This commit is contained in:
Stefan Friese 2023-02-09 21:31:25 +01:00
parent d69b26e706
commit 44d0de01ed
19 changed files with 172 additions and 16 deletions

View File

@ -0,0 +1,24 @@
# GPG Cheatsheet
## Encryption via GPG
* Encryption of a file via gpg
```sh
gpg --symmetric --cipher-algo <algorithm> $PLAIN_TEXT
```
### Armored Encryption via GPG
* ASCII armored encryption output is done via
```sh
gpg --armor --symmetric --cipher-algo <algorithm> $PLAIN_TEXT
```
## Decryption via GPG
* Decryption of a file via gpg
```sh
gpg --output original_message.txt --decrypt $CIPHER
```

View File

@ -0,0 +1,18 @@
# Hash Cheatsheet
## Create Hash
* Generate a SHA256 hash
```sh
sha256sum $INPUT_FILE
```
## Create MAC
* Both tools produce the same MAC in the following way
```sh
hmac256 $KEY $INPUT_FILE
sha256hmac $INPUT_FILE --key $KEY
```

View File

@ -1,5 +1,7 @@
# Hashes References
* [OWASP's Password Storage Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html)
## Hash Collisions
[corkami's collisions collection](https://github.com/corkami/collisions.git)

View File

@ -1,6 +1,30 @@
# OpenSSL Cheatsheet
## Extract keys from PFX Cert
## Read X.509 Certificate
* A certificate can be read via
```sh
openssl x509 -in $CERT -text
```
## Generate CSR
* A Certificate Signing Request needs a private alongside the request for a cert.
This is done in the following way
```sh
openssl req -new -nodes -newkey rsa:4096 -keyout $PRIVATE_KEY -out $CERT_CSR
```
## Create an X.509 Certificate
* Create a X.509 certificate via
```sh
openssl x509 -newkey -nodes rsa:4096 -keyout $PRIVATE_KEY -out $CERT -sha256 -days 365
openssl req -new -x509 -keyout cert.pem -out cert.pem -days 365 -nodes
```
## Extract Keys from PFX Cert
* Key and cert form PFX
```sh
@ -16,29 +40,92 @@ openssl pkcs12 -in *.pfx -out temp.pem -nodes
openssl pkcs12 -export -out *.pfx -in temp.pem
```
## Generate Certificate
```sh
openssl req -new -x509 -keyout cert.pem -out cert.pem -days 365 -nodes
```
## RSA
### Decrypt RSA
### Read Parameters of a RSA Key
* Decrypt a RSA cipher with the private key
* Show parameters of the private key
```sh
openssl pkeyutl -decrypt -in $CIPHER -out $CLEAR_TEXT -inkey $PRIVATE_KEY
openssl rsa -in $PRIVATE_KEY -text -noout
```
* Deprecated version of RSA decryption is the following
### Create RSA Key
* Generate an OpenSSL RSA key via
```sh
openssl rsautl -decrypt -in $CIPHER -out $CLEAR_TEXT -inkey $PRIVATE_KEY
openssl genrsa -out $PRIVATE_KEY 4096
```
* Generate an OpenSSl RSA public key from a private key
```sh
openssl rsa -in $PRIVATE_KEY -pubout -out public-key.pem
```
### Encrypt RSA
* Encrypt RSA current and deprecated
```sh
openssl pkeyutl -encrypt -in $CLEAR_TEXT -out $CLEAR_TEXT -pubin -inkey $PRIVATE_KEY
openssl rsautl -encrypt -in $CLEAR_TEXT -out $ENCRYPTED -pubin -inkey $PRIVATE_KEY
openssl pkeyutl -encrypt -in $CLEAR_TEXT -out $CLEAR_TEXT -pubin -inkey $PUBLIC_KEY
openssl rsautl -encrypt -in $CLEAR_TEXT -out $ENCRYPTED -pubin -inkey $PUBLIC_KEY
```
### Decrypt RSA
* Decrypt a RSA cipher with the private key
```sh
openssl pkeyutl -decrypt -in $CIPHER -out $PLAIN_TEXT -inkey $PRIVATE_KEY
```
* Deprecated version of RSA decryption is the following
```sh
openssl rsautl -decrypt -in $CIPHER -out $PLAIN_TEXT -inkey $PRIVATE_KEY
```
## Diffie-Hellman
### Read Parameters of a DH Keys
* Output of a DH key is done the following way
```sh
openssl dhparam -in $PRIVATE_KEY -text -noout
```
### Create DH Key
* A Diffie-Hellman key can be created via
```sh
openssl dhparam -out $PRIVATE_KEY 4096
```
## AES
### Encrypt AES
* Encrypt AES
```sh
openssl aes-256-cbc -e -in $PLAIN_TEXT -out $CIPHER
```
### Decrypt AES
* Decrypt AES
```sh
openssl aes-256-cbc -d -in $CIPHER -out $PLAIN_TEXT
```
## PBKDF2
### Encrypt PBKDF2
* Encrypt file via PBKDF2 with 128000 iterations
```sh
openssl aes-256-cbc -pbkdf2 -iter 128000 -e -in $PLAIN_TEXT -out $CIPHER
```
### Decrypt PBKDF2
* Decrypt file via PBKDF2 with an iteration of 128000
```sh
openssl aes-256-cbc -pbkdf2 -iter 128000 -d -in $CIPHER -out $PLAIN_TEXT
```

View File

@ -4,3 +4,15 @@
* [RsaCtfTool](https://github.com/RsaCtfTool/RsaCtfTool.git)
* [featherduster](https://github.com/nccgroup/featherduster.git)
### Online Tools
* [quipquip](https://quipquip.com)
* [cryptii](https://cryptii.com/)
* [Boxentriq](https://www.boxentriq.com)
* [dcode](https://www.dcode.fr)
## Encryption Standards
* [AES](https://csrc.nist.gov/publications/detail/fips/197/final)

View File

@ -99,7 +99,6 @@ For the most part these are (` macOS.*, windows.*, linux.* `)
* For example
* Truecryptpassphrase
* cmdscan, command history
* shutdowntime
* cmdscan, the command history is missing from volatility 3

14
Forensics/Wireshark.md Normal file
View File

@ -0,0 +1,14 @@
# Wireshark
## Extracting USB Keystrokes
* Data between USB devices and the host can be filtered via tshark in order to display just the payload, e.g. keystrokes in the following way
```sh
tshark -r keystrokes.pcapng -Y "usb.transfer_type==0x01 and frame.len==35 and! (usb.capdata == 00:00:00:00:00:00:00:00)" -T fields -e usbhid.data > output.txt
```
* A lookup table is needed to [convert the USBHID data to ASCII values](https://gist.github.com/ImAnEnabler/091a9e1ee2d6a0805408e009e2f4a2b5)
```
python keystrokedecoder.py output.txt
```