Gocrypt
Jump to navigation
Jump to search
User space tipo virtuali fuse pagrindu sukurta failu sistema skirta failu sifravimui. Naudojamas sifras AES256-GCM arba AES256-SIV. Panaudojimas labai paprastas, vaultai kuriami direktorijose, nereikia formatuoti ar kitaip paruosti disku ar ju particiju, galima naudoji jau esamoje failu sistemoje. Multiplatformis veikia Windows (cppcryptfs) Linux ir MacOS.
MacOS
Idedam i ~/.zshrc
export PATH="${PATH}:/usr/local/go/bin:${HOME}/go/bin"
Buildinam
./build-without-openssl.bash
Mount scriptas, skirtas uzmountinti encryptinta volume is SMB. Pirma karta uzmountina, antra karta jeigu path'ai jau yra primontuoti, unmountina.
#!/bin/bash
LOCAL_PATH=$HOME/data
REMOTE_PATH="//admin:admin@server.lan/secret/data"
if ! [[ -d $LOCAL_PATH/.tmp ]]; then
mkdir -p $LOCAL_PATH/.tmp
fi
if ! [[ -d $LOCAL_PATH/Private ]]; then
mkdir -p $LOCAL_PATH/Private
fi
if ! [[ -e $LOCAL_PATH/.pswd ]]; then
echo "Create file $LOCAL_PATH/.pswd with your encrypted vault password"
fi
mounted=0
if ! [[ -e $LOCAL_PATH/.tmp/gocryptfs.conf ]]; then
mount_smbfs $REMOTE_PATH $LOCAL_PATH/.tmp
else
echo "SMB is already mounted"
mounted=$((mounted+1))
fi
if ! [[ -e $LOCAL_PATH/Private/.mounted ]]; then
gocryptfs -passfile $LOCAL_PATH/.pswd $LOCAL_PATH/.tmp $LOCAL_PATH/Private
else
echo "Cryptfs is already mounted"
mounted=$((mounted+1))
fi
if [[ $mounted == 2 ]]; then
echo "All filesystems are mounted, unmounting..."
umount $LOCAL_PATH/Private
umount $LOCAL_PATH/.tmp
fi
Analogiškas variantas PowerShell scriptas windows sistemai
<#
.SYNOPSIS
maps and unmaps network drives
.DESCRIPTION
Maps or unmaps the specified network drives in the script
.EXAMPLE
mount
Maps or unmaps the specified network drives in the script
.NOTES
Author: e1z0
Copyright: 2024 e1z0
: Permission to use is granted but attribution is appreciated
Initial: 09/23/2024)
ModHist:
:
#>
[CmdletBinding()]
$username = "devnull"
function NewPwd {
param ()
# write new password
$SecureString = Read-Host -Prompt "Enter your new Password" -AsSecureString
$EncryptedString = ConvertFrom-SecureString $SecureString
$EncryptedString | Out-File smb.txt # Because who would look inside, right?
}
# Does not work in PowerShell 5.1
function Unmount-Disks {
$DriveList = Get-WMIObject Win32_LogicalDisk | Where-Object { $_.DriveType -eq 4 }
# Don't bother running this if we don't have any mapped drives
if ($DriveList) {
$SmbDriveList = $DriveList.DeviceID
} else {
Write-Host "No mapped drives found"
Return
}
Write-host "Unmapping drive: " -NoNewLine
Write-Host $SmbDriveList
Write-Host " "
Foreach ($drive in $SmbDriveList) {
$psDrive = $drive -replace ":" #remove unwanted colon from PSDrive name
Remove-SmbMapping -LocalPath $Drive -Force -UpdateProfile
If ( (Get-PSDrive -Name $psDrive -Scope Global) 2>$Null ) {
Remove-PSDrive -Name $psDrive -Scope Global -Force
}
}
Write-Host " "
# Report back all FileSystem drives to confirm that only local drives are present.
Get-PSDrive -PSProvider FileSystem
}
function Unmount-Disk {
param (
[string]$letter
)
try
{
$mappings_to_remove = Get-PSDrive $letter -ErrorAction SilentlyContinue
Remove-PSDrive $mappings_to_remove -PSProvider FileSystem -Scope Global -erroraction SilentlyContinue | Out-Null
Remove-SMBMapping $mappings_to_remove -Force -erroraction SilentlyContinue | Out-Null
}
catch
{
}
}
function Mount-Disk {
param (
[string]$letter,
[string]$Path
)
$EncryptedString = Get-Content $env:USERPROFILE\.mnt.txt
$SecureString = ConvertTo-SecureString $EncryptedString
$Creds = New-Object System.Management.Automation.PSCredential -ArgumentList $username,$SecureString
New-PSDrive -Name $letter -PSProvider FileSystem -Root $Path -Persist -Credential $Creds -Scope Global
}
function MapPath {
param (
[string]$Path
)
$EncryptedString = Get-Content smb.txt
$SecureString = ConvertTo-SecureString $EncryptedString
$Creds = New-Object System.Management.Automation.PSCredential -ArgumentList $username,$SecureString
New-PSDrive -Name MyRemoteDrive -PSProvider FileSystem -Root $Path -Credential $Creds -Scope Global
}
function MountCrypt {
param (
[string]$Path,
[string]$Letter
)
$EncryptedString = Get-Content private_data.txt
$SecureString = ConvertTo-SecureString $EncryptedString
$UnsecurePassword = (New-Object PSCredential 0, $SecureString).GetNetworkCredential().Password
C:\programs\cryptfs\cppcryptfs.exe -m $Path -d P -p $UnsecurePassword -t
}
Write-Host "Options:"
Write-Host "1 -> Mount \\server.lan\private smb share"
Write-Host "2 -> Unmount smb shares"
Write-Host "3 -> Unmount all shares"
Write-Host "4 -> Change password"
Write-Host "5 -> Exit"
$FromObj = "Please input object number"
$giveMeNumber = { (Read-Host $FromObj) -as [int] }
$FromInput = & $giveMeNumber
while($FromInput -isnot [int]) {
Write-Output "Your input has to be a number."
$FromInput = & $giveMeNumber
}
if ($FromInput -le 0) {
Write-Output "Your input has to be a number greater than 0!"
$FromInput = & $giveMeNumber
}
elseif ($FromInput -ge 6) {
Write-Output "Your input has to be a number less than 6!"
$FromInput = & $giveMeNumber
}
switch ($fromInput -as [int]) {
1 {
Write-Host "Mounting drives..."
MapPath -Path '\\server.lan\private'
MountCrypt -Path '\\server.lan\private\data' -Letter 'P'
break
}
2 {
Write-Host "Unmounting drives..."
# does not work in PowerShell 5.1
#Unmount-Disk -letter "X"
#Get-PSDrive X, z -PSProvider FileSystem -Scope Global | Remove-PSDrive -Scope Global -Force
#Remove-SmbMapping -LocalPath "X:" -Force
#remove-psdrive -name Z -Scope Global
net use P: /delete
break
}
3 {
net use * /delete /y
break
}
4 {
NewPwd
break
}
default {
Write-Host "Exiting..."
Break Script
}
}
Write-Host -NoNewLine 'Done!';
Start-Sleep -Seconds 3
Scriptas yra daugiau kaip PoC parodyti, kaip reikia dirbti su securestringais (t.y su užmaskuotais slaptažodžiais powershell scriptuose).