Git-Mirrors/sec-pentesting-toolkit

Fork 0

mirror of https://github.com/autistic-symposium/sec-pentesting-toolkit.git synced 2025-04-27 02:59:08 -04:00

History

bt3 a220272599 some small fixes

2014-11-05 13:33:55 -05:00

MD5

Reorganized

2014-11-03 10:49:17 -05:00

Paillier

Reorganized

2014-11-03 10:49:17 -05:00

Rotation-Ciphers

Reorganized

2014-11-03 10:49:17 -05:00

SHA

Reorganized

2014-11-03 10:49:17 -05:00

tools

some math scripts

2014-10-27 20:10:17 -04:00

glossary.md

glossaries

2014-11-03 11:20:37 -05:00

README.md

some small fixes

2014-11-05 13:33:55 -05:00

README.md

Cryptography

MD5

Scripts

Hash length extension attack
Brute force hex digest chars

Command Line

$ echo -n password | md5sum
5f4dcc3b5aa765d61d8327deb882cf99

32 chars

7e1321b3c8423b30c1cb077a2e3ac4f0a2a551a6458a8de22446cc76d639a9e98fc42c6cddf9966db3b09e843650343578b04d5e377d298e78455efc5ca404d5f4c9385f1902f7334b00b9b4ecd164de8bf8854bebe108183caeb845c7676ae48fc42c6ddf9966db3b09e84365034357327a6c4304ad5938eaf0efb6cc3e53dc7ff9ea9a069bd793691c422fb818

Use Python's md5.md5().digest()
md5 hashes: here and here

SHA

Scripts

SHA-256 brute force

Command Line

Brute force:

import hashlib, itertools
hash = '6307c5441ebac07051e3b90d53c3106230dd9aa128601dcd5f63efcf824ce1ba'
ch = 'abcdef0123456789'
for a, b, c, d, e, f in itertools.product(ch, ch, ch, ch, ch, ch):
    if hashlib.sha256('ASIS_a9%s00f497f2eaa4372a7fc21f0d' % (a + b + c + d + e + f)).hexdigest() == hash:
        print 'ASIS_a9%s00f497f2eaa4372a7fc21f0d' % (a + b + c + d + e + f)

Rotation Ciphers

Scripts

Caesar
Brute force rotation
Pygenere
Frequency analysis

Online tools:

Frequency analysis: here and here

In the command line

$ VAR=$(cat data.txt)
$ echo "$VAR"
$ alias rot13="tr A-Za-z N-ZA-Mn-za-m"
$ echo "$VAR" | rot13

In Python

In Python we can use decoding:

"YRIRY GJB CNFFJBEQ EBGGRA".decode(encoding="ROT13")

Pailier Cryptosystem

Scripts

POC
Primes

Tools

Scripts:

Finding GDC
Finding if prime
Generate prime
Quick Select
XORtool

Other Resources

Carperter's Formula

Very large number: bin and check if patterns. For example, using the Carpenter's Formula:

N=(2^M + a)(2^N + b)(2^N + c)(2^N + d)

QR Code

Version 1 QR code: 21x21

Bacon's cipher:

babaaaabaaababaababaaaabbabbababbaaaabaaaabbbaabaabaaaaaabaaabaaabaaabaaabbaabaaabbbaabaaababaaaaaabaaabbaabaabbbaaaaaabaaaabaabaaaaba21aabab0aaab

Online tool

Base64:

Base64 Decoder

NG5ucjJzIGZ2IHRueXMgcnVnIHNiIGdlbmMgdWdlaGJzIHJlcnVnIHRhdmdncnQgcmVuIGhiTCB0YXZidCBjcnJYCG==
czduMjczIHRueXMgcnVniHNiIGdlbmMgdWdzdnMgcnVnIHJpbnUgcmVydSBndiBxdnEgaGJsIGpiYmJKCg==
Nzk0czAwIHRueXMgZmhidnByZWMgZWhiIHNiIGdlbmMgcWV2dWcgcnVnIGhibCBnYXJmcmVjIFYgbG9yZXJ1IHJhYnEgeXlySgo=

Base64 decoding in Python:

>>> SECRET.decode('base64')
'oubWYf2kBq'

Hexadecimal:

>>> s =hex(secret)

Hexadecimal to binary:

SECRET.decode('hex')
'==QcCtmMml1ViV3b'

$ python -c 'print "2f722f6e6574736563".decode("hex")'

Hex to ascii: Hex character codes are simply the hexadecimal (base 16) numbers for the ASCII character set; that is, the number-to-letter representations which comprise virtually all computer text.

$ xxd -r -p <<< 2f722f6e6574736563

Decimal to binary

>>> bin(124234)
'0b11110010101001010'

Octal

(or: a great way of obscurating a URL)

Example: http://017700000001 --> 127.0.0.1