bump
This commit is contained in:
parent
d69b26e706
commit
44d0de01ed
|
@ -0,0 +1,24 @@
|
||||||
|
# GPG Cheatsheet
|
||||||
|
|
||||||
|
## Encryption via GPG
|
||||||
|
|
||||||
|
* Encryption of a file via gpg
|
||||||
|
```sh
|
||||||
|
gpg --symmetric --cipher-algo <algorithm> $PLAIN_TEXT
|
||||||
|
```
|
||||||
|
|
||||||
|
### Armored Encryption via GPG
|
||||||
|
|
||||||
|
* ASCII armored encryption output is done via
|
||||||
|
```sh
|
||||||
|
gpg --armor --symmetric --cipher-algo <algorithm> $PLAIN_TEXT
|
||||||
|
```
|
||||||
|
|
||||||
|
## Decryption via GPG
|
||||||
|
|
||||||
|
* Decryption of a file via gpg
|
||||||
|
```sh
|
||||||
|
gpg --output original_message.txt --decrypt $CIPHER
|
||||||
|
```
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,18 @@
|
||||||
|
# Hash Cheatsheet
|
||||||
|
|
||||||
|
## Create Hash
|
||||||
|
|
||||||
|
* Generate a SHA256 hash
|
||||||
|
|
||||||
|
```sh
|
||||||
|
sha256sum $INPUT_FILE
|
||||||
|
```
|
||||||
|
|
||||||
|
## Create MAC
|
||||||
|
|
||||||
|
* Both tools produce the same MAC in the following way
|
||||||
|
```sh
|
||||||
|
hmac256 $KEY $INPUT_FILE
|
||||||
|
sha256hmac $INPUT_FILE --key $KEY
|
||||||
|
```
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
# Hashes References
|
# Hashes References
|
||||||
|
|
||||||
|
* [OWASP's Password Storage Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html)
|
||||||
|
|
||||||
## Hash Collisions
|
## Hash Collisions
|
||||||
|
|
||||||
[corkami's collisions collection](https://github.com/corkami/collisions.git)
|
[corkami's collisions collection](https://github.com/corkami/collisions.git)
|
|
@ -1,6 +1,30 @@
|
||||||
# OpenSSL Cheatsheet
|
# OpenSSL Cheatsheet
|
||||||
|
|
||||||
## Extract keys from PFX Cert
|
|
||||||
|
## Read X.509 Certificate
|
||||||
|
|
||||||
|
* A certificate can be read via
|
||||||
|
```sh
|
||||||
|
openssl x509 -in $CERT -text
|
||||||
|
```
|
||||||
|
|
||||||
|
## Generate CSR
|
||||||
|
|
||||||
|
* A Certificate Signing Request needs a private alongside the request for a cert.
