# Cryptography 101 ###### tags: `cyber security` `hashes` `hashcat` `john` `encryption` `cipher` ## Terms **Plaintext**: data before encryption/hashing, usually text but can be an image or other file format. **Cipher text**: The result of encrypting plain text **Cipher**: A method of encrypting or decrypting data. Most ciphers are cryptographic although there are many non-cryptographic cyphers like caesar **Encoding**: an immediately reversible form of data presentation e.g base64 / hexadecimal. **Encryption**: Transforming data into cipher text using a cipher. **Key**: some information needed to successfully decrypt cipher text to get plain text. **Passphrase**: separate from the key, it is similar to a password and is used to protect the key. *funfact: ssh keys are protected with a passphrase.* **Assymetric Encryption**: uses a different key to encrypt and decrypt. **Symmetric Encryption**: Uses the same key to encrypt and decrypt. **Hash:** fixed size output of a variable size input passed through a hash function, **Bruteforce**: Attacking cryptography by trying every different password or every different key. **Cryptanalysis**: Attacking cryptography by finding a weakness in the underlying maths. ## Hashes * Hashes are meant to be one way with the same input always producing the same output. * Hashes do not have keys and it is meant to be very difficult to go back from the output to the input. * Good hashing algorithms are relatively fast to compute, slow to reverse, and a small change in the input should cause a big change in the output. * The output of a hash function is normally raw bytes which are then encoded in base64 / hexadecimal. * **hash collisions** occur when two different inputs give the same output due to the pigeonhole effect. * Hash collisions are unavoidable. This has been thoroughly exploited for [MD5](https://www.mscs.dal.ca/~selinger/md5collision/) and [SHA1](https://shattered.io/) hashes. * Mainly used for **verifying the integrity of data** or **verifying passwords** * A **rainbow table** is a lookup of hashes to plaintext * Sites like [crackstation](https://crackstation.net/) use huge rainbow tables to crack passwords. * Use [hashes.com](https://hashes.com/en/decrypt/hash) to crack hashes online. * To protect against rainbow tables, **add a salt to the password** * The salt is randomly generated and stored in a database unique to each user * The salt is then appended or prepended to the users password before hashing which ensures that users with the same password have different password hashes * Hash functions like bcrypt and SHA-512 handle that automatically. * For hashes with prefixes, you can use [hashid](https://pypi.org/project/hashID/) to recognize the hash type, however keep the context in mind. If you found the hash in a website it is more likely to be md5 than NTLM, which tends to get mixed up by online hash recognition tools * **Windows passwords are hashed using NTLM** , a variant of MD4. These are usually identical to md4 and md5 hashes. Which is why context is important. * On **linux passwords are stored in the /etc/shadow** file to which only root has access. Previously the passwords were stored in the /etc/passwd file to which everyone had access. * Here are some unix style password prefixes | Prefix | Algorithm | | ----------------- |:----------------------- | | ```$1$``` | md5crypt, used in Cisco stuff and older Linux/Unix systems | | ```$2$, $2a$, $2b$, $2x$, $2y$``` | Bcrypt (Popular for web applications) | |```$6$``` | sha512crypt (Default for most Linux/Unix systems) | Refer to the [hashcat examples page](https://hashcat.net/wiki/doku.php?id=example_hashes) for more on format of hashes and password prefixes **HMAC** is a method of **using a cryptographic hashing function to verify the authenticity and integrity of data**. A HMAC can be used to **ensure** that the **person who created the HMAC** is who they say they are (**authenticity**), and that the **message** hasn’t been modified or corrupted (**integrity**). They **use a secret key, and a hashing algorithm** in order to produce a hash. ***Note: Never use --force on hashcat as it leads to false positives and false negatives*** ## Cracking hashes When you have a hash and are aware of the hashing algorithm used to generate it, you can use the hashing algorithm to hash a large number of words and compare those resulting hashes with the hash of interest. Once a match is found, the hash has successfully been cracked. This is a typical **dictionary attack**. ## John [the ripper] You can use John to crack passwords. While it can auto identify then crack, it pays off if you can identify the hashing algorithm used. For that you can use [hash identifier](https://gitlab.com/kalilinux/packages/hash-identifier/-/tree/kali/master) You could also just wget it from [here](https://gitlab.com/kalilinux/packages/hash-identifier/-/raw/kali/master/hash-id.py) Then run it using: ```python3 hash-id.py``` ### John syntax ```=1 john --format=[format] --wordlist=[path to wordlist] file # example john --format=Raw-MD5 --wordlist=/usr/share/wordlists/rockyou.txt hash.txt ``` To identify what to use under the format after identifying the hashing algorithm using hash-id ```=1 john --list=formats # you could also grep through for ease e.g: john --list=formats | grep -iF 'md5' # will output Raw-MD5 as one of the options ``` Authentication hashes are the hashed version of passwords that are stored by operating systems. ### NTLM NT stands for new technology and denoted a departure from the MS-DOS OS which stored passwords in the LM hash format. NT hash is the hash format that **modern windows OS** machines will **store user and service passwords in**. You can acquire the NTLM hash by: 1. **Dumping** the **SAM** database on a windows machine by **using** a tool like **mimikatz**. 