-
Notifications
You must be signed in to change notification settings - Fork 85
/
Copy pathcrypto
96 lines (77 loc) · 3.89 KB
/
crypto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
# crypto
# pkcs structures
http://www.cem.me/pki/index.html
# tools
https://github.com/Ciphey/Ciphey docker run -it --rm remnux/ciphey
CrypTool
CryptoCrack
https://github.com/apsdehal/awesome-ctf#crypto
https://cryptii.com/
https://gchq.github.io/CyberChef/ Magic mode
https://www.boxentriq.com/ auto solver
# identification (https://www.youtube.com/watch?v=9Q5Q1Nn5Vss)
https://bionsgadgets.appspot.com/gadget_forms/refscore_extended.html
https://www.dcode.fr/index-coincidence (language is >0.06, random is <0.04) then find period (key length)
# great resources
http://crypto.interactive-maths.com/
http://practicalcryptography.com/cryptanalysis/
http://rumkin.com/tools/cipher/
http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html (aes well explained)
# wordpress cookie
cookie: $username|$expiry|$hmac
key = wp_hash($username . $expiration) # based on wordpress SECRET_KEY
hash_hmac('md5', $username . $expiry, $key) == $hmac
following values will generate same hash:
admin1 1353464343
admin 11353464343
# hash length extension
https://blog.whitehatsec.com/hash-length-extension-attacks/
http://www.vnsecurity.net/2010/03/codegate_challenge15_sha1_padding_attack/
https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks
Given an application that prepends a secret to a string before hashing it, the application is vulnerable if an attacker knows both the string and the hash. The attacker is able to append extra information to the original string and still generate a valid hash from it without knowing the secret. In a query, the extra data that is appended is given preference over the original data.
https://github.com/stephenbradshaw/hlextend
https://github.com/bwall/HashPump
https://github.com/iagox86/hash_extender
# substitution ciphers
* monoalphabetic
caesar/rot: for i in {0..25}; do echo "Ackkmaa" | /usr/games/bin/caesar $i ; done
* polyalphabetic
vigenere
autokey
porta (13 alphabet instead of 26 like vigenere)
anagram
google SCBSolver
online solver: http://quipqiup.com/ https://guballa.de/substitution-solver
# transposition cipher
scytale
rail fence
route
columnar transposition (break_coltrans.py) unlikely if there are no many vowels
online solver: http://tholman.com/other/transposition/
# xortool
github.com/hellman/xortool: use -c 00 for encrypted binaries, -c ' ' for texts (sometimes fails to find correct xor key)
# XORsearch
https://blog.didierstevens.com/?s=xorsearch
# ADVGVX
ciphertext only consists of these letters
# scrambler
if the algo is cyclic, keep running the ciphertext through the scramler until output makes sense
# 1 block collisions
* md5
http://marc-stevens.nl/research/md5-1block-collision/
input1 = '4dc968ff0ee35c209572d4777b721587d36fa7b21bdc56b74a3dc0783e7b9518afbfa200a8284bf36e8e4b55b35f427593d849676da0d1555d8360fb5f07fea2'.decode('hex')
input2 = '4dc968ff0ee35c209572d4777b721587d36fa7b21bdc56b74a3dc0783e7b9518afbfa202a8284bf36e8e4b55b35f427593d849676da0d1d55d8360fb5f07fea2'.decode('hex')
or
input1 = '0e306561559aa787d00bc6f70bbdfe3404cf03659e704f8534c00ffb659c4c8740cc942feb2da115a3f4155cbb8607497386656d7d1f34a42059d78f5a8dd1ef'.decode('hex')
input2 = '0e306561559aa787d00bc6f70bbdfe3404cf03659e744f8534c00ffb659c4c8740cc942feb2da115a3f415dcbb8607497386656d7d1f34a42059d78f5a8dd1ef'.decode('hex')
print 'Are strings equal?',(input1 == input2)
print 'input1 md5:',md5(input1).hexdigest()
print 'input2 md5:',md5(input2).hexdigest()
* sha1
input1 = array('I', [0x6165300e,0x87a79a55,0xf7c60bd0,0x34febd0b,0x6503cf04,0x854f709e,0xfb0fc034,0x874c9c65,0x2f94cc40,0x15a12deb,0x5c15f4a3,0x490786bb,0x6d658673,0xa4341f7d,0x8fd75920,0xefd18d5a])
input2 = array('I', [x^y for x,y in zip(input1,[0, 0, 0, 0, 0, 1<<10, 0, 0, 0, 0, 1<<31, 0, 0, 0, 0, 0])])
print 'Are strings equal?',(input1 == input2)
print 'input1 sha1:',sha1(input1).hexdigest()
print 'input2 sha1:',sha1(input2).hexdigest()
# file collisions
https://github.com/corkami/collisions