This is about … .
- Install Windows as a VM guest (use VBox, Vmware, Parallels or any other tool)
- Disable all sharing options except for 1 folder that will act as a buffer for files between the guest and the host
- Install choco
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1')). It’s a packet manager for Windows (like apt for Linux or brew for macOS), and it will help your life easier.
- You will need to install .NET framework as well (you will be prompted when running some of the tools)
git clone https://github.com/USArmyResearchLab/Dshell python3 -m pip install Dshell/ pip install geoip2
Download geo databases from here or use the links from GitHub. Move the files to the
site-packages folder on your OS. I have pyenv installed (for different python versions). For me (macOS +
pyenv the path was:
❗️ Don’t use
pyenvwith it since you won’t be able to do
sudo dshellwhich is required for some functionality.
⛔️ I don’t remember the error message accurately, but something about not being able to find Geo libraries. ✍🏻 Download geo databases from here or use the links from GitHub. Move the files to the
site-packagesfolder on your OS. I have pyenv installed (for different python versions). For me (macOS +
pyenvthe path was:
/Users/username/.pyenv/versions/3.9.11/lib/python3.9/site-packages/dshell/data/GeoIP. Pay attention, not the folder that you have downloaded, but the folder that was created AFTER the dshell was installed with
python3 -m pip install Dshell/.
Couldn't load netifaces, some utils won't work✍🏻
pip install netifaces
Eric Zimmerman’s Tools
The easiest way to install is via a PS1 script - https://f001.backblazeb2.com/file/EricZimmermanTools/Get-ZimmermanTools.zip from https://ericzimmerman.github.io/#!index.md. One of the requirements - .NET installed (https://f001.backblazeb2.com/file/EricZimmermanTools/net6/All_6.zip).
Install John the Ripper on macOS - https://www.google.co.uk/search?source=hp&ei=xOZoXtfNJIu53AOriq2ICg&q=john+the+ripper+install+macos&btnK=Google+Search&oq=fridump.py++dow&gs_l=psy-ab.3.0.33i160.3716.6053..7545...0.0..0.83.326.5......0....2j1..gws-wiz.EKLnxRYpE78#fpstate=ive&vld=cid:6d5ad76b,vid:4CnjjpWYK90.
brew install john cd /opt/homebrew/Cellar # not sure about the path ln -s /opt/homebrew/Cellar/john/1.9.0_1/libexec john sudo port install p5.30-compress-raw-lzma # download all the scripts git clone https://github.com/openwall/john.git # copy all from https://github.com/openwall/john/tree/bleeding-jumbo/run to /opt/homebrew/Cellar/john/1.9.0_1/share/john cp john/run/* /opt/homebrew/Cellar/john/1.9.0_1/share/john # install hashcat brew install hashcat
7z2john.pl script from https://github.com/openwall/john/blob/bleeding-jumbo/run/7z2john.pl. Other scripts - https://github.com/openwall/john.
7z2john.pl script (John the Ripper tool) that can extract the hash of the password from the
7z2john.pl /path/to/zip.7z > zip.hash sudo hashcat -h | grep 7-zip hashcat -m 11600 /path/to/hash /path/to/wordlist
⛔️ I installed perl with homebrew, but I kept getting
Can't locate Compress/Raw/Lzma.pm in @INC (you may need to install the Compress::Raw::Lzma module) (@INC contains: /opt/homebrew/opt/perl/lib/perl5/site_perl/5.36/darwin-thread-multi-2level /opt/homebrew/opt/perl/lib/perl5/site_perl/5.36 /opt/homebrew/opt/perl/lib/perl5/5.36/darwin-thread-multi-2level /opt/homebrew/opt/perl/lib/perl5/5.36 /opt/homebrew/lib/perl5/site_perl/5.36/darwin-thread-multi-2level /opt/homebrew/lib/perl5/site_perl/5.36) at ./7z2john.pl line 6. BEGIN failed--compilation aborted at ./7z2john.pl line 6.
