[redEyesBlackDrag]

Greetings friends,

I've started working on cracking the passwords from the recent FortiGate config.txt leak from the Belesn Group. Setup: 5 GPU server.


Let me know if you are interested on ip:user:pass clear credentials.
Current progress: 12 passwords (not tested). Just started, I'll keep updating.

There are at least 3 types of hash:

• SH2* --> base64(SHA256(password))
  
• PB2* --> base64(PBKDF2(password))
  
• * --> AES + rolling XOR key
  

---

Hash list: https://oshi.at/ogNt ( Tor domain: 5ety7tpkim5me6eszuwcje7bmy25pbtrjtue7zkqqgziljwqy3rrikqd.onion )
    Mirror: http://0.vern.cc/XY.txt

---

[Kraken007]

I would like to know how you have progressed in decryption.

[Dewa09992]

that is interresting , brother

[Phiberoptik]

Keep us posted on the decryption state

[jackbracher963]

could you post email addresses/usernames for the passwords?

[donjuantheman2]

very interesting, im in the learning phase here. tried finding module 33900 for hashcat but without luck.
So i went for the 'SH2' hashes i could find and hashcat 1400, but most of em are of by bytes.

i can try resolve that with
| base64 -d \
| xxd -p -c 9999 \
| cut -c 1-64 \

But not sure if thats correct.

feel free to poke me and ill hit some of em to (if you want to advice on hashcat runcommand)

[omgru4real]

Sooo...how the fuck did you get access to the vector keys? Do you work for Fortigate lol

[theCardfather]

This is interesting stuff bro

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

[Edorado]

hi
if u can give me all configs i can help u with AES .

[n30h4x0r]

Interesting stuff. Keep us posted!

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Selling in buyer's place