Crack LUKS volume with Hashcat

Install hashcat

apt install hashcat

Find LUKS Volume

bob@localhost:~/$ dmesg
[ 1057.776074] sd 0:0:0:0: [sda] Write Protect is off
[ 1057.776074] sd 0:0:0:0: [sda] Mode Sense: 43 00 00 00
[ 1057.776593] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[ 1057.780234]  sda: sda1
[ 1057.783346] sd 0:0:0:0: [sda] Attached SCSI removable disk

From the above we see that the drive we just pluGged into the system is “sda” so our path and partition is “/dev/sda1”

Run hashcat

The following command will run hashcat against “/dev/sda1”, change if the encrypted partition is different. Mode is to brute force every 8 numeric character combination. Refer to the following link to learn more about mask attacks.

Note: You should be able to dump the header and work off of that as well.

sudo hashcat -a 3 -m 14600 /dev/sda1 ?d?d?d?d?d?d?d?d

BitLocker – Command Prompt Commands

You’ll need administrator privileges to use these command. You can also run them from a command prompt in recovery

Check Status

manage-bde -status

Turn off Encryption

manage-bde -off C:

Change C: to the drive that has BitLocker on it. Check with the status command. May not be C if your in recovery.
Also note that after the encryption is turned off it takes awhile to decrypt. Check with status command

Unlock BitLocker Encrypted Drive

manage-bde -unlock C: -recoverypassword 11111-...-99999

Replace C: with actual drive

Replace the numbers at the end to your actual recovery key.