Jasper Alblas
TryHackMe: Encryption – Crypto 101 – Walkthrough
Hi! In this walkthrough I will be covering the encryption room at TryHackMe, in which we will cover encryption and its uses in the cyber security world.
Room URL: https://tryhackme.com/room/encencryptioncrypto101
I am making these walkthroughs to keep myself motivated to learn cyber security, and ensure that I remember the knowledge gained by THMs rooms. Join me on learning cyber security. I will try and explain concepts as I go, to differentiate myself from other walkthroughs.
Table of Contents
Task 1: What will this room cover?
This room will cover:
- Why cryptography matters for security and CTFs
- The two main classes of cryptography and their uses
- RSA, and some of the uses of RSA
- 2 methods of Key Exchange
- The future of encryption with the rise of Quantum Computing
Questions
I’m ready to learn about encryption
Answer: No answer needed
Task 2: Key terms
Ciphertext – The scrambled or encoded version of data after it has been encrypted. It is unreadable without the correct decryption method.
Cipher – A technique or system used to encrypt and decrypt data. While modern ciphers rely on complex mathematical principles for security, simpler historical ciphers, such as the Caesar cipher, also exist.
Plaintext – The original, unencrypted form of data. This is the readable input before encryption and can include not just text, but also images, documents, or any other type of digital information.
Encryption – The process of converting plaintext into ciphertext using a specific encryption algorithm and key. This ensures that only authorized individuals can access the original content.
Encoding – A method of representing data in a different format, such as Base64 or hexadecimal. Unlike encryption, encoding is not meant to be secure and can be easily reversed without a secret key.
Key – A crucial piece of information required to decrypt encrypted data. Without the correct key, recovering the original message is computationally difficult or impossible.
Passphrase – A human-readable sequence of words or characters used to protect a key. It acts as an additional security measure, often required to unlock or derive encryption keys.
Asymmetric encryption – A form of encryption that uses a pair of keys: one for encrypting and another for decrypting. Commonly used in secure communications, examples include RSA and ECC.
Symmetric encryption – A method where the same key is used for both encryption and decryption. It is typically faster than asymmetric encryption but requires a secure way to share the key.
Brute force attack – A technique where every possible key or password is tried until the correct one is found. The longer and more complex the key, the more time-consuming this method becomes.
Cryptanalysis – The study of breaking encryption without brute force by analyzing patterns, weaknesses, or mathematical flaws in the cipher itself.
Questions
I agree not to complain too much about how theory heavy this room is.
Grrmbl…
Answer: No answer needed
Are SSH keys protected with a passphrase or a password?
SSH keys are protected with a passphrase, not a password.
A passphrase is a longer sequence of words or characters used to encrypt the private key, making it more resistant to brute-force attacks. A password is typically shorter and used for authentication but does not encrypt the private key itself.
When you generate an SSH key pair, you have the option to set a passphrase. If you do, the private key is encrypted, meaning you must enter the passphrase whenever you use the key (unless using an SSH agent to cache it).
Answer: passphrase
Task 3: Why is Encryption important?
Cryptography is used to ensure confidentiality, integrity and authenticity. It is used everywhere. When logging in to TryHackMe it is used to avoid hackers being able to listen along. And when using your online banking system encryption is used to provide a certificate so that you know you are really connecting to your bank. It is also the reason why SSH is commonly used instead of telnet.
Whenever you are storing sensitive user data you should encrypt the data. This is so that hackers don’t get access to all user data when hacking the database. Standards like PCI-DSS state that the data should be encrypted both at rest (in storage) AND while being transmitted.
But it is important to note that passwords should never be encrypted, but instead be hashed. Of course, passwords are being sent encrypted over a connection. But they aren’t stored on the server encrypted because then you would need to store the key somewhere, which could be leaked. There is no key to leak with hashes.
Questions
What does SSH stand for?
SSH is short for secure shell.
Answer: secure shell
How do webservers prove their identity?
