In this episode we’ll take a look at brute-forcing a VeraCrypt container using Hashcat.
For starters I want to say that I’m a huge VeraCrypt fan and use it all the time, for a long time. Long enough to remember when it was, originally, called TrueCrypt before the project was abandoned.
I caught myself thinking: how long would it actually take to brute-force specific password masks? That’s when I decided to put it to the test using Hashcat and an operating system equipped with a graphics card.
This time, however, I decided to expand on its methods and basically make an all-in-one stop for encryption / decryption.
So its something I wanted to make for my own use and figured I might as well share it with you guys. 🙂
Beware though: recursion can be dangerous if used without knowledge. You could end up encrypting your entire system. Also this script will automatically delete the old files after encryption / decryption.
Download link is at the bottom of the post!
I won’t go into any details regarding the code since I’ve already made a blog post and video going into detail for this exact code.
Anyway, you will need to install pyAesCrypt. This is easiest using pip:
Welcome to part three of the Python control server series.
In part one we created our simple server and client with about 20 lines of code each (Python 3). Then in part two, we’ve added basic AES encryption to our traffic using pyAesCrypt.
Given the nature of encryption using pyAesCrypt, we we’re unable to receive any data on the server over 1024 bytes with encryption. The main reason for this is that length needs to be passed for the decryption method.
In this part we will be fixing this issue, so let’s get with it.
What exactly is the issue we have here? Why is less than 1024 bytes ok?
Both in our server and client we are sending 1024 bytes at a time. This means that whenever we send a message containing less than 1024 bytes, we won’t run into any issues.
Now considering we have to pass a length argument for decryption, if we send a message that is 1500 bytes, the server will receive the first 1024 bytes and attempt to decrypt it – resulting in an error.
This is where we have a few different options: receive all the encrypted data and then decrypt it all at once; or, receive smaller chunks of data and decrypt on-demand. Both options have their merits, I decided this latter one would be easier to program for a encryption noob like me. 🙂
I have a short encryption tutorial for you today, which is kind of a continuation from my recursive file encryption post a while back.
In that post we did encryption of multiple files recursively, while this time we’ll be doing in-memory AES encryption over the network.
This tutorial will be limited in scope in the sense that we’ll only send the data one way for now (from client to server); however, the plan is to incorporate it into my python control server series soon.
We’ll be using Python 3 for this tutorial (as one should by now). For the encryption side of things we’re using pyAesCrypt, which can be easily installed with pip by running the following command in a terminal:
python -m pip install pyaescrypt
In the video above, after going through the code and explanations, I also fire up wireshark and show the difference from both a plaintext server/client traffic to the encrypted data we’re implementing here.