this by entering the following (values in have to be changed accordingly, do not type the ):

cd [drive]:\[folder1]\[folder2]

In my case, the files are stored in a folder “testvault” that is stored in a folder “_eimer” that is located on my D drive. Means in my case I have to enter this to switch to this folder:

cd d:\_eimer\testvault

hit “enter” to perform the directory change
Your powershell line looks like this:
image

4.2: run the process
Now that we are at the right place, lets run the script.
You enter the following:

cat passwords.txt | java -jar cracker-0.1.1-fat.jar masterkey.cryptomator

press enter to run the script

4.3: see the results:
Depending how long your password list is, it will take a while until the first response is given. If it is a long password list and your system has to try hard, then you will notice a line that is showing how many attempts per second is performed. This line will be updated frequently.
Looks like this.


When you see a new Line that is starting with “PS” that means the process has finished (yellow frame). As you do not see any success message, this means there was no password in the list that was correct.
If you do have the correct password in your list, then you will receive a success message with the password. Looks like this then:

Hope this helps
PS: works well also with vault format 8 because this is all not about vault format :wink:

7 Likes

Thank you for your help, I will try that now.

I may have understood the tool’s function wrong: I thought hat the tool itself would try out combinations when given a partial password – but I have to write them down by myself from what it seems. Is there such a tool that does that ?

there is: https://github.com/hashcat/maskprocessor
Its also used via powershell.

  1. Download and unpack the latest release (actually 0.73).
  2. open powershell
  3. navigate to the folder where you have unpacked the files. You’ll find a mp32.exe and a mp64.exe.
  4. Please use the one that fits your system (32 bit/64 bit). if you are unsure then you have a 64 bit system :wink:
  5. enter the following:.\mp[bit].exe [mask] to generate the list. Please see description for the available patterns of a mask.

an example:

.\mp64.exe ?l?uxx?d

will create a list of all passwords that start with a random small letter, then a random upper case letter, then “xx” and then a random number

3 Likes

Thank you so much for everything that you have done, i will try that solution and post an update asap

Forgive me if I ask another question, but how do I know that the tool ends? Does it just stop automatically or do I need to press something? Also, do you happen to know if the list of generated passwords is saved automatically or do I need to copy the list myself and then paste it into the txt file created afore. Thanks again.

I also noticed that the program deletes passwords of the list (aka I cannot scroll to the very top anymore). Is this a limit of Powershell? How do I circumvent it?

It stops with a corresponding message if either it found your password or all passwords of the list were tested and none matched.

If you want to check the password list, you should open the file containing all passwords. The powershell has a finite storage of lines to display. You cannot circumvent this.

I guess he is talking about the hashcat maskprocessor.
You notice that the process is stopped when a new the last line is starting with PS.
Maybe there is a way to export the generated passwords into a file instead of just printing them in Powershell. I am not aware of this. You should search for an answer or as that question in the issue list of the tool.

1 Like

Redirecting the output into a file using e.g. .\mp[bit].exe [mask] > passwords.txt in Powershell should be the way to go.

1 Like

Ive followed the steps through 4.1 but at 4.2 when I attempt to run the script nothing happens, powershell just produces another blank line for that directory, am I missing something?

Hi. Still works for me.
Please make sure that you have a suitable JAVA version installes (see #2).
If you are not on a high performance system, please be patient when you run the cracker. Even for me (considering I have at lead an above average performance system), and a password list with only 6760 lines, it takes a couple of seconds until the first “Guesses…” line shows up. Until then the cursor is blinking in an empty line.

1 Like