Crack LUKS volume with Hashcat

Install hashcat

apt install hashcat

Find LUKS Volume

bob@localhost:~/$ dmesg
...
[ 1057.776074] sd 0:0:0:0: [sda] Write Protect is off
[ 1057.776074] sd 0:0:0:0: [sda] Mode Sense: 43 00 00 00
[ 1057.776593] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[ 1057.780234]  sda: sda1
[ 1057.783346] sd 0:0:0:0: [sda] Attached SCSI removable disk
bob@localhost:~/$

From the above we see that the drive we just pluGged into the system is “sda” so our path and partition is “/dev/sda1”

Run hashcat

The following command will run hashcat against “/dev/sda1”, change if the encrypted partition is different. Mode is to brute force every 8 numeric character combination. Refer to the following link to learn more about mask attacks.
https://hashcat.net/wiki/doku.php?id=mask_attack

Note: You should be able to dump the header and work off of that as well.

sudo hashcat -a 3 -m 14600 /dev/sda1 ?d?d?d?d?d?d?d?d

Create LUKS Encrypted Thumb Drive

Find the thumb drive with lsblk, dmesg, or sudo fdisk -l. In the following examples we are using /dev/sdc1, replace as needed.

sudo cryptsetup --verbose --verify-passphrase luksFormat /dev/sdc1
sudo cryptsetup luksOpen /dev/sdc1 encrypted_usb
sudo mkfs.ext4 /dev/mapper/encrypted_usb

Now we can mount the drive. We are mounting it to /mnt change if needed.

sudo mount /dev/mapper/encrypted_usb /mnt

Or go ahead and close the channel and remove the drive

sudo cryptsetup luksClose /dev/mapper/encrypted_usb

Command Explanation

sudo cryptsetup --verbose --verify-passphrase luksFormat /dev/sdc1

Wipe /dev/sdc1 and set the password when prompted for it.

sudo cryptsetup luksOpen /dev/sdc1 encrypted_usb

Open up a secure channel to the drive, and decrypt it so we can access it

sudo mkfs.ext4 /dev/mapper/encrypted_usb

Using the channel we created in the previous command, we can now format the drive.

sudo cryptsetup luksClose /dev/mapper/encrypted_usb

We can now close the channel for the drive and remove it.

Extract Android backup

https://stackoverflow.com/questions/18533567/how-to-extract-or-unpack-an-ab-file-android-backup-file

Install Android Backup Toolkit

wget https://downloads.sourceforge.net/project/adbextractor/android-backup-tookit-20180521.zip
unzip android-backup-tookit-20180521.zip
cd android-backup-tookit/android-backup-extractor/android-backup-extractor-20180521-bin

Unpack backup. Changes it from an ab to a tar file

java -jar abe.jar unpack ~/path/to/backup.ab ~/path/to/backup.tar

After thats complete, you can untar it. Change Desktop to the path you want to extract to.

tar -xvf ~/path/to/backup.tar -C ~/Desktop/

Show human readable time in dmesg

The -T option lets dmesg show user readable time.

Example:

$ dmesg -t
...
[Sat Nov 15 12:15:12 2019] CPU1: Package temperature/speed normal
[Sat Nov 15 12:14:12 2019] CPU3: Package temperature/speed normal
[Sat Nov 15 12:14:12 2019] CPU0: Package temperature/speed normal
[Sat Nov 15 12:14:12 2019] CPU4: Package temperature/speed normal
$

dmesg time options

$ dmesg -h | grep time
  -d, --show-delta            show time delta between printed messages
  -e, --reltime               show local time and time delta in readable format
  -T, --ctime                 show human-readable timestamp (may be inaccurate!)
  -t, --notime                don't show any timestamp with messages
      --time-format   show timestamp using the given format:
                                [delta|reltime|ctime|notime|iso]
Suspending/resume will make ctime and iso timestamps inaccurate.

