Password Cracking Challenge 5 - Unlocking

Prompt

Our forensics team recovered an encrypted USB drive from Liber8tion. Can you crack their passwords to get to the contents? We suspect they continue to use passwords found in a popular wordlist.

Answers

Q1 (15 pts) - What is the file signature in the header of the usb-clone image in ASCII?
FVE-VS

Q2 (25 pts) - What encryption format does usb-clone have?
Bitlocker

Q3 (25 pts) - What is the password for the usb-clone?
johncena1

Q4 (25 pts) - What is the flag in usb-clone?
SKY-BLPW-9562

Steps I Took

Q1 — Started by downloading the file and checking the binary to see the signature

Q2 — Looked up what encryption FVE-VS uses - Saw bitlocker

Q3 — used bitlocker2john to get the hash

used hashcat to crack the hash

For q4 installed dislocker unlocked the bitlocker encryption mounted the usb