TryHackMe: Encryption — Crypto 101 — Walkthrough

November 24, 2024
November 24, 2024 Jasper

Hi! In this walkthrough I will be covering the encryption room at TryHackMe. I am making these walkthroughs to keep myself motivated to learn cyber security, and ensure that I remember the knowledge gained by THMs rooms. Join me on learning cyber security. I will try and explain concepts as I go, to differentiate myself from other walkthroughs.

Room URL: https://tryhackme.com/room/encryptioncrypto101


Task 1 (What will this room cover?)

This room will cover:

  • Why cryptography matters for security and CTFs
  • The two main classes of cryptography and their uses
  • RSA, and some of the uses of RSA
  • 2 methods of Key Exchange
  • The future of encryption with the rise of Quantum Computing

Task 2 (Key terms)

Ciphertext — The result of encrypting a plaintext, encrypted data

Cipher — A method of encrypting or decrypting data. Modern ciphers are cryptographic, but there are many non cryptographic ciphers like Caesar.

Plaintext — Data before encryption, often text but not always. Could be a photograph or other file

Encryption — Transforming data into ciphertext, using a cipher.

Encoding — NOT a form of encryption, just a form of data representation like base64. Immediately reversible.

Key — Some information that is needed to correctly decrypt the ciphertext and obtain the plaintext.

Passphrase — Separate to the key, a passphrase is similar to a password and used to protect a key.

Asymmetric encryption — Uses different keys to encrypt and decrypt.

Symmetric encryption — Uses the same key to encrypt and decrypt

Brute force — Attacking cryptography by trying every different password or every different key

Cryptanalysis — Attacking cryptography by finding a weakness in the underlying maths

Questions

I agree not to complain too much about how theory heavy this room is.

Grrmbl…

Answer: No answer needed

Are SSH keys protected with a passphrase or a password?

Answer: passphrase


Task 3 (Why is Encryption important?)

Cryptography is used to ensure confidentiality, integrity and authenticity. It is used everywhere. When logging in to TryHackMe it is used to avoid hackers being able to listen along. And when using your online banking system encryption is used to provide a certificate so that you know you are really connecting to your bank. It is also the reason why SSH is commonly used instead of telnet.

Whenever you are storing sensitive user data you should encrypt the data. This is so that hackers don’t get access to all user data when hacking the database. Standards like PCI-DSS state that the data should be encrypted both at rest (in storage) AND while being transmitted.

But it is important to note that passwords should never be encrypted, but instead be hashed. Of course, passwords are being sent encrypted over a connection. But they aren’t stored on the server encrypted because then you would need to store the key somewhere, which could be leaked. There is no key to leak with hashes.

Questions

What does SSH stand for?

Answer: secure shell

How do webservers prove their identity?

Answer: certificates

What is the main set of standards you need to comply with if you store or process payment card details?

Answer: PCI-DSS


Task 4 ( Crucial Crypto Maths)

The Modulo operator is a mathematical operator used a lot in cryptography. It is very easy to calculate once you get it 🙂

The modulo is written like %, and means the remainder of a division. Let’s say we need to calculate 12 % 5. This means we need to calculate the remainder after we divide 12 by 5. Since 12 does not divide evenly by 5, we have a remainder of 2. When we instead have the calculate 16 % 4 we have a remainder of 0 since 16 divide evenly by 4.

Questions

What’s 30 % 5?

Answer: 0

What’s 25 % 7

Answer: 4

What’s 118613842 % 9091

Answer: 3565


Task 5 (Types of encryption)

There exists two types of encryption:

  • Symmetric encryption: The same key is used for both encryption and decryption. Because of this fact, symmetric is quicker than asymmetric encryption, and its keys are shorter (56–256 bits). Examples of symmetric encryption are DES and AES.
  • Asymmetric encryption: A pair of keys is used (one called a private key, the other a public key), one for encryption and one for decryption. Data encrypted with the private key can be decrypted with the public key, and vice versa. It is important never to share the private key. Asymmetric encryption is usually slower, and uses longer keys. These are often in the range of 2048–4096 bits). Examples of asymmetric encryption are RSA and Elliptic Curve Cryptography.

Questions

Should you trust DES? Yea/Nay

DES is apparently not considered secure anymore, due to its short key length (56 bit). The cypher is superseded by AES. Source: https://en.wikipedia.org/wiki/Data_Encryption_Standard

Answer: Nay

What was the result of the attempt to make DES more secure so that it could be used for longer?

Apparently, the same cypher algorithm is used three to each data block. This makes it more secure, but it is still not enough by today’s standards. Source: https://en.wikipedia.org/wiki/Triple_DES

Answer: Triple DES

Is it ok to share your public key? Yea/Nay

It is ok to share your public key. You should NEVER share your private key.

