Sunday, May 19, 2013

Fedora Security Lab | Flight 2 (burt forcing ecrypted drive)

In my last Security Lab Post I demonstrated some fairly simply steps for using Fedora's Security Lab to mount a LUKS encrypted drive.

After figureing out how to do this, I wondered how simple it would be to crack or break into the drive should I forget my password.
Yes, it happens and when it does it SUCKS, as if you off my 1 or 2 characters you have 6-8 permutations of your password to try. 
So I went off to implement a bash based brut force attack to help solve this problem and  have an automated script demonstrate the process.

After doing some research I found this blog post by Steven Hollingsworth and used this as a template for my script.
try: 12 of 64
ESTIMATED COMPLETION: Sun May 19 16:52:51 EDT 2013

********* PASSWORD *********** Success!
Its a simple script that takes a word list (as the 3rd argument) and attempts to unlock the encrypted drive one password at a time.

Developing the word list is realy where the problem is! Here is why ((its time for some math):

Lets assume you have no clue what teh password is (but seeing as most passwords are between 0 an 8 characters long and you know that there are no special characters.

So we can create an alphabet with the following:
echo {a..z} {A..Z} {0..9}
This gives us 62 characters:
echo {a..z} {A..Z} {0..9} | wc -w
 So if our pasword or passphrase was only 1 character long you would have 62 itterations to try before you could be sure that your passphrase is not 1 character long.  So lets say that you think your password is 2 characters long.
2^62
This would give you 4611686018427387904 permutations or itterations that you would have to try before you could confirm that your password is not 2 characters long.

That is not only translates into a time consuming opperation but a resource issue for your system (this was my problem) if you are trying to build this list in memory.

It is because of this reason that building a dictionary is done outside of my script. It is this way for 2 reasons.
  1. So that other more efficent tools (or better ideas) can generate the list. 
  2. The list can be shorten or created in a way the user chooese. 
My way of doing this is by using bash's carteasina product (rember the command above that I used to create my alphabet, well just remove the spaces).
echo {a..z}{A..Z}{0..9}
This will create a word list of 3 letters with the first letter being a lower case letter, the second being an uppercase letter, and the last being a numeric digit. Or 6760 permutations. This also allows us to narrow our dictionary to passwords that are more likely to be the password that you are looking for.

Example:
for x in $(echo {K,C,k,c}{4t,4t,at,at}{s,z,S,Z,$}); do echo $x >> dictionary; done
With this set up forgoten LUKS passwords are not forgotten long.

Wednesday, May 8, 2013

Enviornment - (My own little world [changing to Linux])

A while back I wrote about setting up a working enviornment, and some of my favorte power tools (many [all of them I think] of them FREE and OpenSource).

Since writing these articles I have taken a new job with Red Hat, supporting RHEL and JBoss  and have switched my enviornment to Fedora, where all of these Power Tools come standard.

What makes Fedora so great is that it works as a Desktop or Laptop system and with Gnome Extentions, as these extentions allow you to make your desktop your ownt world. This in turn helps you to get familuar with the Power Tools.

I have also found VIM adventures a fun way to learn vim.

Why do I bring up VIM, well in my new enviornemtn VIM is king, Why?

Because my favort tools in Fedora are TMUX and the Gnome Drop Down Termal.  These tools allow me to take full advantage of the my SHEL and keep it just one click away (F12).

Over the last year its allowed me to pick up on other OpenSource Power tools such as curl and awk.

Fedora Security Lab | Flight 1 (examining an ecrypted drive)

Tonight I started to dig into learning more about Computer Security and Forensic. As a new employee to Red Hat I'll be working to expand my knowlage of how Fedora's Security Spin can help me in this process. 

Tonights journy was to install the Spin, and see if I could gain access to my Laptops HDD. 

It was a success.

Now to tell you how I did it. While this may seem failry basic it took arround 2hr to complet this taks (this includes 30 min to download and install the spin). 

Once I became familuar with the spin I began trying to mount my HDD (sda). 

A fairly simply task (for my boot partition)
mount /dev/sda1 /media
I unmount the partition here (so that I can use media as a general mount point).

However mounting my second partition (sda2) was not so easy, for two reasons.

  1. I use LUX to encrypt this partition
  2. I use LVM to further partition this block partition. 
Be cause of this I first had to find a way to mount my LUKS partitoin, this means unlocking the partition.
cryptsetup luksOpen /dev/sda2 drive
Enter passphrase for /dev/sda2:
What this command does is provides me an LVM mapping for sda2 to /dev/mapper/drive.  With this complete I can then scan all of the drives on the system and provide LVM mappings for each of the LVM partitions. 
vgscan
vgchange -ay VolGroup00
Followinig these commands you simply mount the partitions from your LVM voulum group just like you would any regular partition.
mount /dev/mapper/VolGroup00-root /media/
As I stated at the begining while not overly complicated if your unfamiluar with working with storage devices and LVM and LUKS this process can be fairly complicated and involved.