|
||||||
|
This is done in the following way
|
||||||
|
```sh
|
||||||
|
openssl req -new -nodes -newkey rsa:4096 -keyout $PRIVATE_KEY -out $CERT_CSR
|
||||||
|
```
|
||||||
|
|
||||||
|
## Create an X.509 Certificate
|
||||||
|
|
||||||
|
* Create a X.509 certificate via
|
||||||
|
```sh
|
||||||
|
openssl x509 -newkey -nodes rsa:4096 -keyout $PRIVATE_KEY -out $CERT -sha256 -days 365
|
||||||
|
openssl req -new -x509 -keyout cert.pem -out cert.pem -days 365 -nodes
|
||||||
|
```
|
||||||
|
|
||||||
|
## Extract Keys from PFX Cert
|
||||||
|
|
||||||
* Key and cert form PFX
|
* Key and cert form PFX
|
||||||
```sh
|
```sh
|
||||||
|
@ -16,29 +40,92 @@ openssl pkcs12 -in *.pfx -out temp.pem -nodes
|
||||||
openssl pkcs12 -export -out *.pfx -in temp.pem
|
openssl pkcs12 -export -out *.pfx -in temp.pem
|
||||||
```
|
```
|
||||||
|
|
||||||
## Generate Certificate
|
|
||||||
|
|
||||||
```sh
|
|
||||||
openssl req -new -x509 -keyout cert.pem -out cert.pem -days 365 -nodes
|
|
||||||
```
|
|
||||||
## RSA
|
## RSA
|
||||||
|
|
||||||
### Decrypt RSA
|
### Read Parameters of a RSA Key
|
||||||
|
|
||||||
* Decrypt a RSA cipher with the private key
|
* Show parameters of the private key
|
||||||
```sh
|
```sh
|
||||||
openssl pkeyutl -decrypt -in $CIPHER -out $CLEAR_TEXT -inkey $PRIVATE_KEY
|
openssl rsa -in $PRIVATE_KEY -text -noout
|
||||||
```
|
```
|
||||||
|
|
||||||
* Deprecated version of RSA decryption is the following
|
### Create RSA Key
|
||||||
|
|
||||||
|
* Generate an OpenSSL RSA key via
|
||||||
```sh
|
```sh
|
||||||
openssl rsautl -decrypt -in $CIPHER -out $CLEAR_TEXT -inkey $PRIVATE_KEY
|
openssl genrsa -out $PRIVATE_KEY 4096
|
||||||
|
```
|
||||||
|
|
||||||
|
* Generate an OpenSSl RSA public key from a private key
|
||||||
|
```sh
|
||||||
|
openssl rsa -in $PRIVATE_KEY -pubout -out public-key.pem
|
||||||
```
|
```
|
||||||
|
|
||||||
### Encrypt RSA
|
### Encrypt RSA
|
||||||
|
|
||||||
* Encrypt RSA current and deprecated
|
* Encrypt RSA current and deprecated
|
||||||
```sh
|
```sh
|
||||||
openssl pkeyutl -encrypt -in $CLEAR_TEXT -out $CLEAR_TEXT -pubin -inkey $PRIVATE_KEY
|
openssl pkeyutl -encrypt -in $CLEAR_TEXT -out $CLEAR_TEXT -pubin -inkey $PUBLIC_KEY
|
||||||
openssl rsautl -encrypt -in $CLEAR_TEXT -out $ENCRYPTED -pubin -inkey $PRIVATE_KEY
|
openssl rsautl -encrypt -in $CLEAR_TEXT -out $ENCRYPTED -pubin -inkey $PUBLIC_KEY
|
||||||
|
```
|
||||||
|
|
||||||
|
### Decrypt RSA
|
||||||
|
|
||||||
|
* Decrypt a RSA cipher with the private key
|
||||||
|
```sh
|
||||||
|
openssl pkeyutl -decrypt -in $CIPHER -out $PLAIN_TEXT -inkey $PRIVATE_KEY
|
||||||
|
```
|
||||||
|
|
||||||
|
* Deprecated version of RSA decryption is the following
|
||||||
|
```sh
|
||||||
|
openssl rsautl -decrypt -in $CIPHER -out $PLAIN_TEXT -inkey $PRIVATE_KEY
|
||||||
|
```
|
||||||
|
|
||||||
|
## Diffie-Hellman
|
||||||
|
|
||||||
|
### Read Parameters of a DH Keys
|
||||||
|
|
||||||
|
* Output of a DH key is done the following way
|
||||||
|
```sh
|
||||||
|