Answer: Yea


Task 6 (RSA — Rivest Shamir Adleman)

RSA is a form of asymmetric encryption. It is based on the mathematical problem of finding the prime factors of a large number. The math behind RSA is quite difficult, but there are some tools out there to help you solve RSA challenge within a CTF scenario. An example is: https://github.com/Ganapati/RsaCtfTool or https://github.com/ius/rsatool.

There are a bunch of variables that are a part of the RSA calculation. These are p, q, m, n, e, d, and c. “p” and “q” are the prime numbers, and “n” is the product of those. “n” and “e” is the public key, while “n” and “d” is the private key. Finally, “m” represents the message in plaintext, and “c” the encrypted text.

When doing certain CTF challenges, you get a set of these values, and you will need to break the encryption and decrypt the flag.

Crypto CTF challenges often present you with a set of these values, and you need to break the encryption and decrypt a message to retrieve the flag.

Questions

p = 4391, q = 6659. What is n?

I will be using the following resource:

Download the script:

git clone

https://github.com/ius/rsatool.git

cd into the directory. And run the install script:

python setup.py install

This installs some modules. Now you can run the rsa script:

python rsatool.py -f DER -o key.der -p 4391 -q 6659
Crunching rsa numbers

Answer: 29239669

I understand enough about RSA to move on, and I know where to look to learn more if I want to.

If you are confused you can read more here:

https://muirlandoracle.co.uk/2020/01/29/rsa-encryption/

Answer: No answer needed


Task 7 (Establishing Keys Using Asymmetric Cryptography)

In this task we will discuss exchanging keys using asymmetric cryptography. How does this work? And how do we avoid people watching along?

It is basically very simple. You give someone who you want to give a message a code. This code can be used to open a theoretical mailbox. This person never shares this code with someone. Than you can send this person encrypted messages to their mailbox that only can be opened with this key. Even if other people intercept the message they won’t be able to read it! The mailbox in this metaphor is the public key, while the code is a private key.

It’s not that simple in real life though. In reality, you need a little more cryptography to verify the person you’re talking to is who they say they are, which is done using digital signatures and certificates.

Questions

I understand how keys can be established using Public Key (asymmetric) cryptography.

Answer: No answer needed


Task 8 (Digital signatures and Certificates)

Besides the secure communication over a network with HTTPS, encryption is also used with digital signatures and certificates. Digital signatures are used to prove the authenticity of files. It uses asymmetric cryptography by producing a signature with your private key, which can then be verified/decrypted with your public key. If you can it proves the files match.

Certificates also uses keys, and they are an important factor of HTTPS. How do you know that medium.com is the real medium.com? Well…certificates! The server can tell you that it is the real medium.com. These certificates have a chain of trust, starting with a root CA (certificate authority). These are automatically trusted by your device. Certs below that are trusted because the root CA’s say they can be trusted.

Questions

Who is TryHackMe’s HTTPS certificate issued by?

Look to the left of your browser url (in Chrome). Click it and then continue by clicking on Connection is secure.

Viewing security information in Chrome

Afterwards press Certificate is valid.

Finding the menu to see certificate information

Here you can read who issued the certificate.

Reading the certificate

Answer: E1


Task 9 (SSH Authentication)

I hope by know that you know what SSH is. It provides an encrypted network protocol for transfer files and privileged access over a network. By default you can authenticate SSH using usernames and passwords. But many machines have SSH configured with key authentication. This uses public and private keys to validate a user. SSH uses RSA keys by default, but you can choose different algorithms. ssh-keygen is the program used to generate pairs of keys most of the time.

Once more: you should never share your private (SSH) keys. If someone gets hold of your private key, they can use it to login onto the SSH server. There is one exception though: if your private key is encrypted that person would also need your passphrase. The passphrase is used to decrypt the private key and never should leave your system.

Of course, there exist tools like John the Ripper that can be used to crack encrypted SSH keys to find the passphrase. That is why it is important to have a secure passphrase and keeping your private key private.

When you want to access a remote machine through SSH, you need to generate the keys on your PC, and afterwards you should copy the public key over to the server. The ~/.ssh folder is the default place to store these keys locally for OpenSSH. The authorized_keysfile in this directory holds public keys that are allowed to access the server if key authentication is enabled. On many distros key authenticatication is enabled as it is more secure than users passwords. For the root user key authentication is default and password authentication is not possible.

To use a private SSH key, the file permissions must be setup correctly. Only the owner should be able to read or write the private key (which means permission 600 or higher).

SSH keys can also be used to upgrade a reverse shell (privilege escalation), if the user has login enabled. An SSH key in authorized_keys can be a useful backdoor.

Questions

I recommend giving this a go yourself. Deploy a VM, like Linux Fundamentals 2 and try to add an SSH key and log in with the private key.

