Applied Cryptography(Bruce Schneier, 2015)

Summary Chapter: 2

· Protocols: A series of steps involving two or more parties, designed to complete a certain task. These steps should be executed in an ordered sequence for the successful operation of the task.

· If some processes do not accomplish any goal, then it is not a protocol.

· Characteristics of protocol: Everyone involved must know whole details about the protocol, they must agree to follow it, the protocol must be unambiguous, and protocol must be complete with every action defined for the possible situation.

· Cryptographic protocol: A protocol using cryptography. The protocol has some cryptographic algorithms that restrict some information that the involved parties are not allowed to know or learn. These protocols can be used to share some information, messages, transaction, signing a contract etc.

· “It is much easier to prove insecurity that it is to prove security”

· Daily life activities are also protocols that humans perform instinctively, but computers require a formal set of rules for every different protocol introduced.

· It is naïve to believe that computer network users, designers, and managers are trustworthy.

· An arbitrator: A third party trusted to complete a protocol who does not have any interest in the party involved or the protocol. Usually, used to settle disputes or validate some process. E, g., A lawyer in the real world.

· Arbitrator represents the vulnerable points for anyone attempting to destabilize the network, as everyone in the network must trust the arbitrator.

· Adjudicated Protocols: A disinterested third-party arbitrator whose task involves only when there are some disputes in the protocol execution. E.g., Judges in the real world.

· Adjudicator protocols detect cheating instead of preventing cheating.

· Self-Enforcing protocols: These protocols themselves guarantee fairness and require no need for an arbitrator or adjudicator. Any kind of attempted cheating on another party will be detected beforehand, hence preventing the need for those arbitrators. These protocols are limited to some situations only.

· Passive attacks: Observing the protocol to gain information. Difficult to detect, protocols try to prevent these attacks rather than to detect them.

· Active attacks: Introduce new messages, intervene communication between involved parties, delete existing messages etc for attackers’ own advantages.

· Cheater: Disrupting the protocol in an attempt to cheat or obtain information.

· One-way functions: An input into a function can produce an output, but the other way around is extremely difficult. Some exceptions to trapdoor one-way function- where it is easy to compute the input from the output with some secret information.

· One-way hash functions: Takes in pre-image and outputs a hash value. Typically, many to one function. A good one-way function should be collision-free i.e., two pre-images should be hard to generate with the same hash value.

· MAC (Message Authentication Codes): One-way hash function + secret key = hash value. This hash value can only be verified by someone with the key.

Command Line Basics(Karvinen, n.d.)

Summary:

· $pwd- print the working directory.

· ls- list files in the working directory.

· cd direc_name/ - Change directory to direc_name.

· cd .. – change directory up.

· less textfile – view text file and do other operations.

· nano foo.txt or vi foo.txt – text editor in terminal.

· mkdir newfolder – make new folder name newfolder.

· mv- move files to location or rename files with same extensions.

· rmdir- remove empty directory.

· rm -r: remove without warning, only do if necessary.

· ssh- opening the remote command shell securely.

· scp- Securely copy folder or files to remote directory (full remote directory path needed). E.g., scp -r Folder ishup@example.com:public_html/

· history: shows the commands history ran on the shell.

· sudo apt-get update: update list of available packages. (Need administrative privileges for the sudo command to run)

Security Penetration testing: The Art of Hacking Series LiveLessons(Santos Omar, 2017)

Lesson 6:

· Typical storage options: Most system stores credentials in the database as a text file. Web application stores credentials in SQL database and active directory domain credentials are stored in the proprietary database.

· Attackers can utilize various tools to dump the credentials out of the system memory.

· Passwords need to be protected in the storage side as well as on the network side and access should be provided to authorized users only.

· Passwords need to be changed frequently, same password for different devices and accounts should not be used.

· Use Virtual Private Network (VPN), while connecting to public network to prevent credentials sniffing in insecure networks.

· Some tools that load in dictionary or table of credentials or hashes into the network are Medusa, THC-Hydra, Brutus, Metaspoit, Dirbuster, wfuzz etc

· Dirbuster a build in tool in Kali-Linux can also be used for discovering directories and files in the web server.

