قالب وردپرس درنا توس
Home / Tips and Tricks / How to Hide Confidential Files in Encrypted Containers on Your Linux System «Null Byte :: WonderHowTo

How to Hide Confidential Files in Encrypted Containers on Your Linux System «Null Byte :: WonderHowTo



As a penetration tester, we sometimes need to securely store customer data for a long time. Bruteforce-resistant, vault-like containers can be created with just a few commands to protect us from physical attacks and unintended disclosure of data.

The subject of cryptography and encryption is incredibly extensive and complex. Rather than dive into algorithms, algorithms, AES, hash functions, and LUKS, this article focuses more on reading readers by setting up a simple but very secure file container.

Essentially we will create a container (a file) that acts like a vault. When unlocked, we can store sensitive data collected during red team and post-exploitation activities. If the container is locked, nobody will be able to view the files stored in it.

I will use Kali Linux for the duration of this tutorial. Ubuntu and Debian users can follow and should use a non-root terminal to execute the following commands. The command sudo precedes where root permissions are required. If you are using Ubuntu or Debian, add sudo as instructed.

Step 1: Create a Key to Unlock the Container

To begin, we create a file that acts as a master key to unlock the container. I recommend against using passwords because a key file will completely eliminate any potential for brute-force attacks on the container.

  dd if = / dev / urandom of = / path / to / master.keyfile bs = 4096 count = 1

1 + 0 records in
1 + 0 records
4096 bytes (4.1 kB, 4.0 KiB) copied, 0.000300577 s, 13.6 MB / s 

The file name is arbitrary. For the sake of simplicity I use "master.keyfile" in the above example. The dd command will randomly generate ( / dev / urandom ) a key file of exactly 4096 bytes, which is exponentially stronger than any possible 32-digit password can imagine. This key file can be stored on a USB stick for safekeeping or stored on a remote server. Do not share, email or lose this file. Without it, the container will not be unlocked!

Recommended Storage: SanDisk Ultra 32GB USB 3.1 Flash Drive ( Amazon | Best Buy | Walmart)

Step 2: Create an Empty Container

19659006] Next we will dd and use zero to create an empty file full of null characters. This allows us to create an empty container of a certain size.

  dd if = / dev / null from = / path / to / CONTAINER bs = 1 count = 0 such = 1G

0 + 0 records in
0 + 0 records
0 bytes copied, 0.000190114 s, 0.0 kB / s 

There are two values ​​in the above command that you need to change. The path to the "CONTAINER" should be named more appropriately. Something like "safe" or "encrypted" might make more sense – so you do not forget which file is used to store sensitive data. If you're trying to camouflage the true content of the container, you can put the label "TaylorSwift.mp3" in a directory full of songs to bypass passive forensics.

I'm creating a container with 1 gigabyte ( search = 1G ) in size. This means that we are only allowed to store data in the amount of 1 gigabyte in the encrypted file. This value can be increased or decreased as needed. For example, a 250 megabyte container is represented as "250M". A very small container of 750 kilobytes is represented as "750K".

Step 3: Encrypt the Container

Next we encrypt the container with the following command [crypsetup

  sudo cryptsetup -v -y -c aes-xts-plain64 - s 512 -h sha512 -i 5000 --use-random luksFormat / path / to / CONTAINER /path/to/master.keyfile

WARNING!
========
This will overwrite data on / tmp / CONTAINER irrevocably.

Are you sure? (Enter uppercase letters): YES
Key slot 0 created.
Command Successful 

The cipher ( -c ), key size ( -s ) and hash function ( -h ) are all strongly set values and should not be changed. This command cryptsetup formats ( luksFormat ) the CONTAINER and encrypts it with the "master.keyfile" to lock it and unlock it.

You will be prompted to enter "YES" in all Capslock to continue, which may take several minutes, depending on the size of the container, and a 100 GB container may take up to five minutes. [19659016] Step 4: Unlock the container

When that's done, we need to unlock the CONTAINER to format the volume.

  sudo cryptsetup luksOpen / path / to / CONTAINER PRIVATE --key-file / path / to /master.keyfile

This cryptsetup command will unlock ( luksOpen ) our container with the "master.keyfile" ( – key file ) in step 1 created. Mapper point ("PRIVATE") is used to map (and later mount) devices and volumes. The name "PRIVATE" is arbitrary and can be renamed in everything.

Step 5: Format the unlocked volume

When you format the unlocked CONTAINER, you can actually read and write data to the volume. There are many usable format types such as FAT32 and NTFS. I will use Ext4, a widely used and flexible Unix format. Each Debian or Ubuntu computer can unlock and read files stored in the container.

Use the following command mkfs to format the unlocked container.

  sudo mkfs.ext4 / dev / mapper / PRIVATE RAILINGS

mke2fs 1.44.3 (July 10, 2018)
Creating a file system with 261632 4k blocks and 65408 inodes
File system UUID: 948eae1b-dd6d-4910-8a3c-3474488bdf0c
Superblock backups stored on blocks:
32768, 98304, 163840, 229376

Assignment of group tables: done
Write inode tables: done
Create journal (4096 blocks): done
Creating superblocks and file system accounting information: done 

Step 6: Deploy the unlocked volume to a local directory

First, create a directory using the command mkdir . When the volume is unlocked and deployed, files in that container are available in this directory. I'm calling the "Private" directory, but it can be renamed everything.

  mkdir ~ / Private 

Then use the following command to mount the unlocked volume on the new ~ / Private

  sudo mount / dev / mapper / PRIVATE ~ / Private 

Using mount is similar to plugging a USB key into your laptop. Kali users can access the content by navigating to / root / Private with File Manager.

Ubuntu and Debian Users Can Navigate to / home / / Private

Step 7: Setting File Permissions

This command is especially important for Ubuntu and Debian users. Set the disk permissions so that non-root users can access data in the container when it is unlocked. Otherwise, only root users can change content in the container.

  sudo chown -R "$ USER": "$ USER" ~ / Private 

The command chown recursively ( -R ) Change the permissions of the unlocked container and its content for the current users ( $ USER ) permission setting

Step 8: Lock the container if you have & # 39; re Done

When you finish adding or deleting files in the container, use the following command umount to detach the volume and lock the container ( luksClose ) , sudo umount / root / Private && sudo cryptsetup luksClose PRIVATE

Step 9: Unlock the container when you need it

If you need to unlock the container in the future, use the following Unlock command ( luksOpen ) the container

  sudo cryptsetup luksOpen / path / to / CONTAINER PRIVATE --key-file /path/to/master.keyfile

The n, mount the volume with the command mount to a local directory.

  sudo mount / dev / mapper / PRIVATE ~ / Private 

Automate Safe Container Creation (optional)

For This Item I have created an interactive bash script to automate the creation of secure containers. The user is prompted for a container name, key file name, mount point, and container size. The rest of the process is completely automated and takes less than 60 seconds.

  #! / Bin / bash

G = " 033 [1; 32m";
    N = " 033 [0; 39m";
    function notification ()
    {
        echo -e "$ G" " n [+] $ 1" "$ N"
};
Function nameVol ()
{
read -p "Name of the encrypted container (for example," Vault "," licencelist.txt "):" vol_name;
if [[ ! -n "$vol_name" ]]; then
vol_name = & # 39; EncryptedContainer & # 39 ;;
fi
};
Function NameKey ()
{
read -p "keyfile name (for example," master.keyfile "," image.jpg "):" key_file;
if [[ ! -n "$key_file" ]]; then
key_file = & # 39; master.keyfile & # 39 ;;
fi
};
Function nameMount ()
{
read -p "Where the container is appended when it is unlocked (for example," luksPrivate "):" mount_dir;
if [[ ! -n "$mount_dir" ]]; then
mount_dir = & # 39; luksPrivate & # 39 ;;
fi
};
Function nameSize ()
{
read -p "Select the volume size (eg 10G, 200M):" vol_size;
if [[ ! -n "$vol_size" ]]; then
vol_size = & # 39; 1G & # 39 ;;
fi
};
Function ddZero ()
{
dd if = / dev / zero from = "$ vol_name" bs = 1 count = 0 seek = "$ vol_size" && notification "Empty volume created."
};
Function ddRandom ()
{
dd if = / dev / urandom = "$ key_file" bs = 4096 count = 1 && notification "key file created successfully."
};
Function encryptCon ()
{
sudo cryptsetup -v -y -c aes-xts-plain64 -s 512 -h sha512 -i 5000 --use-random luksFormat "$ vol_name" "$ key_file" && notification "Encrypted container created."
};
Function encryptOpen ()
{
sudo cryptsetup luksOpen "$ vol_name" "$ mount_dir" - key file "$ key_file" && notification "Unlocked volume."
};
Function mkfsFormat ()
{
sudo mkfs.ext4 / dev / mapper / "$ mount_dir" && notification "volume formatted."
};
Function mountDir ()
{
if [[ ! -d $HOME/"$mount_dir"/ ]]; then
mkdir -p $ HOME / "$ mount_dir" /;
fi;
sudo mount / dev / mapper / "$ mount_dir" "$ HOME" / "$ mount_dir" / && Alert "Volume mounted."
};
Function volPerm ()
{
sudo chown -R "$ USER": "$ USER" "$ HOME" / "$ mount_dir" && notification "Set volume permissions, do not lose the keyfile!"
};
NameVol;
NameKey;
Name Mount;
Size;
ddZero;
ddRandom;
encryptCon;
encryptOpen;
mkfsFormat;
MountDir;
volPerm 

Simply save the above script in a file named "createContainer.sh", run the script ( chmod ) and execute it with the following commands:

  chmod + x createContainer. Sch
./createContainer.sh

Below is a GIF of the script in action.

Encrypt all things!

There are many applications for encrypted containers. As a penetration tester, it's important to keep your customer data in a safe place while you work to prevent inadvertent file clutter. As a daily Ubuntu user, financial data, password files, and private photos can be easily backed up using this method. Everyone can save their data in just a few simple steps.

If you have questions or concerns about a step in this article, feel free to leave a comment.

Cover Picture by Marcos Mayer; Screenshots of tokyoneon / zero byte

Source link