I definitely recommend playing around her. I will outline the steps. Create the keys by running:

ssh-keygen
Generating some SSH keys

This create a public and private key on your machine at the following directory: ~/.ssh

We need to copy the public key to the server:

scp ~/.ssh/id_rsa.pub tryhackme@10.10.125.203:~/.ssh/authorized_keys

Enter the password if you get a prompt.

Copying the created public key to the other system

Now we should be able to log in with the keys, instead of the password.

ssh tryhackme@10.10.125.203

If you have problems, there might be a problem with the permissions. In this case run something similar to this:

chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys

And we have access!

Logging into SSH with our new keys

Answer: No answer needed

Download the SSH Private Key attached to this room.

Just download the private key in the room under task 9 at:

https://tryhackme.com/room/encryptioncrypto101

Answer: No answer needed

What algorithm does the key use?

We know that it is a private SSH key, which commonly are using the RSA algorithm. You could also see this in the file itself:

Answer: RSA

Crack the password with John The Ripper and rockyou, what’s the passphrase for the key?

There are two steps to this. First we need to use ssh2john to convert the private key to a format john understand. Afterwards we can crack it with john.

We need to download ssh2john before we can continue:

wget https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/ssh2john.py

Then continue by converting the private key:

python ssh2john.py idrsa.id_rsa > key_hash
Downloading the ssh2john tool

Now we have the hash that can be used in john. Run the following command:

john --wordlist=/usr/share/wordlists/rockyou.txt key_hash
Cracking the SSH key hash

We got the answer!

Answer: delicious


Task 10 (Explaining Diffie Hellman Key Exchange)

Key Exchange is commonly used for establishing common symmetric keys. It allows two people to create a set of cryptographic keys without a third party being able to intercept those keys.

Diffie Hellman Key Exchange uses symmetric cryptography. This key exchange works like the following. Person A and person B each have their individual secrets (which they do not share with each other), and together have a common key that is not kept secret. Both persons than combine their own secret with the common key. Then they exchange the resulting keys with each other. Finally, the exchange key is combined with the person’s secret. This means that the end result should be same for both persons. They can now use this final key to communicate together. A third party won’t be able to listen along as the secret keys are not transmitted.

Questions

I understand how Diffie Hellman Key Exchange works at a basic level

Answer: No answer needed


Task 11 (PGP, GPG and AES)

PGP stands for Pretty Good Privacy, and is an encryption program cryptographic privacy and authentication for data communication.

GnuPG or GPG is an Open Source implementation of PGP from the GNU project. GPG might be useful when decrypting files in CTFs. PGP and GPG provides private key protection with passphrases similarly to SSH private keys. And just like how we did before with ssh2john, we can use gpg2john to convert the GPG/PGP keys to a john readable hash and afterwards crack it with john. The key provided in this task is not protected with a passphrase.

This room covers another encryption algorithm, AES. AES stands for Advanced Encryption Standard, and it is a replacement for DES, which we have covered in an earlier task. Not much more to say here.

Questions

Time to try some GPG. Download the archive attached and extract it somewhere sensible.

Download the file, and unzip it in the terminal by writing:

upzip gpg.zip

Answer: No answer needed

You have the private key, and a file encrypted with the public key. Decrypt the file. What’s the secret word?

Initially I thought we had to use john again, but since we have both the public and private key it is simpler than that.

First we need to import the key by using the following command:

gpg --import tryhackme.key

We can then read the message by using the gpg terminal command:

gpg --output message.txt --decrypt message.gpg

Which gives us the following result:

Reading the GPG encrypted message

Answer: Pineapple


Task 12 (The Future — Quantum Computers and Encryption)

Quantum computers will soon be a problem for many types of encryption. While it will take some more time until sufficiently powerful quantum computers are available, they will have no problems breaking encryptions based on RSA and Elliptical Curve. These algorithms depend on mathematical problems that will be very easy to figure out for these powerful systems.

AES with 128 bit keys is also likely to be broken by quantum computers in the near future, but 256 bit AES can’t be broken as easily. Triple DES is also vulnerable to attacks from quantum computers.

The NSA recommends the use of RSA-3072 for asymmetric encryption and AES-256 for their symmetric counterpart. There is a lot of focus on developing quantum safe cryptographic algorithms, and these will probably be available before quantum computers pose a challenge.

Questions

I understand that quantum computers affect the future of encryption. I know where to look if I want to learn more.

Answer: No answer needed

We’re done, WOAH! That was a lot to take in and I hope you learned as well as me. Give me a clap if you got some benefit from this walkthough! 🙂


Like my articles?

You are welcome to give my article a clap or two 🙂
I would be so grateful if you support me by buying me a cup of coffee:

I learned a lot through HackTheBox’s Academy. If you want to sign up, you can get extra cubes, and support me in the process, if you use the following link:

Leave a Reply

Your email address will not be published. Required fields are marked *