Search the Community

so i tryed to hack my router wpa2 btw with jahn the ripper but is says that my wordlist has diffrent encryptions . so is there a way to make it all the same encryption??

Hi Guys, My friend has lent me his harddrive with some music production files (.wav and .mp3 files) on it but he has somehow encrypted the files and has asked me to remove the encryption from it. He says he used Windows 10 and after some digging around found Microsoft uses EFS Encryption. I tried his laptop to remove the encryption as it would have had the key to it and after an hour of playing around he tells me that he re-installed the OS so the key would have been lost. I have searched online for a few answers and found a couple which haven't convinced me. I found this site https://www.elcomsoft.co.uk/aefsdr.html that says it can remove EFS on NTFS but I am not willing to pay the price tag unless I have proof of success If anyone can verify for me that they have a good success rate that would be awesome Or does anyone know if GitHub has any programs that can be run in a Linux OS like Kali or Parrot that I can use to break the encryption?

I got the crib and the encrypted version, i need to find the key. The input is a 16 byte Hex sequence and the output is a 64-byte Hex sequence. Im not sure of the type of enccryption, im thinking about SHA256-512. but im not sure How can I do the known plaintext attack. its not a file, its a simple text Which type of encryption do you think its possible to be ?

Hello guys and girls! I 've accidentally deleted some initial portion (little I think) of my drive through the following command: openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt < /dev/zero > /dev/sda The following partitions existed prior to my fault: sda1/2 (Windows) - about 100GB sda3 (Extended) - about 100GB sda4 Veracrypt - about 700GB some Unallocated space With the above command I wanted to fill with noise the sda3 partition, but due to a mistake while typing the number 3, didn't reach the command, so as soon as I noticed it (pretty quickly) I hit CTRL+C (about 1 sec after the initial ENTER). What I 've done already: 1) Run gpard /dev/sda with the following output after 24+ hours of the command running: Begin scan... Possible partition(DOS FAT), size(10mb), offset(6720mb) Possible partition(Windows NT/W2K FS), size(0mb), offset(31042mb) Possible partition(Windows NT/W2K FS), size(3mb), offset(33462mb) Possible partition(Windows NT/W2K FS), size(3mb), offset(33466mb) Possible partition(Windows NT/W2K FS), size(3mb), offset(33469mb) Possible partition(Windows NT/W2K FS), size(3mb), offset(34282mb) Possible partition(Windows NT/W2K FS), size(0mb), offset(38780mb) Possible partition(Windows NT/W2K FS), size(100767mb), offset(50486mb) Possible partition(Windows NT/W2K FS), size(953866mb), offset(953867mb) * ** Fatal error: dev(/dev/sda): seek failure. 2) Run testdisk with the following outputs: Intel/PC partition option prior to analyzing Non partitioned media option prior analysis So the first scan only came up with: Disk /dev/sda - 1000 GB / 931 GiB - CHS 121601 255 63 Partition Start End Size in sectors Linux 12858 253 4 24340 40 20 184444928 Structure: Ok. Use Up/Down Arrow keys to select partition. Use Left/Right Arrow keys to CHANGE partition characteristics: *=Primary bootable P=Primary L=Logical E=Extended D=Deleted Keys A: add partition, L: load backup, T: change type, P: list files, Enter: to continue ext4 blocksize=4096 Large_file Sparse_SB, 94 GB / 87 GiB so that should be the Extended Linux partition (that is sda3, before sda4) and the second one with those (among other little FAT partitions): P NTFS 6436 37 34 19282 67 17 206372864 Structure: Ok. Keys T: change type, P: list files, Enter: to continue NTFS, blocksize=4096, 105 GB / 98 GiB P ext4 12858 253 2 24340 40 18 184444928 Structure: Ok. Keys T: change type, P: list files, Enter: to continue ext4 blocksize=4096 Large_file Sparse_SB Backup_SB, 94 GB / 87 GiB 3) Run MiniTool partition recovery option & EaseUS one, through mounting the disk to Windows pc, with the scans not showing the veracrypt partition, but one of the (MiniTool) showing the above linux one (87.95GB) My question is, do you know any possible way that I should proceed in order to recover the Veracrypt partition (previous sda4)? In the end thats the only data that I care of. I look forward to your insights, as I am available for any clarifications! Thank you in advance for your time!

