Summary

The undefined website provides an introduction to cryptography, detailing various encryption methods, practical exercises, and tools for encryption and decryption tasks.

Abstract

The undefined website offers a comprehensive guide on cryptography, covering symmetric encryption with AES256 and Camellia256 using tools like GPG and OpenSSL, asymmetric encryption with RSA, the Diffie-Hellman key exchange, hashing with SHA256, and an introduction to PKI and SSL/TLS. It includes hands-on tasks, such as decrypting messages with given keys, calculating checksums, and analyzing digital certificates. The site also addresses password authentication by providing an example of cracking an MD5 hashed password. Interactive elements, such as an encrypted message to decipher and various exercises, are designed to enhance the learning experience.

Opinions

The website encourages practical application of cryptographic concepts through interactive tasks and real-world tools.
It emphasizes the importance of secure key exchange methods like Diffie-Hellman in establishing a shared secret over an insecure channel.
The use of SHA256 for file integrity checks is recommended, demonstrating the importance of hashing in cybersecurity.
The website suggests that understanding the principles behind encryption and decryption is crucial for anyone interested in cybersecurity.
It implies that MD5, while widely used in the past, is no longer secure for password hashing due to vulnerabilities and should be avoided in favor of more robust hashing algorithms.

Introduction to Cryptography TryhackMe

Introduction

You have received the following encrypted message:

“Xjnvw lc sluxjmw jsqm wjpmcqbg jg wqcxqmnvw; xjzjmmjd lc wjpm sluxjmw jsqm bqccqm zqy.” Zlwvzjxj Zpcvcol

You can guess that it is a quote. Who said it?

https://www.quipqiup.com/

Symmetric Encryption

Decrypt the file quote01 encrypted (using AES256) with the key s!kR3T55 using gpg. What is the third word in the file?

gpg — output message.txt — decrypt quote01.txt.gpg

Decrypt the file quote02 encrypted (using AES256-CBC) with the key s!kR3T55 using openssl. What is the third word in the file?

openssl aes-256-cbc -d -in quote02 — out message_2.txt

Decrypt the file quote03 encrypted (using CAMELLIA256) with the key s!kR3T55 using gpg. What is the third word in the file?

gpg — output message_2.txt — decrypt quote03.txt.gpg

Asymmetric Encryption

On the AttackBox, you can find the directory for this task located at /root/Rooms/cryptographyintro/task03; alternatively, you can use the task file from Task 2 to work on your own machine.

Bob has received the file ciphertext_message sent to him from Alice. You can find the key you need in the same folder. What is the first word of the original plaintext?

openssl pkeyutl -decrypt -in ciphertext_message -inkey private-key-bob.pem -out decrypted.txt

Take a look at Bob’s private RSA key. What is the last byte of p?

Take a look at Bob’s private RSA key. What is the last byte of q?

openssl rsa -in private-key-bob.pem -text -noout

Diffie-Hellman Key Exchange

Diffie-Hellman is an asymmetric encryption algorithm. It allows the exchange of a secret over a public channel. We will skip the modular arithmetic background and provide a simple numeric example. We will need two mathematical operations: power and modulus. xp, i.e., x raised to the power p, is x multiplied by itself p times. Furthermore, x mod m, i.e., x modulus m, is the remainder of the division of x by m.

Alice and Bob agree on q and g. For this to work, q should be a prime number, and g is a number smaller than q that satisfies certain conditions. (In modular arithmetic, g is a generator.) In this example, we take q = 29 and g = 3.
Alice chooses a random number a smaller than q. She calculates A = (ga) mod q. The number a must be kept a secret; however, A is sent to Bob. Let’s say that Alice picks the number a = 13 and calculates A = 313%29 = 19 and sends it to Bob.
Bob picks a random number b smaller than q. He calculates B = (gb) mod q. Bob must keep b a secret; however, he sends B to Alice. Let’s consider the case where Bob chooses the number b = 15 and calculates B = 315%29 = 26. He proceeds to send it to Alice.
Alice receives B and calculates key = Ba mod q. Numeric example key = 2613 mod 29 = 10.
Bob receives A and calculates key = Ab mod q. Numeric example key = 1915 mod 29 = 10.

We can see that Alice and Bob reached the same key.

A set of Diffie-Hellman parameters can be found in the file dhparam.pem. What is the size of the prime number in bits?

What is the prime number’s last byte (least significant byte)?

Hashing

On the AttackBox, you can find the directory for this task located at /root/Rooms/cryptographyintro/task05; alternatively, you can use the task file from Task 2 to work on your own machine.

What is the SHA256 checksum of the file order.json?

sha256sum order.json

Open the file order.json and change the amount from 1000 to 9000. What is the new SHA256 checksum?

nano order.json

sha256sum order.json

Using SHA256 and the key 3RfDFz82, what is the HMAC of order.txt?

PKI and SSL/TLS

On the AttackBox, you can find the directory for this task located at /root/Rooms/cryptographyintro/task06; alternatively, you can use the task file from Task 2 to work on your own machine.

What is the size of the public key in bits?

4096

Till which year is this certificate valid?

Authenticating with Passwords

You were auditing a system when you discovered that the MD5 hash of the admin password is 3fc0a7acf087f549ac2b266baf94b8b1. What is the original password?

https://crackstation.net/

Support me as a writer by signing up for a Medium membership with my referral link, which gives you access to all my posts (and everyone else’s on Medium) →

https://medium.com/@WriteupsTHM_HTB_CTF/membership