this post was submitted on 10 Oct 2024
221 points (99.6% liked)

196

16708 readers
2198 users here now

Be sure to follow the rule before you head out.

Rule: You must post before you leave.

^other^ ^rules^

founded 2 years ago
MODERATORS
 

My phone died a few days ago, and the Cisco Duo app overwrote 2FA key backup after connecting my old phone to the internet.
Lemmy has no backup codes, nor can you disable 2FA even while logged in without a valid token.

Anyway, I noticed there's no rate limiting on 2FA attempts.
So following Lemmy API docs I wrote this exceptionally stupid script (look at my foolish way of parallelization and no auto-stop).

I got the JWT token from logged-in Firefox session, using cookies.txt extension to export it.

Anyway, just make sure your password is secure enough, It's obviously (potentially) better than 6 digits, probably with 3 valid combinations at each time (current 30s, past 30s, future 30s windows), if I am guessing how it works right.

My attempt also clearly involved a lot of luck with just 21,830 attempts (less than 5 minutes). But, if you're lucky enough, you may guess it on first attempt, or never if you aren't.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 2 months ago (1 children)

Hell yeah

This is like the time I forgot the password to my LUKS drive and started brute forcing it using john and a custom password generation function.

I didn’t get nearly as lucky as you, it took around 18 hours, but I got in. Which was lucky since that luks drive had the sole 512 byte key to my long-term storage drive that had important paperwork on it.

[–] [email protected] 1 points 2 months ago (1 children)

Did you still remember lots of your password parameters, or was it just really short to be solved that fast?

[–] [email protected] 3 points 2 months ago

I remembered about 60% and I knew the general format of the password. It was about 30-40 characters in length so it was far from short. I couldn’t remember one of the words, the numbers, or the symbols, nor could I remember the order of the numbers and symbols since I diverted from the pattern I used to use due to the significance of the password.

I made a custom dictionary, and used john with a custom generator to make it fit the possible format of my password so that is why it was so fast. Had I not done that, it probably would have been feasible. It was also an older less secure luks partition so that helped a ton, and the fact I had a mediocre gpu (2070max-q) was the icing on the cake.

I intentionally keep no copies of my encrypted drive passwords so I was fucked if I couldn’t remember the password.