Greeting all, I am writing an encryption app for both iPhone and android devices and have come to a fork in the road...(ooo, bad pun)...I wanted to create a 'Save' option to store the encrypted texts locally on the device, but after the revelation of vault 7, I am thinking that maybe it's better to have users save their texts off device elsewhere. The Key is generated on the device locally and stored locally. The Key is protected and has self destruct mechanism, but my concerns are that they would both reside on the device and then could be fully compromised. With the ability of these agencies, where do we go from here? My question: would it be better to save off device or just store it locally? Any thoughts and elaborations are greatly appreciated.

Hello, I know it will be an ubsurd request because this is a hacking forum :) I'm a developer and I'm making my money by selling a program, but I realized that someone cracked my program and distributing it. I'm currently using WinLicense for encryption. Do you know a better program for license and/or encryption?

Salutations Hak5, I'm S0AndS0 a long time watcher (and big fan) of the various shows that have been made available by the Hak5 teem. What is shared here maybe thought of as a "tricky treat" for the holiday. https://github.com/S0AndS0/Perinoid_Pipes The above project has been documented in detail (because we've heard that the show hosts of Hak5 like that out of project authors) and as of latest local & remote tests is operating as expected. Simply put this project facilitates common encryption & decryption options of GnuPG via a named pipe (similar to anonymous pipes `|` but addressable via file path) and a customized listening loop that parses incoming data. Think of it as a *short-cut* for operations involving public key crypto; for example of normal encryption echo "some secret" | gpg -a -e user@email.host >> out.file And for comparison an example of encrypting via named pipe file echo "some secret" > /var/log/named.pipe This allows any service to utilize encryption by way of output redirection; logging daemons, web host logging, and/or your own custom services. So far three usage scenarios have been written but we're hoping that with this communities' help we can write at least two more together; perhaps a guide on using this tool with Rubber Ducky to automatically encrypt data off a target to either a second storage device or to the Ducky it's self. Notes for beginners; If you (the reader) are new or unfamiliar with encryption via GnuPG then ya may want to start with the documents in above code repo that begin with `Gnupg_` after coming to terms with the options available then check the script's help documentation via the following commands chmod u+x Paranoid_Pipes ./Paranoid_Pipes --help Use the output from above to modify your next commands, add `--help` at the end to check your settings prior to committing to them. Easy as pie. Notes for Moderators; If this has been posted in the wrong section please move or notify the OP's author to move it to the proper section. This tool has been shared with the this community in the hopes that readers will find it useful but without warranties of any kind. Notes for Show Hosts; If you wish to include this tool within a publication then you have permission, prematurely given, to utilize any of the tools found in the above code repository for either your own projects or for featuring the main project itself.

Hey, everyone! I recently joined the Keybase.io Alpha test. Hak5 has done 2 shows highlighting them so far. Social Encryption with Keybase.io, Hak5 1715 Easy File Encryption with Keybase - Hak5 1904 They also recently launched their own encrypted filesystem. Anyway, I have a handful of invites available and I wanted to share them here before anywhere else. Its one small way I can give back to a community who has taught me so much! Reply here and I'll PM you an invite.

I need to know if this is even possible. I have gotten family members to use RetroShare to share files with each other, and also to keep multiple copies for backups, but in general our internet-speeds are appalling. This made me think of renting a server with a 10 gbit line, and 2tb of space, and run it as our 'main node'. The issue is just how do I actually completely secure the data. My main idea is to run retroshare via xpra on the server, but I do not want the server company to ever actually be able to access our data, and this made me think of black boxes. Is it possible to create an encrypted 'container' on the server that keeps the files and retroshare inside it, and the only way to access the data is via retroshare, or manually input the encryption keys? example: server (ubuntu) -> encrypted container (retroshare, data files) -> internet What I have out so far involves using luks and setting up an encrypted block device, but the drawback is the encryption keys are stored in memory while the server is online, so anyone could potentially access the files while the server was running. I want it like a black box that exists on the server, and the only communication in and out of it goes via retroshare, and to be able to read what is inside it requires an input of the encryption key.

