so here is the status
1 i got this VM and i kinda forgot the pwd
2 the VM is on qemu (.qcow2)
how do I get hashcat to access luks and brute force ?
so here is the status
1 i got this VM and i kinda forgot the pwd
2 the VM is on qemu (.qcow2)
how do I get hashcat to access luks and brute force ?
i will give a try with bruteforce-luks maybe i get lucky
you cant, you would the password hash to pass to hashcat.
Hashcat does indeed have the ability to brute force LUKS Anti-Forensic stripes.
how do I get hashcat to access luks and brute force ?
https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Backup_using_cryptsetup
They key part is “provide your dictionary”. This entire method assume you know the general direction of the password, and you need hashcat to fill in some blanks.
Depending on how “big” those blanks are, this process might take over a thousand years using current hardware. If the password is completely unknown and sufficiently long as to be secure, it’s effectively unrecoverable.
Doing so would require exploiting a flaw that would invalidate the encryption itself. This would be big news and would instantly deprecate the encryption scheme.
so far i managed to get all the headers then convert them from luks2 to luks1 sadly hashcat dont have a straight frontward documentation so I can give the words and pwd length
You mean Hack the player, not the game?
As in, OP should make a list of all the words that might have gone in to the passphrase, and hashcat works from that?
in my case it was one of those muscle memory pwd and now i dont remember the whole pwd i only remember the last 6, so that is like half of the pwd
A 6-character alpha/num/symbol password is easily crackable, if that is all you have to work with. Should take 5 minutes tops.
i have given up because i dint work
Don’t give up yet,
Make a password file with the passwords you use regularly. And the last six.
Feel the reward of your trails and tribs
Because of judahnator comment i decided to make a test well it dint work even with 1 character
hashcat -m 14600 -a 3 -w 1 --session try1 try.img 123ab?l -o luks_password.txt
dint work even if the pwd was 123abc
Session…: try1
Status…: Exhausted
imo converting from luks2 to luks1 for hashcat changes things in a way that make it impossible
edit so if anyone come her from google or want to test here are the steps
modprobe nbd max_part=12
qemu-nbd --connect=/dev/nbd0 virtu.qcow2
cryptsetup luksHeaderBackup /dev/nbd0p5 --header-backup-file headers.img
at this point the headers.img is 16mb if u double-click will ask for a pwd if u put the incorrect passphrase will give a error telling you that passphrase wrong, if i put the correct pwd in my case for the test 123abc i get a “failed to activate device” error
can you use other tools to gain access?.
im guessing its some sort of lab on an internal network?
if so just mount it and use the kali toolbox to pry your way in.
scan with nmap for vulns then use that info to search the msfconsole databases.
if theres a matching vuln try running it on the box.
6 out of 10 times you can get a working shell, and from there its just a case of creating a new user login via the console.
or elevate your privs to root and make a new root account password that will let you log in on the lab. (sounds easy and can be if the box isnt hardened, but this is a task most of the time so good luck)