✍🏻 So, I have spent several hours on that thing that involved a lot of googling. I needed to install the library that Perl complained to be missing. But that didn’t work. I tried rufind . -name “*Lzma.pm” | grep -i lzmanning
sudo cpan Compress::Raw::Lzma,
sudo port install lzma,
sudo port install p5.30-compress-raw-lzma,
brew install xz- same issue. As if the script doesn’t see the files I keep installing.
From the https://github.com/theos/theos/issues/273 issue of another program I figured out that sha-bang line
#!/usr/bin/env perlat the beginning of the script points to the perl version defined in environment variables. However, there was nothing in
envabout perl. Still, I have decided to change it to
#!/usr/bin/perlto point to the system perl explicitly. The error changed a little. That means that the script will use system perl executable and not the one installed by
Can't locate Compress/Raw/Lzma.pm in @INC (you may need to install the Compress::Raw::Lzma module) (@INC contains: /Library/Perl/5.30/darwin-thread-multi-2level /Library/Perl/5.30 /Network/Library/Perl/5.30/darwin-thread-multi-2level /Network/Library/Perl/5.30 /Library/Perl/Updates/5.30.3/darwin-thread-multi-2level /Library/Perl/Updates/5.30.3 /System/Library/Perl/5.30/darwin-thread-multi-2level /System/Library/Perl/5.30 /System/Library/Perl/Extras/5.30/darwin-thread-multi-2level /System/Library/Perl/Extras/5.30) at ./7z2john.pl line 6. BEGIN failed--compilation aborted at ./7z2john.pl line 6.
Ok, now it looks at the system perl folder, but it still can’t find it.
Unfortunately, no single solution on the Internet was helpful. I have used this issue from another program https://github.com/theos/theos/issues/273, https://perlmaven.com/how-to-change-inc-to-find-perl-modules-in-non-standard-locations, as well as some other resources that are hard to remember.
Then,I noticed that in the error message, there are several paths mentioned and some mysterious
@INC. It seemed like this
@INCwas something similar to the environment variable. So, I googled it, and that was the case. It looked like perl was trying to find the missing module at several paths listed in the error message and could not. This
@INCvariable was reading from the
PERL5LIBenvironment variable and would search whatever directory is mentioned there. But I didn’t have
PERL5LIBvariable defined. And what value do I assign to it? What’s the path of this stupid
From the error message, it was clear that perl was looking for
Lzma.pmfile. So, I ran
find . -name "*Lzma.pm" | grep -i lzmato see where those files are stored. I have got several different locations (because there is system Perl and also the one installed with
brewearlier). I have tried them all, and the following one worked:
export PERL5LIB=/opt/local/lib/perl5/vendor_perl/5.30/darwin-thread-multi-2level. ❗️Make sure you do not include the
Compress/Raw/part of the path.
Now, it works. 🥳
Trying to load this script with the default sha-bang and the system path export var results in
Lzma.c: loadable library and perl binaries are mismatched (got first handshake key 0xc700080, needed 0xfc00080)error.
Also, when I tried uninstalling
p5.30-compress-raw-lzma, I got
Can't locate Compress/Raw/Lzma.pm in @INC (you may need to install the Compress::Raw::Lzma module) (@INC contains: /opt/local/lib/perl5/vendor_perl/5.30/darwin-thread-multi-2level /Library/Perl/5.30/darwin-thread-multi-2level /Library/Perl/5.30 /Network/Library/Perl/5.30/darwin-thread-multi-2level /Network/Library/Perl/5.30 /Library/Perl/Updates/5.30.3/darwin-thread-multi-2level /Library/Perl/Updates/5.30.3 /System/Library/Perl/5.30/darwin-thread-multi-2level /System/Library/Perl/5.30 /System/Library/Perl/Extras/5.30/darwin-thread-multi-2level /System/Library/Perl/Extras/5.30) at ./7z2john.pl line 6.again. So,
sudo port install p5.30-compress-raw-lzmawas crucial as well. And these operations could be done safely -
sudo port uninstall lzma,
brew remove perl.
To make this setting persistent, run
echo "export PERL5LIB=/opt/local/lib/perl5/vendor_perl/5.30/darwin-thread-multi-2leveln" >> ~/.zshrc.
I hope that helps someone 🙂