Extract encrypted Signal backup

https://github.com/xeals/signal-back
More information at the above link

Installation of precompiled binary for Signal-Back

wget https://github.com/xeals/signal-back/releases/download/v0.1.7-alpha.2/signal-back_linux_amd64
chmod +x signal-back_linux_amd64
./signal-back_linux_amd64

Help info

Usage: signal-back_linux_amd64 COMMAND [OPTION…] BACKUPFILE
   --help, -h     show help
   --version, -v  print the version
 Commands: 
   format   Read and format the backup file
   analyse  Information about the backup file
   extract  Retrieve attachments from the backup
   check    Verify that a backup is readable
   help     Shows a list of commands or help for one command

Extract attachments from backup

Replace ~/Desktop/signal…backup with the path to your Signal backup.

./signal-back_linux_amd64 extract ~/Desktop/signal-2019-09-30-01-43-21.backup

It’ll ask for the password and then start pulling out the attachments and putting them in the current directory.

Export messages to CSV file

Default option is XML. CSV will let you open it up in Excel.

./signal-back_linux_amd64 format -f CSV --output signal-output.csv ~/Desktop/signal-2019-09-30-01-43-21.backup

Specify password to use

You can use the -p option to specify the password. It does not matter if there are spaces every 5 numbers or not. Also the -P option is suppose to let you use a file.

./signal-back_linux_amd64 extract -p "48294 55709 09123 94563 74662 12800" ~/Desktop/signal-2019-09-30-01-43-21.backup

Other help options

bob@localhost:~/Downloads/signal-back$ ./signal-back_linux_amd64 help
 Usage: signal-back_linux_amd64 COMMAND [OPTION…] BACKUPFILE
 --help, -h     show help
   --version, -v  print the version
 Commands:
   format   Read and format the backup file
   analyse  Information about the backup file
   extract  Retrieve attachments from the backup
   check    Verify that a backup is readable
   help     Shows a list of commands or help for one command
bob@localhost:~/Downloads/signal-back$ ./signal-back_linux_amd64 help format
 Usage: signal-back_linux_amd64 format [OPTION…] BACKUPFILE
 Parse and transform the backup file into other formats.
 Valid formats include: CSV, XML, RAW.
 --format FORMAT, -f FORMAT  output the backup as FORMAT (default: "xml")
   --message TYPE, -m TYPE     format TYPE messages (default: "sms")
   --output FILE, -o FILE      write decrypted format to FILE
   --password PASS, -p PASS    use PASS as password for backup file
   --pwdfile FILE, -P FILE     read password from FILE
   --verbose, -v               enable verbose logging output
bob@localhost:~/Downloads/signal-back$ ./signal-back_linux_amd64 help extract
 Usage: signal-back_linux_amd64 extract [OPTION…] BACKUPFILE
 Decrypt files embedded in the backup.
 --outdir DIRECTORY, -o DIRECTORY  output attachments to DIRECTORY
   --password PASS, -p PASS          use PASS as password for backup file
   --pwdfile FILE, -P FILE           read password from FILE
   --verbose, -v                     enable verbose logging output
bob@localhost:~/Downloads/signal-back$ 

Bash Loop Examples

For i in 1-100 do

Basically count to 100 and perform an operation each time i increases.

for ((i=1; i<=100;i++))
do 
  echo $i
done

for loop 1 liner

for ((i=1; i<=100;i++)) do echo $i ; done

While true (Execute forever)

Handy if you just want a script to run and repeat the same thing over and over again. Doesn't stop till you kill it.

while true
do
  echo "Repeat till infinity"
  sleep 1
done

While command is true

The following will execute the loop as long as the command in the () returns true. Once it returns false, it'll stop the loop

while (fping incredigeek.com | grep alive); 
do
  echo alive
  sleep 1
done

Bash array example

#!/bin/bash
array=(one two three)
echo "Printing first object in array."  #Replace 0 with the place number of the array item
echo ${array[0]}

echo ""

echo "Whole array"
echo ${array[*]} 

echo "" 

echo "Array indexes" 
echo ${!array[*]}

Output

Printing first object in array. 
one

Whole array
one two three

Array indexes
0 1 2

https://www.linuxjournal.com/content/bash-arrays