THM Crypto101 Room
It is an explanation of some basics of cryptography in light of the crypto 101 room (this article contains some resources and Arabic tips)
[Task 1] What will this room cover?
This room will cover:
1
2
3
4
5
• Why cryptography matters for security and CTFs
• The two main classes of cryptography and their uses
• RSA, and some of the uses of RSA
• 2 methods of Key Exchange
• Notes about the future of encryption with the rise of Quantum Computing
[Task 2] Key terms
#1 I agree not to complain too much about how theory heavy this room is :
ANSWER: No answer needed
#2 Are SSH keys protected with a passphrase or a password :
ANSWER: passphrase
Cause : Passphrase Separate to the key, a passphrase is similar to a password and used to protect a key.
[Task 3] Why is Encryption important?
#1 What does SSH stand for? :
ANSWER: Secure Shell
Cause : What is SSH
#2 How do web servers prove their identity?
Answer : certificates
Cause : When you connect to your bank, there’s a certificate that uses cryptography to prove that it is actually your bank rather than a hacker.
#3 What is the main set of standards you need to comply with if you store or process payment card details?
Answer : PCI-DSS
Cause : Whenever sensitive user data needs to be stored, it should be encrypted. Standards like PCI-DSS state that the data should be encrypted both at rest (in storage) AND while being transmitted. If you’re handling payment card details, you need to comply with these PCI regulations.
[Task 4] Crucial Crypto Maths
Arabic Tip
كيف تجيب باقي القسمة رياضيا
مثال : 25 % 7
1# هنقسم 25 % 7
2# هنجيب أول عدد صحيح قبل 3,5 وهو 3
3# ثم نضرب 3 في 7 لأن 7 هو المقسوم عليه في المسألة الأصلية .. أذن 3 * 7 = 21
4# نطرح 21 من المقسوم .. 25 - 21 = 4
5# أذن باقي القسمة = 4
#1 What’s 30 % 5?
Answer : 0
Cause : 5*6 = 30 so it divides exactly with no remainder
#2 What’s 25 % 7
Answer : 4
Cause : You can watch this Video to know how to do modulo operation
#3 What’s 118613842 % 9091
Answer : 3565
Cause : you can do it using this site or using this python code
1
2
a = 118613842 % 9091
print (a)
[Task 5] Types of Encryption
#1 Should you trust DES? Yea/Nay
Answer : Nay
Cause : DES, the Data Encryption Standard, can no longer be considered secure. While no major flaws in its innards are known, it is fundamentally inadequate because its 56-bit key is too short. It is vulnerable to brute-force search of the whole key space, either by large collections of general-purpose machines or even more quickly by specialized hardware
#2 What was the result of the attempt to make DES more secure so that it could be used for longer?
Answer : Triple DES
Cause : You can read about Triple Des Here
#3 Is it ok to share your public key? Yea/Nay
Answer : Yea
Cause : You can share your public key with anyone who wants to communicate with you; it doesn’t matter who sees it.
[Task 6] RSA – Rivest Shamir Adleman
Arabic resource
ممكن تشوف الفيديو ده لتعرف كيف تعمل هذه الخوارزمية …
#1 p= 4391, q= 6659. What is n?
Answer : 29239669
Cause : 4391 * 6659 = 29239669 .. you can do it using this python code
1
2
a = 4391 * 6659
print (a)
#2 I understand enough about RSA to move on, and I know where to look to learn more if I want to.
ANSWER: No answer needed
[Task 7] Establishing Keys Using Asymmetric Cryptography
#1 I understand how keys can be established using Public Key (asymmetric) cryptography.
ANSWER: No answer needed
Arabic resource
ممكن تشوف الفيديو ده لتفهم أكثر هذة الفقرة والفقرة القادمة
[Task 8] Digital signatures and Certificates
#1 What company is TryHackMe’s certificate issued to?
Answer : CloudFlare
How to Know :
[Task 9] SSH Authentication
#1 I recommend giving this a go yourself. Deploy a VM, like Learn Linux and try to add an SSH key and log in with the private key.
Answer : No answer needed
#2 Download the SSH Private Key attached to this room.
Answer : No answer needed
#3 What algorithm does the key use?
Answer : RSA
How To know : These are two ways of how to do it
#4 Crack the password with John The Ripper and rockyou, what’s the passphrase for the key?
Answer : delicious
How to do that :
python /usr/share/john/ssh2john.py file_location > /hash_location/hash_name
john /hash_location/hash_name --wordlist=/usr/share/wordlists/rockyou.txt
My operation :
[Task 10] Explaining Diffie Hellman Key Exchange
#1 I understand how Diffie Hellman Key Exchange works at a basic level
ANSWER: No answer needed
[Task 11] PGP, GPG and AES
#1 Time to try some GPG. Download the archive attached and extract it somewhere sensible.
ANSWER: No answer needed
#2 You have the private key, and a file encrypted with the public key. Decrypt the file. What’s the secret word?
Answer : Pineapple
How to do that :
[Task 12] The Future – Quantum Computers and Encryption
#1 I understand that quantum computers affect the future of encryption. I know where to look if I want to learn more.
ANSWER: No answer needed
Arabic resources :
The End