I have extracted the output of a pcap file, where it has encrypted jpeg image inside a word .doc & also .jpeg. How can I extract the same ?

asked 04 Sep '13, 09:29

vj%20kumar's gravatar image

vj kumar
11123
accept rate: 0%

can you rephrase your question? It is a bit hard to understand what you're trying to accomplish, and what the problem is.

(04 Sep '13, 13:43) Jasper ♦

Hi Jasper, I have got a captured pcap of a mail transaction. I have followed the SMTP's and obtained details about the mail, wherein it contains 4 encrypted files compressed in.rar format, which was also extracted with the mentioned . Now three files inside .rar has encrypted files..(picture.jpeg and file.docx contains a white image file)..now how can I decrypt the image file ?

(04 Sep '13, 14:01) vj kumar

it contains 4 encrypted files compressed in.rar format, .... now how can I decrypt the image file ?

by opening the rar file with WinRar and by entering the encryption key when WinRar asks for it!?!

If the rar file is not encrypted itself, you'll have to ask the sender of the email how he/she encrypted the files and also for the key. With that information you should be able to decrypt the files.

BTW: Obviously you already managed to extract the rar file from the SMTP conversation. So, how is this problem related to Wireshark?

Regards
Kurt

link

answered 04 Sep '13, 15:07

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
17.0k732168
accept rate: 15%

Kurt, the problem doesn't exist with the wireshark...And moreover I have no clue to whome this pcap beloongs to..:).... Encrypted here, I'm not mentioning the "file.rar" password encryption, but its the "image.jpeg" & "file.docx" which is obtained after extracting the file.rar. May be I can tell you the image is hidden inside the file.docx. I can just see a blank white space. So how this can be decrypted and I can see the image ?

(04 Sep '13, 21:08) vj kumar

Kurt, the problem doesn't exist with the wireshark...

hm... well, this is a Q&A site for Wireshark. So, if there is no problem with Wireshark, it might be the wrong place to ask !?!

May be I can tell you the image is hidden inside the file.docx. I can just see a blank white space. So how this can be decrypted and I can see the image ?

That sounds like a Microsoft Office problem to me and I'm sure you will get an answer in a Microsoft Word forum.

(05 Sep '13, 04:36) Kurt Knochner ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×2
×2

Asked: 04 Sep '13, 09:29

Seen: 932 times

Last updated: 05 Sep '13, 04:36

powered by OSQA