[Solved] FOGProject Tecnical Info



  • Hey guys.
    I am here but its not because of problems that FOG cause to me.
    I am a Cyber Security Student and I am doing an “auditory” in 1 small company, and they use fog to update their images.

    What I wanted to know, how FOGCrypto works.
    I already searched FOGCrypto on google & github but I only find the executable, not the Source Code.



  • @george1421
    Finally, I did the decrypter :P
    Thanks for the code!



  • @george1421 Well, they still use 1.2.0… and they are Using Win 7 x86 Enterprise as a client and ubuntu 14 as a server…
    And yes, I tried 1.5.4 … this is why I wanted some info on how to reverse the AD Pass.

    I tried to install one fog image on VMWare but no success… the image on 40-50% failed…


  • Moderator

    @besa said in [Solved] FOGProject Tecnical Info:

    Its not for a paper, but for recommendation. My brothers supervisor wanted to take a look to the {Company}… and they use old fog system[1.2.0].

    Just be aware that FOG 1.2.0 is really old. It doesn’t support win10, uefi, gpt disks, and current hardware. If you are imaging older stuff then it will work OK for you. But if you are going to need anything I mentioned, you will need a more current release of FOG. FOG versions newer don’t need fogcrypt since its all built in now.



  • Oky, I get it. The password is hashed with passphrase that is located in config.ini (dahh) …
    Thanks



  • Its not for a paper, but for recommendation. My brothers supervisor wanted to take a look to the {Company}… and they use old fog system[1.2.0].
    If I “grab” the system, my work finish.
    So, Active Directory uses Admin credentials(1 point for me), so if I get the pass, I am in.
    I though that FOGCrypt uses FOG unique identification for HASH, but I couldn’t find his source code to “reverse”(brute force dictionary).


  • Moderator

    FOGCrypto is and old program used to encrypt password so they could be saved in fog. Not really of value for a cyber security student to write a paper on.

    On a whole fog is not very secure because it uses many older protocols like NFS v3 and http (vs https). There is still some very old code in FOG that was written when security wasn’t really a topic. In the context of cyber security there are many reasons to not use FOG in vulnerable environments (if you were looking for a different entry point to discuss). Understand I’m not saying anything bad about FOG, but it was originally written in different time and space.

    The developers are slowly working on FOG 2.0 code base that was built from the beginning with cyber security in mind. That release is still a while off at the moment from being realized. But the baseline stuff that has been done so far looks really great.


Log in to reply
 

549
Online

6.3k
Users

13.7k
Topics

129.2k
Posts