· Caesar cipher, Vigenère cipher, ROT13 etc are some examples of encryption tool.

· If you want to protect a secret encrypt it.

· Easier to crack password nowadays due to the use of distributed computing process among CPUs and GPUs, weak algorithm, various password cracking tools like rainbow tables.

· Salting: Random bits added to the password before hashing.

· Protecting password:

- Organizational side: Securing and encrypting password using hashing algorithms and salting, securing storage, support longer password and renewing password over time.

- Consumer side: Strong combination password, different password for different accounts and devices, using two factor authentication etc

Cracking passwords with HashCat(Karvinen Tero, n.d.; Santos Omar, 2017)

· Systems stores passwords in the form of hashes.

· Install Hashcat:

• Sudo apt-get update

• Sudo apt-get -y install hashid hashcat wget

· Create a new directory

• mkdir hashed

• cd hashed

· Get a big dictionary

• wget https://github.com/danielmiessler/SecLists/raw/master/Passwords/Leaked-Databases/rockyou.txt.tar.gz

• tar xf rockyou.txt.tar.gz (extract the files)

• rm rockyou.txt.tar.gz (remove the tar file)

· Create a hashcode with one of the words in the rockyou.txt and crack it using hashcat

• Echo summer | md5sum

• hashid -m generated hashvalue (Analyse the hash)

• hashcat -m 0 ‘generated hashvalue’ rockyou.txt -o solved (cracking the password inside the dictionary file and saving into a file name ‘solved’)

• cat solved (display the hashvalue with the word)

· Self-testing in Debian:

• A separate hash was created first from another terminal window.

o Echo summer | md5sum

• The hash thus generated was used inside the directory to check for the matching password with the command.

o Hashcat -m 0 ‘hashvalue’ rockyou.txt -o solved

• Expectation: hashvalue: summer

• Result: Nothing was shown, thus created solved file does not have anything.

Cracking the hashes

21232f297a57a5a743894a0e4a801fc3: admin

f2477a144dff4f216ab81f2ac3e3207d: monkey

Analyzing the hash

· Using the hashid -m the hashvalue showed an unknown hash

· The hash seems like a combination of some salt and word

e.g. $2y$18$axMtQ4N8j/NQVItQJed9uORfsUK667RAWfycwFMtDBD6zAo1Se2eu

The whole hash was not recognized and prompted the error No hashes loaded.

The first part: $2y$18$axMtQ4N8j maybe some salt hence it was not analyzed by hashid.

The second part: NQVItQJed9uORfsUK667RAWfycwFMtDBD6zAo1Se2eu is a Cisco-IOS(SHA-256) hash with hashcat mode: 5700.

For this, the speed was 2904.0 kH/s.

However, the benchmark with hashcat for 5700 gave: 37916.1 kH/s (27.26ms) with CPU.

Extras

· hashcat -I did not show any GPU available for the system

Creating a hash id and cracking

· Added a word in the rockyou.txt file: holderIntheHouse

· Created a hash with same word in sha256sum: echo word | sha256sum

· Checked the hashcat mode with: hashid -m hashvalue

· Cracked the word with hashcat -m 1400 ‘hashvalue’ rockyou.txt -o filename

Another try with MD5 auto hashcrack

· Created a hashvalue using md5sum: echo borat | md5sum

· Used the hashvalue to crack: hashcat -a3 -m0 hashvalue ?l?l?l?l?l

· a3: bruteforce or mask attack, ?l?l?l?l?l: look for lower letter five character word.

References

Bruce Schneier. (2015). Applied Cryptography: Protocols, Algorithms and Source Code in C, 20th Anniversary edition. Https://Www.Oreilly.Com/Library/View/Applied-Cryptography-Protocols/9781119096726/10_chap02.Html.

Karvinen, T. (n.d.). Command Line basics Revisited. Https://Terokarvinen.Com/2020/Command-Line-Basics-Revisited/.

Karvinen Tero. (n.d.). Cracking Passwords with Hashcat. Https://Terokarvinen.Com/2022/Cracking-Passwords-with-Hashcat/.

Santos Omar, M. C. S. J. T. R. (2017, October). The Art of Hacking Series LiveLessons. Cisco Press.