Cipher and Password Bruteforcing with OpenSSL

Ever had to crack something, but you don’t know the cipher? Sometimes the encrypted text gives you clues on which encryption algorithm has been used, but not always. For those cases, it might be useful with the script I am talking about in this post.

Bruteforcing the cipher type might be the only way to get through your challenge. It will create somewhat large amounts of data, but we’ll look at ways we can make it easier to process.

In the scripts below we have the following inputs:

  • A text file containing all the ciphers OpenSSL support. I’ve listed a bunch of them at the bottom of this post.
  • The password we will be trying to guess, or a dictionary of words. A dictionary could e.g. be the top 1000 common passwords.
  • Encrypted.txt contains our encrypted txt. The encrypted text file could contain base64 data, but then we would have to add the -a flag to the command.

Before running the command, we need a directory “cipherout” in the directory where we are running the command. The following command will try the passwords CompanyName00 through CompanyName99:

while read -r line; do for i in {00..99}; do openssl $line -v -d -in encrypted.txt -pass pass:CompanyName$i -out cipherout/$line-$i.txt; echo $line $i;done; done < openssl-ciphers.txt

If you’d rather use a wordlist for the password guessing, change the command into a double while loop:

while read -r line; do while read -r line2; do openssl $line -v -d -in encrypted.txt -pass pass:$line2 -out cipherout/$line-$line2.txt; echo $line $line2;done < wordlist.txt; done < ciphers.txt

This will produce a list of files inside the cipherout folder, each one representing the cipher type and the password tested. Now, analyze your cipherout folder looking for strings and alphanumeric output and see if anything makes sense. If you’re working this for a challenge, keep in mind that the resulting output could be yet another cipher.

Tools can also be used to create the passwords you are guessing. For example, a great idea could be to use Hashcat to produce the dictionary of words you can use for your cracking activities. Unfortunately Hashcat doesn’t directly support cracking these ciphers, as that tools is mostly used for cracking hashes (normally for password storage), not encryption ciphers. However, it can still create a nifty wordlist you can use though. An idea would be to manually create a list of potential passwords, then use Hashcat’s word mangling rules on this wordlist. In my wordlist I have the words securesolutions and netsecurity. Applying Hashcat’s leetspeak rule on this wordlist produces the following output:

hashcat64 –stdout /tmp/wordlist.txt -r /rules/leetspeak.rule
securesolutions
securesolutions
securesolutions
se<uresolutions
se{uresolutions
s3cur3solutions
securesolutions
securesolut1ons
securesolut!ons
secures0luti0ns
securesolutions
5ecure5olution5
$ecure$olution$
securesolu7ions
securesolu+ions
securesolutions
$3<ur3$0lut10n$
netsecurity
netsecurity
netsecurity
netse<urity
netse{urity
n3ts3curity
netsecurity
netsecur1ty
netsecur!ty
netsecurity
netsecurity
net5ecurity
net$ecurity
ne7securi7y
ne+securi+y
netsecurity
n3t$3<ur1ty

Quick list of open-ssl ciphers (might be missing some):

aes128
aes-128-cbc
aes-128-cfb
aes-128-cfb1
aes-128-cfb8
aes-128-ctr
aes-128-ecb
aes-128-gcm
aes-128-ofb
aes-128-xts
aes192
aes-192-cbc
aes-192-cfb
aes-192-cfb1
aes-192-cfb8
aes-192-ctr
aes-192-ecb
aes-192-gcm
aes-192-ofb
aes256
aes-256-cbc
aes-256-cfb
aes-256-cfb1
aes-256-cfb8
aes-256-ctr
aes-256-ecb
aes-256-gcm
aes-256-ofb
aes-256-xts
bf
bf-cbc
bf-cfb
bf-ecb
bf-ofb
blowfish
camellia128
camellia-128-cbc
camellia-128-cfb
camellia-128-cfb1
camellia-128-cfb8
camellia-128-ecb
camellia-128-ofb
camellia192
camellia-192-cbc
camellia-192-cfb
camellia-192-cfb1
camellia-192-cfb8
camellia-192-ecb
camellia-192-ofb
camellia256
camellia-256-cbc
camellia-256-cfb
camellia-256-cfb1
camellia-256-cfb8
camellia-256-ecb
camellia-256-ofb
cast
cast5-cbc
cast5-cfb
cast5-ecb
cast5-ofb
cast-cbc
des
des3
des-cbc
des-cfb
des-cfb1
des-cfb8
des-ecb
des-ede
des-ede3
des-ede3-cbc
des-ede3-cfb
des-ede3-cfb1
des-ede3-cfb8
des-ede3-ofb
des-ede-cbc
des-ede-cfb
des-ede-ofb
des-ofb
desx
desx-cbc
id-aes128-ccm
id-aes128-gcm
id-aes192-ccm
id-aes192-gcm
id-aes256-ccm
id-aes256-gcm
idea-cfb
idea-ofb
rc2
rc2-40-cbc
rc2-64-cbc
rc2-cbc
rc2-cfb
rc2-ecb
rc2-ofb
rc4
rc4-40
rc4-hmac-md5
seed
seed-cbc
seed-cfb
seed-ecb
seed-ofb

Share
  • Noam Rathaus

    Many of the above ciphers will produce by default a signature and/or header and/or cipher text of a set length that would allow you to know whether it’s possible they were used or not, without needing to crack the password.

    • Excellent point. I’ll be checking that out to see how ciphers can be individually identified.