I just read the "leaked" draft of the senate encryption bill. It looks awful and contradictory in addition to the adjectives the wired article gave it. My senator's office is across the street from where I work. So I plan on stopping by over lunch on Monday to irritate her staff, by listing off the ways that that bill could break the internet while failing to solve the problems it is aimed at fixing. Wired article here http://www.wired.com/2016/04/senates-draft-encryption-bill-privacy-nightmare/ vice article here http://motherboard.vice.com/read/leaked-burr-feinstein-encryption-bill-is-a-threat-to-american-privacy draft here https://www.scribd.com/doc/307378123/Burr-Encryption-Bill-Discussion-Draft Anyway, I'm a bit annoyed right now that someone thought what they have so far was worth writing down.

I have acquired A Dell Latitude E6410 laptop that looks almost brand new for £50, about $35 in your money. It has a 4 core i7 processor and 8GB of RAM. I have had Linux Mint on it and it runs great. I want to use it as my day to day working system. As such it will hold my personal details, client details, my itinerary, banking etc. I am now going to start doing a bit more travelling with my work and want to take the laptop with me. Laptops are high on the list as an easy theft target so now I want to scrub the current OS and re-install the latest Mint with encryption. For some of my work I also want to install Kali Linux. Currently I have this on an older more battered laptop but do not want to carry two laptops around. I have fitted a 1TB Hybrid drive to the Dell laptop and want to set up an Dual Boot system with Mint for day to day use and Kali available when required for work, but I want to make sure that the laptop is encrypted just in case it does get stolen or lost in transit. Can anybody advise on how to achieve this? Would it be better to make it a dual boot where you choose either Mint or Kali and only have one or the other OS running ? If so can they share any partitions like /swap or /home ? Or should I run Kali inside of Mint as a VM? and if so are there problems when using additional WiFi interfaces and Blue Tooth devices with the Kali VM. I have got a separate WiFi Alpha Network adapter for WiFi sniffing and am looking to buy a pineapple, I also have a SDR dongle and want to add to these tools so any advice on getting them to work with a VM Kali would be helpful if I go down this root

Hello. Please help, I collect the passwords from the browser chrome on the victim's computer. How do I encrypt them (eg DES, AES, RC4), then I was able to decipher them on my program in C#

I've been reading up on encryption a bit. I'm probably still not on the level to have an educated conversation on the subject. But I wanted to ask a question about encryption programs. What is the a recommended program for encrypting a file or folder for secure storage? It's been mentioned that truecrypt is no longer secure. People are recommending using veracrypt? There's another program I've seen called zulucrypt but that also looks a lot like truecrypt? In your opinion what is the best encryption program? Why? Also was curious about which block ciphers are the hardest to crack? Have you cracked a truecrypt file? How long did it take? What cracker did you use?

So I ordered a Pineapple some time ago, and I'm receiving it soon. I just read the FED and it said that the Pineapple can't bait encrypted networks. Does this mean that I can't get people on WPA2 networks on my Pineapple?

I work in IT as a combination network administrator and computer consultant. I often get the question of "how do I keep my computer secure", however, despite the normal "best practices" that I typically return to the average people that I help regularly, I always think to myself "you know, I can think of a few ways these normal techniques can be circumvented" or "normal computer security techniques would probably be a joke to circumvent for the $name_of_3_letter_intelligence_organization". So I started thinking... How do government intelligence agencies handle security? If I did want to commit some kind of massive information crime (not that I would ever want to), how could I ensure that nobody could figure out my physical location, and if they do, how could I secure the information on my equipment in such a way that if seized and analysed by the best computer forensics and cryptoanalysts in the world, that they would find none of the incriminating information for prosecution. It occurs to me that most publicly available crypto software is likely either not strong enough to resist the repeated attempts at circumvention by a government agency with as many resources as the NSA. Is there better software available than bitlocker / filevault2 / truecrypt / luks/dmcrypt? How does one mitigate cold boot attacks? What about mitigating against simple coercion? I know that for most standard United States trials, the fifth amendment gives some protection to people against giving up information in their head as they don't make you testify against yourself, but what about those people in non-public situations or outside of the united states on a waterboard? - a system with authentication expiration would probably be a good idea. somehow integrating a dead-man's-switch into the mix. But in all seriousness, in these days of lowered trust in governments and law enforcement officials, with anti-piracy crackdowns and governments like the Koreans and Chinese who have no free speech policies, or simple private communications, how does one create a secure system? can we really trust the common operating systems we use? windows? mac os x? - even linux and it's associated programs that make up standard distributions that are completely open source, do they have the code scrutiny to say "yes, this is completely secure!"? I really don't think so. and then worse, once you get the base system set up (even if you assume it's 100% secure), once you start adding software that you use on a daily basis, things like word processors, video players, graphical window managers, etc. how do we trust that the programs or the interactions between those programs will be secure as well? tl;dr: If you were Batman, Nick Fury, or the CIA or NSA's CIO, what kind of computer systems would you use and how would you make sure that they were totally and completely secure? How would you secure their networking? and if someone were to raid and seize these machines, how would you make it so the expert government agency with virtually unlimited resources can't access any incriminating data?