Webservers prove their identity with the use of certificates. These certificates are issued by Certificate Authorities (CAs), and when you connect to a webpage and are shown a certificate you can basically trust the server.
Answer: certificates
What is the main set of standards you need to comply with if you store or process payment card details?
PCI-DSS is the set of standards that you need to comply with if you store or process payment card details, and used world-wide.
Answer: PCI-DSS
Task 4: Crucial Crypto Maths
The Modulo operator is a mathematical operator used a lot in cryptography. It is very easy to calculate once you get it 🙂
The modulo is written like %, and means the remainder of a division. Let’s say we need to calculate 12 % 5. This means we need to calculate the remainder after we divide 12 by 5. Since 12 does not divide evenly by 5, we have a remainder of 2. When we instead have the calculate 16 % 4 we have a remainder of 0 since 16 divide evenly by 4.
Questions
What’s 30 % 5?
When dividing 30 is five, you will get 6, with no remainder. Therefore the answer is 0.
Answer: 0
What’s 25 % 7
25 divided by 7 is 3, with 4 remaining (21/7 + 4 = 25)
Answer: 4
What’s 118613842 % 9091
Just use a calculator here 🙂
Answer: 3565
Task 5: Types of encryption
There exists two types of encryption:
- Symmetric encryption: The same key is used for both encryption and decryption. Because of this fact, symmetric is quicker than asymmetric encryption, and its keys are shorter (56–256 bits). Examples of symmetric encryption are DES and AES.
- Asymmetric encryption: A pair of keys is used (one called a private key, the other a public key), one for encryption and one for decryption. Data encrypted with the private key can be decrypted with the public key, and vice versa. It is important never to share the private key. Asymmetric encryption is usually slower, and uses longer keys. These are often in the range of 2048–4096 bits). Examples of asymmetric encryption are RSA and Elliptic Curve Cryptography.
Questions
Should you trust DES? Yea/Nay
DES is apparently not considered secure anymore, due to its short key length (56 bit). The cypher is superseded by AES. Source: https://en.wikipedia.org/wiki/Data_Encryption_Standard
Answer: Nay
What was the result of the attempt to make DES more secure so that it could be used for longer?
Apparently, the same cypher algorithm is used three to each data block. This makes it more secure, but it is still not enough by today’s standards. Source: https://en.wikipedia.org/wiki/Triple_DES
Answer: Triple DES
Is it ok to share your public key? Yea/Nay
It is ok to share your public key. You should NEVER share your private key, as it can be compared to giving your password away.
Answer: Yea
Task 6: RSA – Rivest Shamir Adleman
RSA is a form of asymmetric encryption. It is based on the mathematical problem of finding the prime factors of a large number. The math behind RSA is quite difficult, but there are some tools out there to help you solve RSA challenge within a CTF scenario. An example is: https://github.com/Ganapati/RsaCtfTool or https://github.com/ius/rsatool.
There are a bunch of variables that are a part of the RSA calculation. These are p, q, m, n, e, d, and c. “p” and “q” are the prime numbers, and “n” is the product of those. “n” and “e” is the public key, while “n” and “d” is the private key. Finally, “m” represents the message in plaintext, and “c” the encrypted text.
When doing certain CTF challenges, you get a set of these values, and you will need to break the encryption and decrypt the flag.
Crypto CTF challenges often present you with a set of these values, and you need to break the encryption and decrypt a message to retrieve the flag.
Questions
p = 4391, q = 6659. What is n?
I will be using the following resource:
https://github.com/ius/rsatool
Download the script:
git clonehttps://github.com/ius/rsatool.git
cd into the directory. And run the install script:
python setup.py installThis installs some modules. Now you can run the rsa script:
python rsatool.py -f DER -o key.der -p 4391 -q 6659
Answer: 29239669
I understand enough about RSA to move on, and I know where to look to learn more if I want to.