1. From the AD database, the NTDS.dit file ***Note that you might not have to crack the hash to continue privilege escalation as passing the hash might be easier to do*** ### Cracking /etc/shadow hashes John is particular about the format it requires data in to work. Therefore, to crack /etc/shadow hashes we need to combine the passwords with the /etc/passwd file. To do this we use the **unshadow tool** in John. The syntax for that is: ```=1 unshadow [password file] [shadow file] > output # for example given the password file pfile and shadow file sfile we get unshadow pfile sfile > passfile # we then crack this with john john --format=sha512crypt --wordlist=/usr/share/wordlists/rockyou.txt passfile ``` ### Single Crack Mode This uses only the information provided in the username to crack the password heuristically through word mangling #### Word mangling Slightly changing the letters and numbers in the username. For example given the name Nicorobin mangling would result in: * Nicorobin1, Nicorobin2, Nicorobin3 (etc) * NicoRobin, NIcorobin, NicoRobiN (etc) * Nicorobin!, Nicorobin$, Nicorobin^ (etc) John builds its own dictionary based on the input given. It uses a set of rules called mangling rules to determine how to mutate the word provided. This exploits how poor passwords can be based on information about the username, or the service being logged into. The syntax to use single crack mode is: ```=1 john --single # example john --single --format=Raw-MD5 hash.txt ``` To crack hashes in single crack mode, prepend the name to the hash as follows username:hash ``` # for a username of nicorobin nicorobin:9dd023ec6153f040eba92ab665f794bb ``` ### Custom Rules Custom rules allow us to exploit password complexity predictability. I.e most people would capitalize the first letter and then add a number and special character at the end of a password in order to meet password complexity requirements. Custom rules are defined in the ```john.conf``` file usually located in **/etc/john/** We use a regex style pattern match to define where in the word will be modified. The most common modifiers are: * **Az**: Appends the word with characters you specify * **A0**: prepends the word with characters you specify * **c**: capitalizes the character positionally. Let's take a target pattern of: * capital letter * number * symbol A custom rule would be as follows: ```=1 # define name of rule, the name will be used as a john argument [List.Rules:Strawhat] # define specifics of rule cAz"[o-9] [!£$%@]" ``` This rule does the following: * c: capitalize the first letter. * AZ: append to the end of the word. * [o-9]: a number in the range 0-9. * [!£$%@]: any symbol among these is to follow the number. For a full list of rule modifiers see [here](https://www.openwall.com/john/doc/RULES.shtml) ### Cracking password protected Zip files You can use the **zip2john** tool similar to how you used unshadow syntax: **zip2john [options] [zipfile] > [output file]** * options: allows you to pass specific checksum options , it isn't often necessary though * zip file: the path to the zip file you wish to get the hash of * output file: the file that will store the output form example: ```=1 zip2john secure.zip > seczip.txt # crack normally with john john --wordlist=/usr/share/wordlists/rockyou.txt seczip.txt ``` ### Cracking password protected Rar files You can use the **rar2john** tool similar to zip2john syntax: **rar2john [zipfile] > [output file]** example: ```=1 rar2john secure.rar > srar #crack normally with john john --wordlist=/usr/share/wordlists/rockyou.txt srar ``` ### Cracking SSH keys You can use john to crack the ssh private key password of the id_rsa file. Crack the password of the id_rsa file to allow authentication over ssh using the key. The tool used is ... yes you guessed it: **ssh2john** Syntax: **python /usr/share/john/ssh2john.py [id_rsa file] > [output file]** Example: ```=1 python /usr/share/john/ssh2john.py idrsa.id_rsa > rshash # crack normally with john john --wordlist=/usr/share/wordlists/rockyou.txt rshash ``` ## Encryption There are two main types of encryption: * Symmetric Encryption: * Uses the same key to encrypt and decrypt the data. Examples are DES(broken) and AES. * These algorithms are usually faster than Asymmetric cryptography owing to their smaller key size 56 bits (DES), 128/256 bits (AES) * Asymmetric Encryption: * Uses a pair of keys, one to encrypt and the other in the pair to decrypt data. Usually referred to as private key and public key. * Examples are RSA and Eliptic Curve Cryptography. ### RSA: Rivest Shamir Adleman Is based on the mathematically difficult problem of working out the the factors of a large number. You can use [RSACtfTool](https://github.com/Ganapati/RsaCtfTool) and [rsatool](https://github.com/ius/rsatool) for defeating RSA challenges. * The key variables that you need to know about for RSA in CTFs are p, q, m, n, e, d, and c. * “p” and “q” are large prime numbers, “n” is the product of p and q. * The public key is n and e, the private key is n and d. * “m” is used to represent the message (in plaintext) and “c” represents the ciphertext (encrypted text). You can read more about RSA encryption [here](https://muirlandoracle.co.uk/2020/01/29/rsa-encryption/) You can use [Let's Encrypt](https://letsencrypt.org/getting-started/) to set up certificates for your sites.