Skip to main content

Introduction to Cryptography - TryHackMe (Walkthrough)

 Welcome!

Introduction

This is a brief walkthrough of the "Introduction to Cryptography" room presented by TryHackMe.com. This is intended for users who are stuck and may need a little help or a hint. Please don't copy/paste my answers ;).

Task 1 - Intro

Key take-aways from this section:

  • This room will introduce us to multiple basic cryptography concepts.
  • In order for a cryptographic algorithm to be "secure", it must be impractical to recover the original data.
  • Encryption can be broken with a weak or discovered encryption key. With some weak encryption, you may not need the key.

This takes us to the question:

  1. We have been given a encrypted quote, and must discover the author. TryHackMe recommends we use quipquip for this.
If we copy/paste the quote into quipquip, we are given the above. Quipquip has clearly identified the answer as:

Answer: Miyamoto Musashi

p.s. If you upload only the encrypted author's name, and not the full quote, quipquip will mistakenly recommend an incorrect answer!


Task 2 - Symmetric Encryption

Key take-aways from this section:

    • Symmetric encryption algorithms use the same key(s) for encryption and decryption.
    • AES and DES are two well known symmetric encryption standards.
    • GNU Privacy Guard and OpenSSL are applications used for symmetric encryption and decryption.

    Questions for Task 2:

    1. Decrypt the file "quote01" encrypted using AES256 with the key ******* using gpg. What is the third word in the file?
      • TryHackMe gives the following command for decryption with gpg: "gpg --output original_message.txt --decrypt message.gpg"
      • After using the AttackBox to navigate to the /task02 directory, we can use gpg to decrypt quote01. We are also prompted to input our encryption key:


      • If done correctly, we can reveal our message!
      • Answer: Waste
    2. Decrypt the file "quote02" encrypted using AES256-CBC with the key ******* using OpenSSL. What is the third word in the file?
      • TryHackMe gives us the following command for decrypting using OpenSSL: "openssl aes-256-cbc -d -in quote02 -out originalmsg2.txt"


      • After saving the decrypted message as a .txt file, we can use the "cat" function to read our quote!
      • Answer: science
    3. Decrypt the file "quote03" encrypted using CAMELLIA256 with the key ******* using gpg. What is the third word in the file?
      • We must again use gpg for this decryption, referring back to question 1.


      • This time, we saved our decrypted message as "originalmsg3.txt." Using the "cat" function gives us our answer!
      • Answer: understand

    Task 3 - Asymmetric Encryption

        Key take-aways from this section:

        • Asymmetric encryption allows the exchange of encrypted messages without a secure channel.
        • Asymmetric encryption required the use of a key pair: public & private.
        • In addition to confidentiality, asymmetric encryption also provides integrity and nonrepudiation.

        Questions for Task 3:

        1. Bob has received the file "ciphertext_message" sent to him from Alice. You can find the key you need in the same folder. What is the first word of the original plaintext?
          • We need to use OpenSSL for decryption again, but this time we are
          •  using a private key. You can see the necessary change in the command line below. 


          • After navigating to the /task03 folder, we can use Bob's Private Key for decryption. This gives us a new decrypted file we can use "cat" to read!
          • Answer: perception
          • p.s. I think the author of this room really likes Miyamoto Musashi...
        2. Take a look at Bob’s private RSA key. What is the last byte of p?
          • "p" stands for Prime1, and is one of the two prime numbers used in the RSA asymmetric encryption standard.


          • Using the command input above, we can read Bob's Private Key. Then, we simply scroll down until we find the answers to questions 2 & 3!


          • Answer: e7
        3. Take a look at Bob’s private RSA key. What is the last byte of q?
          • "q" stands for Prime2, and is the second number used in the RSA encryption of Bob's Private Key. Please use the screenshots from question 2 for this answer as well.
          • Answer: 27

        Task 4 - Diffie-Hellman Key Exchange

            Key take-aways from this section:

            • Diffie-Hellman is an asymmetric encryption algorithm that allows the exchange of secret information over an unsecured channel.
            • Diffie-Hellman is also vulnerable to Man-in-the-Middle attacks, which must be addressed.

            Questions for Task 4:

            1. A set of Diffie-Hellman parameters can be found in the file "dhparam.pem". What is the size of the prime number in bits?
              • For this, we will use the OpenSSL command again, but changed for Diffie-Hellman parameters. Please see the screenshot below and notice the difference:


              • After navigating to the /task04 folder, we use the OpenSSL command. The answer we are looking for is in bits!
              • Answer: 4096
            2. What is the prime number’s last byte (least significant byte)?
              • To find the last byte, we must simply scroll down!


              • Answer: 4f

            Task 5 - Hashing

            Key take-aways from this section:

              • A hashing function takes data of an arbitrary size, and returns a fixed sized value called a checksum. It is represented in hexadecimal digits.
              • Hashes can be used for storing data like passwords, or for verifying the integrity and nonrepudiation of data.
              • HMAC is a hash-based message authentication code that produces a cryptographic key and hash.