openssl dhparam -in $PRIVATE_KEY -text -noout
|
||||||
|
```
|
||||||
|
|
||||||
|
### Create DH Key
|
||||||
|
|
||||||
|
* A Diffie-Hellman key can be created via
|
||||||
|
```sh
|
||||||
|
openssl dhparam -out $PRIVATE_KEY 4096
|
||||||
|
```
|
||||||
|
|
||||||
|
## AES
|
||||||
|
|
||||||
|
### Encrypt AES
|
||||||
|
|
||||||
|
* Encrypt AES
|
||||||
|
|
||||||
|
```sh
|
||||||
|
openssl aes-256-cbc -e -in $PLAIN_TEXT -out $CIPHER
|
||||||
|
```
|
||||||
|
|
||||||
|
### Decrypt AES
|
||||||
|
|
||||||
|
* Decrypt AES
|
||||||
|
```sh
|
||||||
|
openssl aes-256-cbc -d -in $CIPHER -out $PLAIN_TEXT
|
||||||
|
```
|
||||||
|
|
||||||
|
## PBKDF2
|
||||||
|
|
||||||
|
### Encrypt PBKDF2
|
||||||
|
|
||||||
|
* Encrypt file via PBKDF2 with 128000 iterations
|
||||||
|
```sh
|
||||||
|
openssl aes-256-cbc -pbkdf2 -iter 128000 -e -in $PLAIN_TEXT -out $CIPHER
|
||||||
|
```
|
||||||
|
|
||||||
|
### Decrypt PBKDF2
|
||||||
|
|
||||||
|
* Decrypt file via PBKDF2 with an iteration of 128000
|
||||||
|
```sh
|
||||||
|
openssl aes-256-cbc -pbkdf2 -iter 128000 -d -in $CIPHER -out $PLAIN_TEXT
|
||||||
```
|
```
|
||||||
|
|
|
@ -1,6 +1,18 @@
|
||||||
# Cryptography References
|
# Cryptography References
|
||||||
|
|
||||||
## Tools
|
## Tools
|
||||||
|
|
||||||
* [RsaCtfTool](https://github.com/RsaCtfTool/RsaCtfTool.git)
|
* [RsaCtfTool](https://github.com/RsaCtfTool/RsaCtfTool.git)
|
||||||
* [featherduster](https://github.com/nccgroup/featherduster.git)
|
* [featherduster](https://github.com/nccgroup/featherduster.git)
|
||||||
|
|
||||||
|
### Online Tools
|
||||||
|
|
||||||
|
* [quipquip](https://quipquip.com)
|
||||||
|
* [cryptii](https://cryptii.com/)
|
||||||
|
* [Boxentriq](https://www.boxentriq.com)
|
||||||
|
* [dcode](https://www.dcode.fr)
|
||||||
|
|
||||||
|
## Encryption Standards
|
||||||
|
|
||||||
|
* [AES](https://csrc.nist.gov/publications/detail/fips/197/final)
|
||||||
|
|
||||||
|
|
|
@ -99,7 +99,6 @@ For the most part these are (` macOS.*, windows.*, linux.* `)
|
||||||
|
|
||||||
* For example
|
* For example
|
||||||
* Truecryptpassphrase
|
* Truecryptpassphrase
|
||||||
* cmdscan, command history
|
|
||||||
* shutdowntime
|
* shutdowntime
|
||||||
|
|
||||||
|
* cmdscan, the command history is missing from volatility 3
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
# Wireshark
|
||||||
|
|
||||||
|
## Extracting USB Keystrokes
|
||||||
|
|
||||||
|
* Data between USB devices and the host can be filtered via tshark in order to display just the payload, e.g. keystrokes in the following way
|
||||||
|
```sh
|
||||||
|
tshark -r keystrokes.pcapng -Y "usb.transfer_type==0x01 and frame.len==35 and! (usb.capdata == 00:00:00:00:00:00:00:00)" -T fields -e usbhid.data > output.txt
|
||||||
|
```
|
||||||
|
|
||||||
|
* A lookup table is needed to [convert the USBHID data to ASCII values](https://gist.github.com/ImAnEnabler/091a9e1ee2d6a0805408e009e2f4a2b5)
|
||||||
|
```
|
||||||
|
python keystrokedecoder.py output.txt
|
||||||
|
```
|
||||||
|
|
Loading…
Reference in New Issue