Hi everyone. For a long time i have been using skype for day to day communication with friends and colleagues, but there comes a time in ones life when there is a need for something more secure. Recently i came across Tox which promises these features. Maybe some of you have tried this software and can share your thoughts? or maybe make some suggestions for other secure IM clients?

Do you use/know of a solution that enables encrypted (zero-knowledge) document collaboration? Preferably real-time, such as Google Docs. I'm working with a new client where I am the IT security sub-contractor. We had our first meeting today and started working on a plan to do job itself. The client requested that there would be a very high standard of security regarding many of the documents (mainly their threat response security protocols). This got us thinking about how we can collaborate on documents securely, preferably in a real-time manner. I took it on myself to find different solutions, and the best one I found is this: http://www.cipherapps.com/solution/ This solution enables you to seamlessly collaborate on Google Drive, encrypted, with a minimal footprint. No special browser or software needed (only the gateway, hosted or on-premise). Any thoughts? What do you use?

Hi guys. After watching the eppisode on pgp encryption for email and taking notice of all the unlawful spying going on these days I have been using gpg to encrypt what mail I can.. However, I cant get anyone else to give a rats @$$ about it. So, this got me to thinking the best I can do is secure my own account. Like so many I have mail on a gmail server that will sit there prettymuch for ever incase I need it; much longer than 180 days for it to become public property. SO.. I have been trying to find a way to encrypt all the message already received and sent ect.. Its far to painful to manually use thunderbird to move messages to draft then edit/encrypt and move back to inbox. I tried the IMAP crypto.jar which should convert all stored IMAP messages. While this would be prefect, I can not get it to work; never connects. I was hoping that through some piping and what not there would be a way to use linux to download each messag, gpg only the body of the message then upload/replace the stored message OR resend it to myself. However, having only jumped off the windows ship receienty I do not seem to have the skills to make this work, yet. I have been able to use getmail to download all my emails into files, but I really would like to have it take the files as they come in and then resend the gpg version back to me all in one shot. Since you find joy on the shell can you tell me how I might make this happen? I want to download and take each file then copy the subject over to a new message, encrypt the body of the email only using public key, then send the subject with the encrypted body to myself. getmail > gpg "user key" and other crypto junk > coppy subject of email > append to> grep body-of-email > sendmail to meself ??????????? Thanks for doing what you do!