              Questions for Task 5:

              1. What is the SHA256 checksum of the file order.json?
                • For this task, we will use the very simple command "sha256sum order.json". In the screenshot below, you can see we've done this for both question 1 and question 2.


                • Answer: 2c34b68669427d15f76a1c06ab941e3e6038dacdfb9209455c87519a3ef2c660 
              2. Open the file order.json and change the amount from 1000 to 9000. What is the new SHA256 checksum?
                • In order to change the amount, we must edit the file "order.json". There are many ways to do this on a Linux system, but for this example I used the "nano order.json" command as seen in the screenshot above.


                • Once inside the file, it is simple to change the amount from 1000 to 9000. Be careful that you don't change anything else, and remember to save!! After, we can use the same command as question 1 to see the change.

                • Answer: 11faeec5edc2a2bad82ab116bbe4df0f4bc6edd96adac7150bb4e6364a238466
              3. Using SHA256 and the key ********, what is the HMAC of order.txt?
                • TryHackMe gives us a very simple HMAC command to use. In the below screenshot, you can see how to input the file "order.txt" and the key to produce our desired result.


                • Answer: c7e4de386a09ef970300243a70a444ee2a4ca62413aeaeb7097d43d2c5fac89f

              Task 6 - PKI and SSL/TLS

              Key take-aways from this section:

                • Public Key Infrastructure provides security to encryption and helps verify identity.
                • Certificate Authorities provide confidence by signing valid website certificates.
                • OpenSSL can be used to generate certificate signing requests, and read certificates.

                Questions from Task 6:

                1. What is the size of the public key in bits?

                  • TryHackMe gives us the command "openssl x509 -in cert.pem -text" for this task. When we navigate to the /task06 folder, we see that the website certificate is named "cert.pem". After copy/pasting the command, we get this:


                  • Answer: 4096

                1. Till which year is this certificate valid?

                  • The answer can be found in the above screenshot, found by using the same command.
                  • Answer: 2039

                Task 7 - Authenticating with Passwords

                    Key take-aways from this section:

                    • PKI and SSL/TLS can increase password security, and protect passwords as they move across a network.
                    • Hashing a password before storing it on a database improved security, but can be broke by a Rainbow Table.
                    • Salting involves adding a "salt" to a password before hashing and storage. Salting a hash increases security even further, while also defeating Rainbow Tables.

                    Question from Task 7:

                    1. You were auditing a system when you discovered that the MD5 hash of the admin password is 3fc0a7acf087f549ac2b266baf94b8b1. What is the original password?

                      • For this question, we need to use outside sources. TryHackMe recommends two websites for MD5 decryption. Of these two, md5online[.]org was used for this question.


                      • After navigating to md5online[.]org, you must copy/paste the hash and select "decrypt" which gives the answer!
                      • Answer: qwerty123

                    Task 8 - Cryptography and Data

                    Key take-aways from this section:

                    • This task explains what happens while logging into a website over HTTPS.
                    • Cryptography checks for a website certificate, and checks that the certificate is valid.
                    • If the client confirms the certificate is valid, an SSL/TLS handshake is started. This handshake allows the client & server to communicate encryption, keys, etc.
                    • The client can then provide log in credentials, which are verified and stored by the website (hopefully with a salt).

                    Question for Task 8:

                    1. Make sure you read and understand the above scenario. The purpose is to see how symmetric and asymmetric encryption are used along with hashing in many secure communications.

                      • Answer: No answer needed. (Woo whoo!!)

                    Task 9 - Conclusion

                    This room covered many core concepts related to Cryptography, such as:

                    • Symmetric and Asymmetric encryption
                    • How PKI and SSL/TLS provide website security
                    • Encrypting and decrypting data using several methods
                    -TW


                    Popular posts from this blog

                    Digital Forensics Case #B4DM755 - TryHackMe (Walkthrough)

                    Welcome! Introduction This is a brief walkthrough of the " Digital Forensics Case #B4DM755 " room presented by TryHackMe.com. This is intended for users who are stuck and may need a little help or a hint. Please don't copy/paste my answers ;). Before starting this room, TryHackMe recommends you complete two pre-requisite rooms. Walkthroughs for those rooms can be found here: Introduction to Cryptography - TryHackMe (Walkthrough) Intro to Digital Forensics - TryHackMe (Walkthrough) [coming soon...] Task 1 - Intro Key take-aways from this section: This room will simulate a crime scenario in which we are authorized to conduct a search. This room uses a fictitious narrative with made up characters and situations. This room features two prerequisite rooms: Intro to Digital Forensics and Introduction to Cryptography. Question for Task 1: I’m ready to investigate the case. Answer: No answer needed. Task 2 - Details of the Crime Key take-aways from this section: You are a Forensi...
                    Read more