If you are confused you can read more here:
Answer: No answer needed
Task 7: Establishing Keys Using Asymmetric Cryptography
In this task we will discuss exchanging keys using asymmetric cryptography. How does this work? And how do we avoid people watching along?
It is basically very simple. You give someone who you want to give a message a code. This code can be used to open a theoretical mailbox. This person never shares this code with someone. Than you can send this person encrypted messages to their mailbox that only can be opened with this key. Even if other people intercept the message they won’t be able to read it! The mailbox in this metaphor is the public key, while the code is a private key.
It’s not that simple in real life though. In reality, you need a little more cryptography to verify the person you’re talking to is who they say they are, which is done using digital signatures and certificates.
Questions
I understand how keys can be established using Public Key (asymmetric) cryptography.
Answer: No answer needed
Task 8: Digital signatures and Certificates
Besides the secure communication over a network with HTTPS, encryption is also used with digital signatures and certificates. Digital signatures are used to prove the authenticity of files. It uses asymmetric cryptography by producing a signature with your private key, which can then be verified/decrypted with your public key. If you can it proves the files match.
Certificates also uses keys, and they are an important factor of HTTPS. How do you know that medium.com is the real medium.com? Well…certificates! The server can tell you that it is the real medium.com. These certificates have a chain of trust, starting with a root CA (certificate authority). These are automatically trusted by your device. Certs below that are trusted because the root CA’s say they can be trusted.
Questions
Who is TryHackMe’s HTTPS certificate issued by?
Look to the left of your browser URL (in Chrome). Click it and then continue by clicking on Connection is secure.
Afterwards press Certificate is valid.
Here you can read who issued the certificate.
Answer: E1
Task 9: SSH Authentication
I hope by know that you know what SSH is. It provides an encrypted network protocol for transfer files and privileged access over a network. By default you can authenticate SSH using usernames and passwords. But many machines have SSH configured with key authentication. This uses public and private keys to validate a user. SSH uses RSA keys by default, but you can choose different algorithms. ssh-keygen is the program used to generate pairs of keys most of the time.
Once more: you should never share your private (SSH) keys. If someone gets hold of your private key, they can use it to login onto the SSH server. There is one exception though: if your private key is encrypted that person would also need your passphrase. The passphrase is used to decrypt the private key and never should leave your system.
Of course, there exist tools like John the Ripper that can be used to crack encrypted SSH keys to find the passphrase. That is why it is important to have a secure passphrase and keeping your private key private.
When you want to access a remote machine through SSH, you need to generate the keys on your PC, and afterwards you should copy the public key over to the server. The ~/.ssh folder is the default place to store these keys locally for OpenSSH. The authorized_keys file in this directory holds public keys that are allowed to access the server if key authentication is enabled. On many distros key authenticatication is enabled as it is more secure than users passwords. For the root user key authentication is default and password authentication is not possible.
To use a private SSH key, the file permissions must be setup correctly. Only the owner should be able to read or write the private key (which means permission 600 or higher).
SSH keys can also be used to upgrade a reverse shell (privilege escalation), if the user has login enabled. An SSH key in authorized_keys can be a useful backdoor.
Questions
I recommend giving this a go yourself. Deploy a VM, like Linux Fundamentals 2 and try to add an SSH key and log in with the private key.
I definitely recommend playing around here. I will outline the steps. Create the keys by running:
ssh-keygen
This create a public and private key on your machine at the following directory: ~/.ssh
We need to copy the public key to the server:
scp ~/.ssh/id_rsa.pub tryhackme@10.10.125.203:~/.ssh/authorized_keysEnter the password if you get a prompt.
With the public key copied to the machine, we should be able to log in with the keys, instead of the password.
ssh tryhackme@10.10.125.203If you have problems, there might be a problem with the permissions. In this case run something similar to this:
chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keysAnd we have access!
Answer: No answer needed
Download the SSH Private Key attached to this room.
Just download the private key in the room under task 9 at:
https://tryhackme.com/room/encryptioncrypto101
Answer: No answer needed
What algorithm does the key use?