I have to find the encryption key from a list of words, I have the plain and cipher text and have written a code which decrypts the cipher text using the words from the file and then compares the plain text, if its same it should print the key used.I used the EVP_BytesToKey to convert the word into key. The IV used for encryption was 0 and the Key is not more than 16 characters long. Problem is i get error Segmentation fault(core dumped). Can anyone help me with this? #include <stdio.h> #include <assert.h> #include <ctype.h> #include <string.h> #include <stdlib.h> #include <openssl/aes.h> #include <openssl/evp.h> int main(int argc, char *argv[]) { int ret = 0; unsigned char pltmp[1024]; unsigned char citmp[1024]; unsigned char iv2[16] = {0}; unsigned char plaintext[1024] ; FILE *fp; /* opening file for reading plaintext*/ fp = fopen("some.txt" , "rb"); if(fp == NULL) { perror("Error opening file"); return(-1); } fgets (plaintext, 1024, fp); fclose(fp); /*opening file to read key*/ FILE *keyf; keyf = fopen("words.txt", "r"); /*opening file to read cipher text*/ FILE *ct; ct = fopen("some.aes-128-cbc" , "rb"); if(ct == NULL) { perror("Error opening file"); return(-1); } fgets (citmp, 1024, ct); fclose(ct); const char *password; /* Creating while loop to read keys until correct key found*/ while(fgets((unsigned char *)password,16,keyf)) { const EVP_CIPHER *cipher; const EVP_MD *dgst = NULL; unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; const unsigned char *salt = NULL; int i; OpenSSL_add_all_algorithms(); cipher = EVP_get_cipherbyname("aes-128-cbc"); if(!cipher) { fprintf(stderr, "no such cipher\n"); return 1; } dgst=EVP_get_digestbyname("md5"); if(!dgst) { fprintf(stderr, "no such digest\n"); return 1; } if(!EVP_BytesToKey(cipher, dgst, salt, (unsigned char *) password, strlen(password), 1, key, iv)) { fprintf(stderr, "EVP_BytesToKey failed\n"); return 1; } //printf("Key: "); for(i=0; i<cipher->key_len; ++i) { printf("%02x", key[i]); } printf("\n"); //printf("IV: "); for(i=0; i<cipher->iv_len; ++i) { printf("%02x", iv[i]); } printf("\n"); /*Decrypting using the key generated by EVP_BytesToKey and IV is 0*/ EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(),NULL, key, iv2, 0); printf("dec\n"); EVP_Cipher(&ctx, pltmp, citmp, 1024); printf("compare\n"); if (strcmp(pltmp, plaintext)==0) {printf("success"); printf("%s Key: ",(unsigned char *)password); break;} else {printf("prob");} EVP_CIPHER_CTX_cleanup(&ctx); } }

NY Times: http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?hp&pagewanted=all&_r=0 Full announcement: http://www.nist.gov/director/cybersecuritystatement-091013.cfm In short: They think there is a back-door in the RNG for making encryption witch would lead into a easy way for them to decrypt anything that used this RNG List of Company encryption usage: http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgval.html Company's like Apple, Cisco, Juniper, ...

What is the BEST encryption software? I use truecrypt but i was wondering if there are any alternatives? Thanks guys! :)

hey everyone, last weekend i started learning assembler for writing shellcode encoders (and shellcode itself) at the moment i'm trying to write an XOR based stream encoder (kinda like RC4 but much simpler) the prototype is written in python and it's supposed to work as follows: encoding: 1. take IV xor with first block of data to encode, store result in array 2. take last block from array xor with next block of data, append result to array 3. repeat step 2 until end of data decoding: 1. take IV xor with first block of encoded data , store result 2. take result xor with next block of data, store result 3. repeat step 2 until end of data http://pastebin.com/X9TKcLMm this is the source code "test" is the IV and "targets" is the data to encode now my problem is that the decoding function is not working as intended, it fails to properly decode the encoded data anyone got an idea where the error might be? Thanks in advance, Earthnuker

My gf recently lost her thumb drive loaded with pics of us, out in the woods. She lost it at a Bingo tournament in a local church. I don't think the seniors are going to upload our naked pics but now I'm scared. From now we decided to encrypt all our info on USB drives, only out of necessity. I thought of using of using True Crypt to hide files. Its a great free application. The only problem is that its not inherently installed on Windows/Linux/OS X. There must be an easier way. any ideas?

So I see a lot of obfuscated/encoded PHP payloads used in RFI attacks. In general though, they are trivial to decode(Decoding tool I develop https://firebwall.com/decoding/index.php). After writing 2 papers on how and why they could be developed better(http://firebwall.com/research/InsecurityofPoorlyDesignedRemoteFileInclusionPayloads-P1.pdf http://firebwall.com/research/InsecurityofPoorlyDesignedRemoteFileInclusionPayloads-Part2.pdf (written with DigiP)), and only seeing simple increases in the attempt to hide information, I decided to spend an hour and write one that actually was not only hard to decode, but hard to take control over. I put this challenge to the Hak5 community, tell me the password I'm using and how to run commands. I'm certain the Transferable State Attack would help you in your decryption process. Here is the payload: http://pastebin.com/W92Q0Q9j Happy Hacking :D

Ok so as an ongoing personal research , one thing I've REALLY been wanting to get into encryption. I know there are plenty of "free text encryptors", but I want to get into the encryption that doesn't require a key, or any of that jazz, i want to learn the hard way essentially. Anyone shed some light? :)