Git-Mirrors/sec-pentesting-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/sec-pentesting-toolkit.git synced 2025-04-27 02:59:08 -04:00
Code Issues Packages Projects Releases Wiki Activity
sec-pentesting-toolkit/Cryptography
History
bt3gl 800cbd2a97 readms
2014-11-20 16:18:22 -05:00
..
MD5
Reorganized
2014-11-03 10:49:17 -05:00
Paillier
Reorganized
2014-11-03 10:49:17 -05:00
Rotation-Ciphers
readms
2014-11-20 16:18:22 -05:00
SHA
Reorganized
2014-11-03 10:49:17 -05:00
tools
some math scripts
2014-10-27 20:10:17 -04:00
glossary.md
glossaries
2014-11-03 11:20:37 -05:00
README.md
readms
2014-11-20 16:18:22 -05:00

README.md

Cryptography

  • Often data is just encoded in base64 or hex. Other times it's just compressed (gzip):
    • text 32 characters long --> md5 hash.
    • 40 characters long --> SHA1 hash.
    • equal signs spread --> base64 encoded string.
    • text only letters, without numbers or special characters --> Caesar, Vigenere, or other type of cipher.
    • hints about keys and signing --> likely RSA.

MD5

  • The MD5 hashing algorithm always returns 128 bit values, so the chance that two randomly chosen objects have the same hash is 1:2**128.

Scripts

  • Hash length extension attack
  • Brute force hex digest chars

Command Line

$ echo -n password | md5sum
5f4dcc3b5aa765d61d8327deb882cf99
  • 32 chars
7e1321b3c8423b30c1cb077a2e3ac4f0a2a551a6458a8de22446cc76d639a9e98fc42c6cddf9966db3b09e843650343578b04d5e377d298e78455efc5ca404d5f4c9385f1902f7334b00b9b4ecd164de8bf8854bebe108183caeb845c7676ae48fc42c6ddf9966db3b09e84365034357327a6c4304ad5938eaf0efb6cc3e53dc7ff9ea9a069bd793691c422fb818

SHA

  • SHA-1 has output size of 160 bits, so chances of collisions are 2**160.

  • Hash maker.

Scripts

  • SHA-256 brute force

Command Line

  • Brute force:
import hashlib, itertools
hash = '6307c5441ebac07051e3b90d53c3106230dd9aa128601dcd5f63efcf824ce1ba'
ch = 'abcdef0123456789'
for a, b, c, d, e, f in itertools.product(ch, ch, ch, ch, ch, ch):
    if hashlib.sha256('ASIS_a9%s00f497f2eaa4372a7fc21f0d' % (a + b + c + d + e + f)).hexdigest() == hash:
        print 'ASIS_a9%s00f497f2eaa4372a7fc21f0d' % (a + b + c + d + e + f)

Rotation Ciphers

Scripts

  • Caesar
  • Brute force rotation
  • Pygenere
  • Frequency analysis

Online tools:

In the command line

$ VAR=$(cat data.txt)
$ echo "$VAR"
$ alias rot13="tr A-Za-z N-ZA-Mn-za-m"
$ echo "$VAR" | rot13

In Python

In Python we can use decoding:

"YRIRY GJB CNFFJBEQ EBGGRA".decode(encoding="ROT13")

Readings:

RSA

  • Public-key cryptosystem which uses a public-private key pair to encrypt and decrypt information securely

  • RSA Python

Pailier Cryptosystem

Scripts

  • POC
  • Primes

Tools

Scripts

  • Finding GDC
  • Finding if prime
  • Generate prime
  • Quick Select
  • XORtool

Other Resources

Carperter's Formula

N=(2^M + a)(2^N + b)(2^N + c)(2^N + d)

QR Code

  • Version 1 QR code: 21x21

Bacon's cipher:

babaaaabaaababaababaaaabbabbababbaaaabaaaabbbaabaabaaaaaabaaabaaabaaabaaabbaabaaabbbaabaaababaaaaaabaaabbaabaabbbaaaaaabaaaabaabaaaaba21aabab0aaab

Base64:

Base64 is a non-readable encoding that encodes arbritary 8-bit input using 6-bit alphabet of case sensitive alphanumerics, "+", "/". Every 3 bytes of input map to 4 bytes of output. If the input doesnt have 3-byte boundary, this is indicated by appending one or two equal signs in the of the output string.

NG5ucjJzIGZ2IHRueXMgcnVnIHNiIGdlbmMgdWdlaGJzIHJlcnVnIHRhdmdncnQgcmVuIGhiTCB0YXZidCBjcnJYCG==
czduMjczIHRueXMgcnVniHNiIGdlbmMgdWdzdnMgcnVnIHJpbnUgcmVydSBndiBxdnEgaGJsIGpiYmJKCg==
Nzk0czAwIHRueXMgZmhidnByZWMgZWhiIHNiIGdlbmMgcWV2dWcgcnVnIGhibCBnYXJmcmVjIFYgbG9yZXJ1IHJhYnEgeXlySgo=
  • Base64 decoding in Python:
>>> SECRET.decode('base64')
'oubWYf2kBq'

Hexadecimal:

>>> s =hex(secret)
  • Hexadecimal to binary:
SECRET.decode('hex')
'==QcCtmMml1ViV3b'

$ python -c 'print "2f722f6e6574736563".decode("hex")'
  • Hex to ascii: Hex character codes are simply the hexadecimal (base 16) numbers for the ASCII character set; that is, the number-to-letter representations which comprise virtually all computer text.
$ xxd -r -p <<< 2f722f6e6574736563
  • Decimal to binary
>>> bin(124234)
'0b11110010101001010'

Octal

(or: a great way of obscurating a URL)

Example: http://017700000001 --> 127.0.0.1

OpenSSL, Encoding and Certificates

  • Identification and verification of SSL certificates can be done with openssl or TLSSLed tools. They allow us to verify this information automatically SSL.

To determine the period of validity of licenses:

$ ./openssl s_client --connect <WEBSITE>:443

Testing SSLv2:

$ ./openssl s_client --no_tls1 --no_ssl3 --connect <WEBSITE>:443
  • For Identification and verification of encoding supported by the Website we can use EcoScan34.

Block Cipher Encryption

  • Electronic code book (ECB) mode.
  • Simplest and default block cipher mode.
  • Message is split into blocks and each is encrypted separately.
  • Disavantage: identical plaintext block encrypts to identical cipher text block (for example, figures).

Attacking Randomness

  • Good Randomness is vital for cryptographic operations.

  • Two common attack against a PRNG :

    • PRGN state is reconstructed from its output.
    • Same PRNG is used more than once.

  • Statistically random is not secure random!

    • if a PRNG is seeded with a value the attacker can influence, the state of the PRNG is likely compromised.

  • Seed race condition attacks:

    • System clock often used to seed PRNG
    • Submit 10's or 100's of rquests at a time. Seed a PRNG with the same system clock and the output will be the same.