search
githubEdit

Ansible Vault Credentials Recovery

hashtag
Tool: https://pypi.org/project/ansible-vault/

hashtag
Possible location: main.yml file of an ansible playbook

hashtag
Steps:

hashtag
1) Place hash to a file

hashtag
2)

sed -i 's/^[ \t]*//' vault_hash.txt (Removes whitespaces)

hashtag
3)

ansible2john vault_hash.txt > john_hash.txt

hashtag
4)

john john_hash.txt --wordlist=/usr/share/wordlists/rockyou.txt

hashtag
5) Decrypt ansible vault hash using the cracked password from John

cat vault_hash.txt | ansible-vault decrypt
PreviousCredential HarvestingNextDPAPI Credentials Dumping and Decrypting

Last updated