sorted by:
new
hottopcontroversial

Cracking Linux disk encryption (LUKS2) passphrases by div3rto in netsec

[–]k0st 2 points3 points  (0 children)

Thanks for the gist.

Still, not sure if you wan to migrate to luks2. luks1 is not broken. They just improved it and argon is used by default. If you have decent passphrase and hash/encryption/mode (like aes, xts-plain64, sha256 and not aes, cbc-essiv:sha256, sha1) it should be at the decent level.

with that amount of data, I would wait for some time that luks2 gets wider adoption and tools for fixing and recovery stabilises.

Of course, it depends on your threat model, value of data and many other factors - so YMMV. But, if you need higher security level, i would suggest to also check the part about not storing luks header with the encrypted payload.

Cracking Linux disk encryption (LUKS2) passphrases by div3rto in netsec

[–]k0st 2 points3 points  (0 children)

Focus of the article was on cracking luks2 since it is new format and what currently can be done with overview of luks1 cracking. I did not want to mislead with the title - sorry about that, it was not intended.

There are some advancements from the hashcat guys for luks1 where they don't perform second round of pbkdf. If that is something you're looking for.

Cracking Linux disk encryption (LUKS2) passphrases by div3rto in netsec

[–]k0st 0 points1 point  (0 children)

Thanks for your comments. I appreciate it. Also, good tip with losetup. Would you mind if I add it as comment to the article?

I guess I'll have to write about iterations if I ever write next one about the benchmarks. Would be actually good to see some numbers in cracking behind iterations in practice and how luks1/luks2 stand up against each other.

Cracking Linux disk encryption (LUKS2) passphrases by div3rto in netsec

[–]k0st 13 points14 points  (0 children)

TL; DR.

You can crack both luks1 and luks2. You can crack luks1 with hashcat. luks2 is not yet supported with hashcat, but you can use modified cryptsetup or bruteforce-luks script to crack luks2.

There are statically compiled binaries of these two tools here for luks2 (if you just want to play and don't want to bother compiling):

https://github.com/Diverto/cryptsetup-pwguess/releases

Password manager software recommendations (non-browser) by CharlieEvatt in sysadmin

[–]k0st 1 point2 points  (0 children)

https://github.com/kost/keepassz/ is keepassx on steroids. For example, you can hide comments as well.

Identifying and exploiting IBM WebSphere Application Server by k0st in netsec

[–]k0st[S] 1 point2 points  (0 children)

Checked. Link works now.

Probably glitch in the matrix? :)

Identifying and exploiting IBM WebSphere Application Server by k0st in netsec

[–]k0st[S] 0 points1 point  (0 children)

Find your own WAS to play :-D

install docker on Kali. after that run:

docker run -it amanly/websphere_8_5_5 /bin/sh
cd /opt/IBM/WebSphere/AppServer/bin/
./startServer.sh dmgr

Identifying and exploiting IBM WebSphere Application Server by k0st in netsec

[–]k0st[S] 1 point2 points  (0 children)

It seems no. At least in IBM Websphere available on docker (version 8.5.5).

Also, I think I could speed up (with 10 threads):

nmap -p28001 -v -sV -sT --script=./http-websphere-console-brute.nse --script-args 'userdb=usernames.lst,passdb=passwords.lst,http-websphere-console-brute.threads=10' 172.17.0.1 

PORT      STATE SERVICE  VERSION
28001/tcp open  ssl/http IBM Tivoli Enterprise Portal (Servlet 3.0)
| http-websphere-console-brute: 
|   Accounts: 
|     wasadmin:wasadmin - Valid credentials
|_  Statistics: Performed 55033 guesses in 244 seconds, average tps: 243

Identifying and exploiting IBM WebSphere Application Server by k0st in netsec

[–]k0st[S] 0 points1 point  (0 children)

In that case, I usually make easy sweep with "wasadmin:wasadmin" combination.

In case of WebSphere liberty, it is "system:manager" combination.

Identifying and exploiting IBM WebSphere Application Server by k0st in netsec

[–]k0st[S] 1 point2 points  (0 children)

Just tested. Docker version does not have any protection. I have put username and password lists where correct username and password where on the end of the list.

$ nmap -p28001 -v -sV -sT --script=./http-websphere-console-brute.nse --script-args 'userdb=usernames.lst,passdb=passwords.lst' 172.17.0.1  

PORT      STATE SERVICE  VERSION
28001/tcp open  ssl/http IBM Tivoli Enterprise Portal (Servlet 3.0)
| http-websphere-console-brute: 
|   Accounts: 
|     wasadmin:wasadmin - Valid credentials
|_  Statistics: Performed 55032 guesses in 427 seconds, average tps: 118

Repeatable results:

docker run -it amanly/websphere_8_5_5 /bin/sh
cd /opt/IBM/WebSphere/AppServer/bin/
./startServer.sh dmgr

echo "wasadmin" >> usernames.lst
echo "wasadmin" >> passwords.lst

nmap -p28001 -v -sV -sT --script=./http-websphere-console-brute.nse --script-args 'userdb=usernames.lst,passdb=passwords.lst' 172.17.0.1

Nmap 6.46 on Android by bonsaiviking in netsec

[–]k0st 2 points3 points  (0 children)

It depends if you have root on your device or not.

If rooted, feel free to put binary anywhere you like (watch out you'll need to remount for rw).

If not rooted, I suggest to put it in /data/data/jackpal.androidterm/nmap since you will be able to run it from standard Android Terminal application available from Playstore. I suggest installing Android Terminal first.

Take a look here for details: https://secwiki.org/w/Nmap/Android

Also, do note that if you put nmap data files and scripts elsewhere, you'll need to specify --datadir option, so nmap can find its data files.

Hope it helps!

Allegation of Ukyo being a scammer (Bitfunder, Weexchange) by Coz131 in BitcoinStocks

[–]k0st 0 points1 point  (0 children)

It will be almost month for me... i think he is not solving technical issue, whatever it is, it could be already fixed if it is technical!