We know that it is a private SSH key, which commonly are using the RSA algorithm. You could also see this in the file itself:
Answer: RSA
Crack the password with John The Ripper and rockyou, what’s the passphrase for the key?
There are two steps to this. First we need to use ssh2john to convert the private key to a format john understand. Afterwards we can crack it with john.
We need to download ssh2john before we can continue:
wget https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/ssh2john.pyThen continue by converting the private key:
python ssh2john.py idrsa.id_rsa > key_hash
Now we have the hash that can be used in john. Run the following command:
john --wordlist=/usr/share/wordlists/rockyou.txt key_hash
We got the answer!
Answer: delicious
Task 10: Explaining Diffie Hellman Key Exchange
Key Exchange is commonly used for establishing common symmetric keys. It allows two people to create a set of cryptographic keys without a third party being able to intercept those keys.
Diffie Hellman Key Exchange uses symmetric cryptography. This key exchange works like the following. Person A and person B each have their individual secrets (which they do not share with each other), and together have a common key that is not kept secret. Both persons than combine their own secret with the common key. Then they exchange the resulting keys with each other. Finally, the exchange key is combined with the person’s secret. This means that the end result should be same for both persons. They can now use this final key to communicate together. A third party won’t be able to listen along as the secret keys are not transmitted.
Questions
I understand how Diffie Hellman Key Exchange works at a basic level
Answer: No answer needed
Task 11: PGP, GPG and AES
PGP stands for Pretty Good Privacy, and is an encryption program cryptographic privacy and authentication for data communication.
GnuPG or GPG is an Open Source implementation of PGP from the GNU project. GPG might be useful when decrypting files in CTFs. PGP and GPG provides private key protection with passphrases similarly to SSH private keys. And just like how we did before with ssh2john, we can use gpg2john to convert the GPG/PGP keys to a john readable hash and afterwards crack it with john. The key provided in this task is not protected with a passphrase.
This room covers another encryption algorithm, AES. AES stands for Advanced Encryption Standard, and it is a replacement for DES, which we have covered in an earlier task. Not much more to say here.
Questions
Time to try some GPG. Download the archive attached and extract it somewhere sensible.
Download the file, and unzip it in the terminal by writing:
upzip gpg.zipAnswer: No answer needed
You have the private key, and a file encrypted with the public key. Decrypt the file. What’s the secret word?
Initially I thought we had to use john again, but since we have both the public and private key it is simpler than that.
First we need to import the key by using the following command:
gpg --import tryhackme.keyWe can then read the message by using the gpg terminal command:
gpg --output message.txt --decrypt message.gpgWhich gives us the following result:
Answer: Pineapple
Task 12: The Future – Quantum Computers and Encryption
Quantum computers will soon be a problem for many types of encryption. While it will take some more time until sufficiently powerful quantum computers are available, they will have no problems breaking encryptions based on RSA and Elliptical Curve. These algorithms depend on mathematical problems that will be very easy to figure out for these powerful systems.
AES with 128 bit keys is also likely to be broken by quantum computers in the near future, but 256 bit AES can’t be broken as easily. Triple DES is also vulnerable to attacks from quantum computers.
The NSA recommends the use of RSA-3072 for asymmetric encryption and AES-256 for their symmetric counterpart. There is a lot of focus on developing quantum safe cryptographic algorithms, and these will probably be available before quantum computers pose a challenge.
Questions
I understand that quantum computers affect the future of encryption. I know where to look if I want to learn more.
Answer: No answer needed
We’re done, WOAH! That was a lot to take in and I hope you learned as well as me. Give me a clap if you got some benefit from this walkthrough! 🙂
Find more of my walkthroughs here.
Like my articles?
You are welcome to give my article a clap or two 🙂
I would be so grateful if you support me by buying me a cup of coffee:
I learned a lot through HackTheBox’s Academy. If you want to sign up, you can get extra cubes, and support me in the process, if you use the following link:
