RSA key Password Recovery with Docker

Hackerspace Information Security
#1

Recently been digging in the archives and found a few forgotten rsa keys used back in the day. Good thing the private keys where archived but just my luck they’re encrypted with a password and I can’t remember the passwords.

Good thing I can think of all the passwords they could have been because that gives me a strong wordlist to go from. Next thing to do is have John the ripper work his magic. Since jtr is not distributed one would have to split the list up themselves and send it off to multiple machines for work. Sure rsync and the like could do this but… if one is going to do this repeatedly why not do it right with Docker swarm.

The following Dockerfile and docker-compose.yml helps:

#Dockerfile
FROM adamoss/john-the-ripper:latest                
# Build-time metadata as defined at http://label-schema.org
ARG BUILD_DATE
ARG VCS_REF
ARG VERSION
LABEL org.label-schema.build-date=$BUILD_DATE \
          org.label-schema.name="RSA/SSH password recovery project" \
          org.label-schema.description="JTR in docker to recover with permission lost ssh keys" \
          org.label-schema.url="https://dapla.net/" \
          org.label-schema.vcs-ref=$VCS_REF \
          org.label-schema.vcs-url="e.g. https://github.com/daplanet/" \
          org.label-schema.vendor="e.g. Da Planet Security" \
          org.label-schema.version=$VERSION \
          org.label-schema.schema-version="1.0"
          org.label-schema.usage="docker build -t recoverme:latest . && docker run --rm -ti recoverme:latest"
ADD *.lst *.pem *.key /data/
WORKDIR /data
RUN cat /data/*.lst > /data/words && \
         ls *.key *.pem | xargs -I{} ssh2john {} > /data/list.jtr
CMD ['--wordlist=/data/words', '/data/list.jtr']

#docker-compose.yml
---
version: '3.6'
services:
    job:
      image: recoverme:latest
      logging:
        driver: syslog
        options:
           syslog-address: "tcp://192.168.0.42:6514"
      deploy:
        mode: global #send to all nodes
        placement:
          constraints: 
            - node.role == worker # only compute nodes
            - engine.labels.operatingsystem == ubuntu 18.04 # only linux
            - engine.labels.architecture == x64 # no arm systems
          preferences:
            - spread: node.labels.zone
...
#vim: set sw=2 sts=2 ts=2 et si ft=yaml :

The docker-compose part is optional but for those that are in the know can see how powerful that one is. Everyone else would be more interested in org.label-schema.usage line from the Dockerfile

one can than copy these files into a directory along with the files they wish to split up and send off to a cluster for password recovery.

1 Like