0

I've been away from my computer for a few months and forgot my Ubuntu login password. This is a problem since I have an encrypted home directory with lots of important files on it.

I came across this thread:

https://ubuntuforums.org/showthread.php?t=2252728

The guy who posted it claims to have solved the problem using John the Ripper with a python script called ecryptfs2john.py

Is this a brute force method? I have a feeling I used a really strong password so I don't know if that'll work. Another thread here talking about brute forcing:

Recovering data from a partition without the passphrase

Is brute forcing the only option here? If so, do you have the option of bruteforcing either the password or the wrapper passphrase? In this case, I have an idea of a number of different passwords I might have used, it's too much to try and guess manually because I probably prefixed the password with a symbol, and added numbers after, and also might have mixed up the cases of the characters. hashcat has a feature called "mask attack" which is kind of like an intelligent brute force attack, it doesn't just guess every possible combination of characters, instead it uses logic to generate a list of password guesses. Can John the Ripper do this too? Can hashcat be used to brute force login passwords like this?

Here's a couple of articles I found on using Hashcat to brute force linux disk encryption:

https://penguin-systems.com/node/8

https://blog.pnb.io/2018/02/bruteforcing-linux-full-disk-encryption.html

https://samsclass.info/123/proj10/p12-hashcat.htm

John Slotsky
  • 53
  • Related: https://askubuntu.com/questions/376525/ecryptfs-lost-passphrase; https://askubuntu.com/questions/263928/what-is-the-command-to-retrieve-the-pass-phrase-of-an-encrypted-home-directory – Melebius Aug 16 '18 at 09:10
  • don't you have write it on one piece of paper? that will be a lot faster than trying to find your password these algorithm – damadam Aug 16 '18 at 09:12
  • I'm not having any luck so far. I found out that a lot of the stuff I need to recover is located in /var/www which isn't encrypted so I was able to upload some of it to the internet but my comp keeps crashing when running the Live CD and now I can't get in at all for some reason. Is there a way I can bypass the bootloader altogether and just get shell access to the filesystem so I can at least recover the /var/www directory? I have a HP ENVY laptop. My laptop doesn't have an ethernet cable, that would make things so much easier – John Slotsky Aug 17 '18 at 12:50
  • Please [edit] your question to add details. It helps to keep our Q&A style tidy and could also bring more attention since an edited question gets bounced on the homepage. – Melebius Aug 20 '18 at 14:06

0 Answers0