Luks hashcat qemu and i kinda forgot the pwd

so here is the status

1 i got this VM and i kinda forgot the pwd

2 the VM is on qemu (.qcow2)

how do I get hashcat to access luks and brute force ?

i will give a try with bruteforce-luks maybe i get lucky

you cant, you would the password hash to pass to hashcat.

Hashcat does indeed have the ability to brute force LUKS Anti-Forensic stripes.

how do I get hashcat to access luks and brute force ?

  • Make a copy so you can work on the device without risking damage to it.
  • Dump the LUKS headers

https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Backup_using_cryptsetup

  • Use the -m 14600 option in hashcat for LUKS headers.
  • Provide your dictionary to hashcat
  • Hash

They key part is “provide your dictionary”. This entire method assume you know the general direction of the password, and you need hashcat to fill in some blanks.

Depending on how “big” those blanks are, this process might take over a thousand years using current hardware. If the password is completely unknown and sufficiently long as to be secure, it’s effectively unrecoverable.

Doing so would require exploiting a flaw that would invalidate the encryption itself. This would be big news and would instantly deprecate the encryption scheme.

so far i managed to get all the headers then convert them from luks2 to luks1 sadly hashcat dont have a straight frontward documentation so I can give the words and pwd length

You mean Hack the player, not the game?

As in, OP should make a list of all the words that might have gone in to the passphrase, and hashcat works from that?

in my case it was one of those muscle memory pwd and now i dont remember the whole pwd i only remember the last 6, so that is like half of the pwd

A 6-character alpha/num/symbol password is easily crackable, if that is all you have to work with. Should take 5 minutes tops.

i have given up because i dint work

Don’t give up yet,

Make a password file with the passwords you use regularly. And the last six.

Feel the reward of your trails and tribs

Because of judahnator comment i decided to make a test well it dint work even with 1 character

hashcat -m 14600 -a 3 -w 1 --session try1 try.img 123ab?l -o luks_password.txt

dint work even if the pwd was 123abc

Session…: try1
Status…: Exhausted

imo converting from luks2 to luks1 for hashcat changes things in a way that make it impossible

edit so if anyone come her from google or want to test here are the steps

modprobe nbd max_part=12
qemu-nbd --connect=/dev/nbd0 virtu.qcow2   
cryptsetup luksHeaderBackup /dev/nbd0p5 --header-backup-file headers.img

at this point the headers.img is 16mb if u double-click will ask for a pwd if u put the incorrect passphrase will give a error telling you that passphrase wrong, if i put the correct pwd in my case for the test 123abc i get a “failed to activate device” error

can you use other tools to gain access?.
im guessing its some sort of lab on an internal network?
if so just mount it and use the kali toolbox to pry your way in.
scan with nmap for vulns then use that info to search the msfconsole databases.
if theres a matching vuln try running it on the box.
6 out of 10 times you can get a working shell, and from there its just a case of creating a new user login via the console.
or elevate your privs to root and make a new root account password that will let you log in on the lab. (sounds easy and can be if the box isnt hardened, but this is a task most of the time so good luck)