Cryptography

๐ Resources ๐
Tools
Theory
Hashing is a process that transforms input data into a unique hash value, a fixed-length string of characters, also known as a digest. This hash value serves as a unique representation of the original data, and even a minor modification in the data will result in a different hash value. Unlike encryption or encoding, hashing is a one-way process, meaning the original data cannot be recovered from the hash.
Computer science - Polynomial Time (e.g. hashing algorithm = reasonable time) vs Non-deterministic Polynomial Time (e.g. un-hashing algorithm = long time)
Some hashing algorithms: MD4, MD5, SHA1, NTLM, etc
Word: "white"
MD4 76b737528246b908e6817dd81bd41e5d
MD5 d508fe45cecaf653904a0e774084bb5c
SHA1 528cef87d0bfb947548ab94679d1e5765f19089a
SHA256 018fa96a44715c90bf93be148069cb28dd45d398f2cc75aa1565311f6e55d174
Encoding is used to convert data into a different format to ensure compatibility with a particular system. Common encoding methods for the English language include ASCII, UTF-8, UTF-16, UTF-32, ISO-8859-1, and Windows-1252. UTF-8, UTF-16, and UTF-32 are Unicode encodings capable of representing characters from various languages, such as Arabic and Japanese.
Encryption is the only method that safeguards data confidentiality by using a cryptographic cipher and a key. This process is reversible, as long as the cipher is known and the key is accessible.
Commands
ssh-keygen
gpg --import <yourkey>.key
gpg --decrypt <message>.gpg
hexdump -C <file.txt>
md5sum <file.txt>
sha1sum <file.txt>
sha256sum <file.txt>
sha512sum <file.txt>
cat /etc/shadow
# Encrypted password:
# $prefix$options$salt$hash
man 5 crypt
echo "Text" | base64
echo "EncodedText" | base64 -d
Hash cracking
john
# John the Ripper
john <options> <file with hashes>
john --list=formats
cat /usr/share/john/john.conf | grep -i rules
john --wordlist=<path to wordlist> <path to file>
john --format=<format> --wordlist=<path to wordlist> <path to file>
# e.g.
john --wordlist=/usr/share/wordlists/rockyou.txt hash_to_crack.txt
john --format=raw-md5 --wordlist=/usr/share/wordlists/rockyou.txt hash_to_crack.txt
# Crack Windows authentication hashes
# e.g.
john --format=NT --wordlist=/usr/share/wordlists/rockyou.txt ntlm_to_crack.txt
# Crack /etc/shadow hashes
unshadow <path to passwd> <path to shadow>
# e.g.
unshadow local_passwd local_shadow > unshadowed.txt
john --format=sha512crypt --wordlist=/usr/share/wordlists/rockyou.txt unshadowed.txt
# Single crack mode & mangling rules
john --single --format=<format> <path to file>
# Crack password-protected Zip/RAR files
zip2john <options> <zip file> > <output file>
rar2john <rar file> > <output file>
# e.g.
zip2john zipfile.zip > zip_hash.txt
rar2john rarfile.rar > rar_hash.txt
john --wordlist=/usr/share/wordlists/rockyou.txt zip_hash.txt
# Crack SSH keys
ssh2john <id_rsa private key file> > <output file>
# e.g.
ssh2john id_rsa > id_rsa_hash.txt
john --wordlist=/usr/share/wordlists/rockyou.txt id_rsa_hash.txt
Last updated
Was this helpful?