💥Cyb3rBook

VHD - VHDX

2 min read

PRIMARY CATEGORY → FILE MANIPULATION

Content Listing

7z
7z l <VHD_OR_VHDX>

Files Extraction

7z

See here first to list the Content of a VHD or VHDX File

Keeping the Directory Structure
7z x <VHD_OR_VHDX> -o<OUTPUT_DIR> <DIRECTORY_OR_FILE_PATH>
Without keep the Directory Structure
7z e <VHD_OR_VHDX> -o<OUTPUT_DIR> <DIRECTORY_OR_FILE_PATH>

VHD | VHDX Mounting

Obviously It can be done from a Windows Machine using the Disk Management or through HyperV, but there are different ways to accomplish the same thing on Linux 🐧

Guestmount

Guestmount

Installation

First of all, install the required package to have access to the tool

apt install -y -- libguestfs-tools
Mounting

Then, proceed as follows to mount the VHD or VHDX content in a local directory →

mkdir <LOCAL_PATH>
guestmount --add <VHD_OR_VHDX> --inspector --ro <LOCAL_PATH> -v

Mounting Bitlocker-Encrypted VHD on Windows

Mount the .VHD File

Zoom In

Enter the cracked password at the Bitlocker Password Prompt

Zoom In

Mounting Bitlocker-Encrypted VHD on Linux

Dislocker

Dislocker

UTILITYPURPOSE
losetupConvert a file (.VHD, .ISO, .IMG…) into a block device
dislockerDecrypt and access an encrypted volume with Bitlocker
mountMount the decrypted file system to access all the archives
Dislocker Installation

Dislocker

apt install -y -- dislocker
Loop Device Creation based on the VHD File using losetup

Losetup

losetup --find --show --partscan -- <VHD>
Check if the created Loop Device is available
losetup --all
lsblk -fm | grep -i -- loop
Folders Creation to mount the VHD File
mkdir -p -- /media/{bitlocker,bitlockermount}
Drive Decryption using Dislocker
dislocker --volume /dev/loop0p1 --user-password -- /media/bitlocker
> Enter the user password: *****
Check the Mounted Device (VHD)
mount | grep -i -- dislocker
Mount the Decrypted Volume
mount --options loop -- /media/bitlocker/dislocker-file /media/bitlockermount
find /media/bitlockermount

Graph View

Backlinks