Cracking Linux Disk Encryption (LUKS)

Submitted by jabrown on Tue, 01/02/2018 - 01:45

This time we'll be cracking a LUKS password of an encrypted block device.

To begin, we need to identify a LUKS encrypted device.

We can do this by using “cryptsetup”.

cryptsetup isLuks {block device}; echo $?;

Luks

 

If it returns a 0. it is a LUKS device.

Next, we need to dump the header and a little bit of data.

dd if={luks device} of=luks.header bs=512 count=4097

Luks Header

 

Now we are ready to start cracking with Hashcat.

The general Hashcat command for cracking LUKS is hashcat -a 0 -m 14600 {luks.header} {wordlist}

hashcat

The cracking speed is very slow due to the number of iterations used when generating the master key of the encrypted device. Using a well-crafted wordlist is recommended.

luks cracked

 

Visit the store or contact us if you need to recover some passwords.

Store

 


https://hashcat.net/hashcat/


Add new comment