Algorithm

AES (Advanced Encryption Standard)

AES-CBC Bit Flipping Attack

AES-CBC Padding Oracle Attack

AES-ECB Padding Attack

Ansible Vault Secret

Atbash Cipher

Base32, Base64

Caesar Cipher

Camellia Cipher

Certificates

Cryptography

DES (Data Encryption Standard)

Diffie-Hellman Key Exchange

ECC (Elliptic Curve Cryptography)

ECDSA (Elliptic Curve Digital Signature Algorithm)

Fernet

GPG (GNU Privacy Guard)

HMAC

KDBX Files

Kerberos TGT Cracking

Length Extension Attack

MD4, MD5

Multi-Tap Cipher

NTLM, NTLMv2

PEM (Privacy Enhanced Mail)

PGP (Pretty Good Privacy)

PKCS (Public-Key Cryptography Standards)

PowerShell Credentials

RAR (Roshal Archive)

RIPEMD

ROT13, ROT47

RPNG (Pseudo Random Number Generator) Guessing

RSA (Rivest Shamir Adleman)

SHA1 Hash Collision Attack

SHA1, SHA256, SHA512

Transposition Cipher

Vigenere Cipher

Key Derivation Function

Bcrypt

PBKDF2

Scrypt

Tool

John the Ripper

Math

Chinese Remainder Theorem

Exponentiation

GCD (Greatest Common Divisor)

Modular Congruence

Quadratic Residue

Bit Wise Operation

AND Bitwise Operations

OR Bitwise Operations

Shift Bitwise Operations

XOR Bitwise Operations

Conversion

Convert Binary to Int in Python

Convert Bytes to Hex in Python

Convert Bytes to Int in Python

Convert Bytes to Matrix in Python

Convert Bytes to String in Python

Convert Character to Binary in Python

Convert Character to Unicode in Python

Convert Hex to Bytes in Python

Convert Hex to Int in Python

Convert Int to Binary in Python

Convert Int to Bytes in Python

Convert Int to Hex in Python

Convert Int to String in Python

Convert Matrix to Bytes in Python

Convert String to Binary in Python

Convert String to Bytes in Python

Convert String to Int in Python

Convert Unicode to Character in Python

Zero Padding in Python

SHA1 Hash Collision Attack

Last modified: 2023-02-01

Cryptography

Basic reconnaisance flows.

Sample Attacks

1. Download two Files

There are several ways to download files. So we can select our desired files as purposes.

Download the original two PDF files in SHAttered.
Download two custom Files (e.g. messageA and messageB) in Chosen-Prefix Collision Example.

Check if the SHA1 hash is the same as each other.

sha1sum shattered-1.pdf
sha1sum shattered-2.pdf

sha1sum messageA
sha1sum messageB

2. Host the PDF Files Locally

In the directory where the two PDF files located, start local server for using in a Python script.

python3 -m http.server 8000

3. Create a Python Script

For example, create a “test.py”.

import requests

file1 = "shattered-1.pdf"
file2 = "shattered-2.pdf"

pdf_1 = requests.get(f'http://localhost:8000/{file1}')
pdf_2 = requests.get(f'http://localhost:8000/{file2}')

# e.g. the two values can be used as username/password.
params = {'username': pdf_1.content, 'password': pdf_2.content}
r = requests.get('https://example.com/login', params=params)
print(r.text)

4. Run the Script

python3 test.py

SHA1 Hash Collision Attack

Sample Attacks

1. Download two Files

2. Host the PDF Files Locally

3. Create a Python Script

4. Run the Script

References

ON THIS PAGE