Need help with cracking LUKS
#1
Hey so iam fairly new to hashcat and cracking overall,

i created a fully encrytped The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux in 2017-2019 which i dont know my password to anymore. 

Now i tried to watch some youtube videos and read the hashcat wiki to get started but i have some problems i cant really get ahead of. 

So i first created a Virtual Box with another The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) to try and crack this Luks encryption but since a Virtual box cant use my GPU power i would rather try to crack it on my Windows. 

The problem here is since its a real hard disk not just a file i dont know how to tell hashcat to just crack the harddisk, in Windows atleast. 

In my Virtual Box The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux i can go with 

Code:
hashcat -a 3 -m 14600 /dev/sdb5

when i try the same with Windows it always tells me "no such file or directory"

now i tried to copy the header of the Luks partition to transfer it to my windows but iam not really that good with Linux and iam not sure where i can even find the copy of the header. 

I have also created a second new LUKS full disk encryption on an old hard drive to try and crack that so that i would atleast know how the process looks if i correctly crack an encryption. But since i cant tell windows hashcat how to do that iam still lost.

Now to the password problem. I know the password is between 13 to 16 characters long and i know atleast 7 of these characters to 100%. That would leave 6 to 9 characters to crack from which i also think i could narrow the characters down since i fairly know what i used. I think i should be able to do that but i cant seem to get it done. 

I have already used a mask attack but iam not sure if iam doing something wrong or if my memory about the passcode is that lost. I also know that i used every character only one time so in the whole passcode for example there is only one "a" etc. I tried to find a rule in the wiki for something like that but i couldnt manage to find one. 

My hope is that someone here could help me who knows his way better around then me. 

Thanks in advance Smile
Reply
#2
Sounds like you should read this article. It has several explanations of different methods and software to use against LUKS. Remember you will need to identify which VERSION & ENCRYPTION TYPE was used as there is a very diverse selection of LUKS partitions. 

https://diverto.github.io/2019/11/18/Cra...assphrases

https://hashcat.net/wiki/doku.php?id=example_hashes

Once you have the proper extracted data whether using hashcat or john or other software you can supply it your mask attack with abbreviated character set.
Reply
#3
Hey,

thanks for helping me out. I will look into the two articles, i thought i have read somewhere that 14600 is a standart luks that works everywhere but i guess that was wrong.

Lets see where i can get with that.
Reply
#4
Your articles were super helpful, i really managed to copy the header. What kinda confuses me is that when i looked at the header it was saying:

Cipher: aes 
Hash: sha256 

after looking at the other article where it shows all the different attack modes for hashes i would have thought i need 25921 Luks 1 sha256 + aes but when i try to crack it with this setting it always says that its the wrong hash type. The 14600 works though. 


But thanks very much. I think i can now create the second header from my test Luks and try to crack that first. So i know iam doing things right. If that works i can probably also crack the important one. 

Iam just curious if there is still a rule to use with a mask attack to let hashcat know that every character is there only one time? I still couldnt find something about that topic.

Code:
Version:        1
Cipher name:    aes
Cipher mode:    xts-plain64
Hash spec:      sha256
Payload offset: 4096
MK bits:        512
MK digest:      ab 97 40 bb 32 64 8e 0f 9e 93 d0 f0 18 2b 05 9c 92 0c 9e bc
MK salt:        b2 0d 5a 74 dc f7 fe 33 06 e4 c1 fa e9 a9 3f 92
                e4 63 91 58 0b c4 4d c9 93 3d e1 74 9a d2 89 eb
MK iterations:  26383
UUID:          9ef1e435-9dfc-4b87-a000-d3acc6c6288c

Key Slot 0: ENABLED
        Iterations:            424180
        Salt:                  28 59 21 5d 4e c2 cf 58 90 16 04 dc ad 4d 24 04
                                a4 72 ab 49 0f 33 ca 44 e4 f1 6c b0 12 48 3f e3
        Key material offset:    8
        AF stripes:            4000
Reply