Cryptography
What is cryptography?
Cryptography is the process of converting something in plan text into a cipher text. Keep in mind that something in plaintext is readable while something that is in a ciphertext is not readable. You might have see ciphertext referred to as encrypted text. The process of converting ciphertext back o plaintext is called decryption. Cryptography is used to secure data from unauthorized viewing/access.
Symmetric
Symmetric encryption uses the same key for encryption and decryption. A benefit of symmetric encryption is the speed and efficiency, but the main issue is how you securely share the key between both parties. Common symmetric encryption algorithms include AES, DES, 3DES, Blowfish, and Twofish.
Asymmetric
Asymmetric encryption is often called Public Key Encryption. This encryption technique requires two keys: one public and one private. The keys are different but related mathematically. This allows for secure communication between parties as we do not need to worry about how to share a common key. Common asymmetric encryption algorithms include RSA and ECC.
Public Key Encryption protocols include PGP, SSH/SFTP, SSL/TLS, and Digital Signatures.
Public Key Infrastructure (PKI)
PKI is the framework that provides the ability for users and servers to exchange information using a digital certificate securely. What makes up the PKI infrastructure?
CA (Certificate Authority): A trusted party. The CA provides the services that are used to authenticate the identity of people, computers, or other systems. The CA provides assurance that the item mentioned in the PKI is who they truly are.
RA (Registration Authority): The RA issues PKI certs. The RA is certified by a CA. This helps to distribute the load of issuing PKI certs.
VA (Validation Authority): Provides the ability to validate PKI certs.
Certificate Store: Stored on the computer system. Can also be stored in memory. Allows running programs to access stored certificates, certificate revocation lists (CRLs), and certificate trust lists (CTLs).
Certificate Database: A database that stores information about issued certificates. It also includes details about how long and the status of each PKI certificate.
Hashing
Hashing transforms the information into a shorter fixed-length value. This helps in determining if data has been manipulated or altered. Passwords are hashed! This is supposed to be a one-way function. However, some hashing algorithms have been cracked.
Examples of hashing algorithms:
Message Digest 2 (MD2)
MD4
MD5
MD6
HAVAL
RIPEMD
SHA-1
SHA-2
SHA-3
SHA256
SHA512
Whirlpool
BLAKE2
BLAKE3
Hashing example
The video provides an example showing how a file can be hashed. The data in the file is then changed and the file is rehashed showing that the hash value has changed.
Password Cracking
Passwords are hashed, but if we can obtain the hash, there are various methods that could be used to determine what the password is. We can do a dictionary attack or brute force or use rainbow tables.
Dictionary Attack: When you use a wordlist to try and determine the password.
Brute Force Attack: When you try all combinations to determine the password.
Rainbow Table Attack: These are prebuilt hash tables that can be used to determine a password efficiently.
The more complex the password, the harder it will be to guess.
8-character password only lowercase letters [a-z]
26^8 = 208,827,064,576
8-character password upper and lower case letters [A-Za-z]
52^8 = 5.3 x 10^13
8-character password upper, lower case, and numbers [A-Za-z0-9]
62^8 = 2.1 x 10^14
8-character password upper, lower case, numbers, and special characters (~25)
87^8 = 3.2 x 10^15
Now just think if you had a 10, 12, or 16-character password how many combinations there would be! The more characters added to the password the harder it is to determine what it is.
Passwords are stored in well-known locations.
Linux: /etc/shadow, Salted, SHA512 (most distros), only readable by root
Windows: C:\Windows\System32\config, Not able to access the file while OS is booted, stored in a SAM file
https://technet.microsoft.com/en-us/library/hh994558(v=ws.10).aspx
MacOS: Varies by version, Salted, SHA512, only readable by root
Password Cracking
There are many utilities that can be used to accomplish this. I recommend finding one that you like and get comfortable with it. Some work better or only with a specific OS, so do keep that in mind.
The Process to Crack Passwords:
Get Password Hashes
Physical Access
Remote Access
Use list of possible passwords and usernames
Maybe able to determine password requirements…
Launch your attack
Could take minutes to hours
Below are demos using two very popular utilities to crack passwords: John the Ripper and Hashcat. Keep in mind others do exist and some might be better suited for what you are attempting to accomplish.
John the Ripper
John the Ripper is a great tool to use as I find it very easy to use.
Hashcat & hash-dentifier
Hashcat is a great tool to use as well, but you need a bit more information. The first thing you need to know is the type of hash. To overcome this, we can use a tool called hash-identifier. Once we have an idea of the hashing algorithm, we can look up the hash mode for Hashcat on the Hashcat example page. We can now proceed with using Hashcat to determine the value of the hash.
THC Hydra
Also known as just Hydra. This is a very popular network login cracker/brute force tool. It attempts to determine the password by guessing different combos of usernames and passwords to gain access.
Hydra has a lot of options and I came across the below PDF. I hope it helps provide guidance on using Hydra. Just keep in mind that when providing -l and -p you at stating a username (-l) or a password
(-p). When you provide the capital letter, you specify a list to use.
xHydra
If you would rather use a GUI for Hydra you are in luck! You can use xHydra within Kali Linux. You might also see it referred to as
hydra-gtk or hydra-graphical.