• Linux (Kali/Ubuntu etc) Forensic RAW memory dump need to find pass-phrase(sd5) of /dev/ hard drive
    0 replies, posted
Hey everyone for a project I need to find the password of the pass-phrase that I need to enter at start-up of a virtual machine (*Ubuntu*) which is suppose to be a "VPS" and stuff, but before booting i get asked to enter the pass-phrase "Unlocking the disk --------(sd5 crypt) ... Enter passphrase: " is what I get. So I used kali linux and the terminal and did the following: strings ./memorydumpfile.RAWmemory | grep "passwd" Which gave me the following results: [QUOTE][URL="http://txt.do/tlm1"][B]txt.do/tlm1 [/B][/URL][/QUOTE] But I was wondering as I myself am not that handy with linux or such if anyone could guide me to the passphrase of this hard-disk, The memory dump file : [URL]https://dl.dropboxusercontent.com/u/89740783/aaaaaaaaaa/project.RAWmemory[/URL] If anyone could help me that'd be kickass! I know there is a user called "boris" with the password "$cur" but this is not what I am looking for. Here is a printscreen of the virtualmachine asking for the passphrase: [URL]https://dl.dropboxusercontent.com/u/89740783/aaaaaaaaaa/raw.png[/URL] So the basic principle is: I need to find the passphrase in the virtual memory (.RAWmemory file) to unlock the Virtual machine and acces the "VPS" . It is for a small-sort-of-project-like thingy for school, but I honestly have no idea about linux machines. Kindest regards Siem
Sorry, you need to Log In to post a reply to this thread.