We describe the process of cracking the password of VMWare, Parallels and VirtualBox virtual machines using Elcomsoft Distributed Password Recovery.
As you know, virtual machines are one of the virtualization solutions that are used to run another operating system on the existing operating system on the real computer. Activities on virtual machines usually leave traces on the virtual machine itself, not on the main computer. Therefore, when it comes to digital research, it becomes extra important to open, control and analyze these virtual machines.
Many of the virtual machine software used in the criminal world offer encryption support, but they need to be examined to find evidence. This is exactly why ElcomSoft, developed a password cracking software to access evidence encrypted by various virtual machine software.
There are currently three virtual machine software available on the market to encrypt the entire machine. These VirtualBox, Parallels and VMWare software. The encryption capability, strength and cracking rates used also vary between these three software. Let’s examine the encryption of these three virtual machines before explaining the processes.
Parallels: Has The Simplest Encryption
The simplest protection among the three software we mentioned Parallels. Parallels, to do encryption AES-128 CBC makes use of algorithm. The key used for encryption is MD5 It consists of a two-dated iteration of the hash algorithm. Therefore it is Parallels software that is the simplest to crack. According to Elcomsoft researchers, a single Intel i7 processor with 19 million per second password retry speed reached. It is quite simple and easy to access passwords at such incredible speeds without using any GPU. This speed is sufficient to comfortably crack simple and normal passwords, but for slightly more complex ones, various dictionaries may be required.
VMware: Medium Encryption
One of the three virtualization software we mentioned, VMware in the same way AES-128 bit It uses the encryption algorithm, but the functioning here is different from Parallels. VMware10,000 times stronger to encrypt virtual machines and generate a crypto key From PBKDF-SHA1 benefits. In a crushing process using a processor 10,000 passwords can be tried per second However, since this is insufficient speed, it is recommended to restart the process with GPU acceleration. Using just one Nvidia GeForce RTX 2070 GPU, 1.6 million password attempts per second can be achieved. In this way, you can find complex passwords more easily with the help of GPU. It is also recommended to use a brute force attack with various dictionaries to obtain more accurate results.
VirtualBox: High Level Encryption
Oracle VM VirtualBoxThe software that has and applies the best encryption of the 3 software. As encryption algorithm AES-XTS128-Plain64 or AES-XTS256-Plain64 can be used to generate the key used in encryption. SHA-256 utilizes the hash algorithm. The number of hashes is AES Depending on the key, it can reach interesting hash iterations of up to 1.2 million. Attacks with the CPU will be quite insufficient here because 15 attempts per second are very slow. GPU-powered cracking operations are again much faster than the processor, as always: NVIDIA GeForce RTX 2070 In an attack using 2700 attempts per second can be done. We recommend that you use a powerful GPU with a good dictionary to crack these passwords.
Using ElcomSoft Distributed Password Recovery
To attack virtual machines to learn the password ElcomSoft Distributed Password Recovery You need versions 4.30 or higher of the software. You don’t need to use the entire container to do the process. Instead, we will use one of the virtual machine’s small files. Parallels for config.pvs to file, VirtualBox corresponding to “.Vbox” file and VMware too small for “.Vmx” we need the file.
- ElcomSoft Distributed Password Recovery Let’s start version 4.30 or higher.
- Select the virtual machines’ files as shown in the screenshots below and continue by saying open.
- VirtualBox for “.Vbox” file,
- VMware for “.Vmx” file,
- Parallels if for “Config.pvs” Select the file.
- After selecting the necessary virtual machine files, you can add various dictionaries using the rules tab, JohnTheRipper You can attack using syntax.
When you start the attack to crack the password, you try Parallels software, you can only use the processors because they are quite sufficient for crushing. VMware and VirtualBox When you need to review virtual machines that use GPU and sometimes various dictionaries using it will work.
If you are working in a legal authority in the cyber world, in order to obtain various evidence in the virtual machine ElcomSoft You can take advantage of this very efficient software.