THM – Encryption – Part 16

Bilde av cottonbro fra Pexels

This is a continued series where I document my path through different tryhackme courses. I recommend everyone that wants to learn cyber security to subscribe to and take the courses there.

Key Terms

Ciphertext – The result of encrypting a plaintext, encrypted data

Cipher – A method of encrypting or decrypting data. Modern ciphers are cryptographic, but there are many non cryptographic ciphers like Caesar.

Plaintext – Data before encryption, often text but not always. Could be a photograph or other file

Encryption – Transforming data into ciphertext, using a cipher.

Encoding – NOT a form of encryption, just a form of data representation like base64. Immediately reversible.

Key – Some information that is needed to correctly decrypt the ciphertext and obtain the plaintext.

Passphrase – Separate to the key, a passphrase is similar to a password and used to protect a key.

Asymmetric encryption – Uses different keys to encrypt and decrypt.

Symmetric encryption – Uses the same key to encrypt and decrypt

Brute force – Attacking cryptography by trying every different password or every different key

Cryptanalysis – Attacking cryptography by finding a weakness in the underlying maths

Alice and Bob – Used to represent 2 people who generally want to communicate. They’re named Alice and Bob because this gives them the initials A and B. for more information, as these extend through the alphabet to represent many different people involved in communication.

Why is Encryption important

Cryptography is used to protect confidentiality, ensure integrity, ensure authenticity.

When you log into a website, your credentials are sent to the server. These were encrypted, otherwise someone would be able to capture them.

When you connect to SSH, your client and server establish an encrypted tunnel so that no one can snoop on your session.

Whenever sensitive user data needs to be stored, it should be encrypted. Standards like PCI-DSS state that the data should be encrypted both at rest and while being transmitted.

DO NOT encrypt passwords unless you’re doing something like a password manager. Passwords should not be stored in plaintext, and you should use hashing to manage them safely.

SSH stands for Secure Shell.

Web servers prove their identity with certificates.

If you need to store or process card details you need to comply with PCI-DSS standard.

Types of Encryptions

Two main categories of encryption are symmetric and asymmetric.

Symmetric encryption

Uses the same key to encrypt and decrypt the data. Examples of Symmetric encryption are DES (broken) and AES. These algorithms tend to be faster than asymmetric cryptography and use smaller keys (128 and 256 bit keys are common for AES, DES keys are 56 bit long).

Asymmetric encryption

Uses a pair of keys, one to encrypt and the other in the pair to decrypt. Examples are RSA and Elliptic Curve Cryptography. These are usually referred to as public key and private key. Data encrypted with the private key can be decrypted with the public key and vice versa. Your private key needs to be kept private. Asymmetric encryption tends to be slower and uses larger keys, for example RSA typically uses 2048 to 4096 bit keys.

You should not trust DES as encryption.

It is ok to share your public key.

RSA – Rivest Shamir Adleman

The math side

RSA is based on the mathematically difficult problem of working out the factors of a larger number. It is quick to multiply two prime numbers together, for example 17*23 =391, but its difficult to work out what to prime numbers multiply together to make 14351 (113*127).

The attacking side

Many CTFs would normally require you to calculate variables or break some encryption based on them. The key variables that you need to know about for RSA in CTFs are p, q, m, n, d and c.

p and q are lager prime numbers, n is the product of p and q.

The public key is n and e, the private key is n and d.

m is used to represent the message (in plaintext) and c represent the cipherstext (encrypted text).

Establishing keys using asymmetric cryptography

Common use of asymmetric cryptography is exchanging keys for symmetric encryption.

Asymmetric encryption tends to be slower, so for things like HTTPS symmetric encryption is better.

How to agree a key with the server without transmitting the key for people snooping?

You have a secret code, and instructions for how to use the secret code. If you want to send your friend the instructions without anyone else being able to read it, you could ask your friend for a lock.

Only they have the key for this lock and we’ll assume you have an indestructible box that you can lock with.

If you send the instructions in a locked box to your friend, they can unlock it once it reaches them and read instructions.

After that, you can communicate in the secret code without risk of people snooping.

The above example represent a symmetric encryption key, the lock represents the servers public key, and the key represents the servers private key.

In the real world you need a little more cryptography to verify the person you’re talking to is who they say they are, which is done using digital signatures and certificates.

Digital signatures and Certificates

Whats a digital signature?

Digital signatures are a way to prove the authenticity of files, to prove who created or modified them. Using asymmetric cryptography, you produce a signature with your private key and it can be verified using your public key. Since only you should have access to your private key, this proves you signed the file.

Simplest form of digital signature would be encrypting the document with your private key, and then if someone wanted to verify this signature you would decrypt it with your public key and check if the file match.

Certificates – prove who you are

Certificates are also a key use of public key cryptography, linked to digital signatures. A common place where they’re used is for HTTPS. How does the web browser know that the server you’re talking to is the real website?

It uses certificate. The web server has a certificate that says it is the real website. The certificates have chain of trust, starting with a root CA (certificate authority). Root Cas are automatically trusted by your device, OS or browser from install. Certs belo w that are trusted because the Root Cas say they trust that organization. Certificates below that are trusted because the organization is trusted by the Root CA and so on.

SSH Authentication

Encryption and SSH authentication

By default, SSH is authenticated using username and password.

Some machine has SSH configured with key authentication instead. This uses public and private keys to prove that the client is a valid and authorized user on the server. By default, SSH keys are RSA keys. You can choose which algorithm to generate, and/or add a passphrase to encrypt the SSH key. ssh-keygen is the program used to generate pairs of keys most of the time.

SSH Private Keys

Private SSH keys should be treated like passwords. Do not share them. If someone has your private key, they can use it to log into servers that will accept it unless the key is encrypted.

Important to mention that the passphrase to decrypt the key isn’t used to identify you to the server at all, all it does Is decrypt the SSH key. The passphrase is never transmitted and never leaves your system.

Using tools like John the Ripper, you can attack an encrypted SSH key to attempt to find the passphrase, which highlights the importance of using a secure passphrase and keeping your private key private.

After generating an SSH key to log into a remote machine, you should generate the keys on your machine and then copy the public key over as this means the private key never exists on the target machine.

How do I use these keys?

The ~/.ssh folder is the default place to store these keys for OpenSSH. The authorized_keys file in this directory holds the public keys that are allowed to access the server if key authentication is enabled. In order to use a private SSH key the permissions must be set up correctly otherwise the SSH client will ignore the file with a warning. Only the owner should be able to read or write to the private key (Permission 600 or stricter).

ssh -i Key_name user@host

Using SSH keys to get a better shell

SSH keys are excellent wat to upgrade a reverse shell, assuming the user has login enabled (www-data normally does not, but regular user and root will). Leaving an SSH key in authrozied_keys on a box can be a useful backdoor.

Explaining Diffie Hellman Key Exchange

What is Key Exchange?

Allows 2 people/parties to establish a set of common cryptographic keys without an observer being able to get these keys. Generally, to establish common symmetric keys.

How Does Diffie Hellman Key Exchange work?

Alice and Bob want to talk securely. They want to establish a common key, so they can use symmetric cryptography, but they don’t want to use key exchange with asymmetric cryptography. This is where DH Key Exchange comes in.

Alice and Bob both have secrets that they generate, lets call these A and B. They also have some common material that’s public, let’s call this C.

Whenever we combine secrets/material it’s impossible or very very difficult to separate. The order that they’re combined in doesn’t matter.

Alive and Bob will combine their secrets with the common material, and form AC and BC. They will then send these to each other and combine that with their secrets to form two identical keys, both ABC. Now they can use this key to communicate.


What is PGP?

PGP stands for Pretty Good Privacy. It’s a software that implements encryption for encrypting files, performing digital signing and more.

What is GPG?

GnuPG or GPG is an Open Source implementation of PGP from the GNU project. May need to use GPG to decrypt files in CTFs. With PGP/GPG, private keys can be protected with passphrase in a similar way to SSH private keys. Can attempt to crack the passphrase using John the ripper and gpg2john.

What is AES?

AES, sometimes called Rinjdael after its creator, stands for Advanced Encryption Standard. It was a replacement for DES.

AES and DES operate on blocks of data (a block is a fixed size series of bits).

Similar Posts