Lab 1: Encrypt the Information using Various Cryptography Too

Lab 1: Encrypt the Information using Various Cryptography Tools


Module 20: Cryptography

Lab 1: Encrypt the Information using Various Cryptography Tools

Task 1: Calculate One-way Hashes using HashCalc



D:\CEH-Tools\CEHv11 Module 20 Cryptography\MD5 and MD6 Hash Calculators\HashCalc 

setup.exe.

to hash something just click the 3 dots upload it and hit calculate

you can test it by changing the text of the file or code that you uploaded and it will show a new hash 

super easy you can open 2 of them to compare the hashes if needed 




---------------------------------------------------------------------------------------------------------------------------------------


Module 20: Cryptography

Lab 1: Encrypt the Information using Various Cryptography Tools


Task 2: Calculate MD5 Hashes using MD5 Calculator




D:\CEH-Tools\CEHv11 Module 20 Cryptography\MD5 and MD6 Hash Calculators\MD5 Calculator

md5calc(1.0.0.0).msi.

you just right click on text document and press md5 calculator and it will show you the results





---------------------------------------------------------------------------------------------------------------------------------------


Module 20: Cryptography

Lab 1: Encrypt the Information using Various Cryptography Tools

Task 3: Calculate MD5 Hashes using HashMyFiles



HashMyFiles is a small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system: you can 

easily copy the MD5/SHA1 hashes list into the clipboard, or save them into text/html/xml file. HashMyFiles can also be launched from

 the context menu of Windows Explorer, and can display the MD5/SHA1 hashes of the selected file or folder.


Here, we will use the HashMyFiles tool to calculate MD5 hashes.


refer to blog 



---------------------------------------------------------------------------------------------------------------------------------------





Module 20: Cryptography

Lab 1: Encrypt the Information using Various Cryptography Tools


Task 4: Perform File and Text Message Encryption using CryptoForge




CryptoForge is a file encryption software for personal and professional data security. It allows you to protect the privacy of 

sensitive files, folders, or email messages by encrypting them with strong encryption algorithms. Once the information has been 

encrypted, it can be stored on insecure media or transmitted on an insecure network—such as the Internet—and remain private. Later,

 the information can be decrypted into its original form.


Here, we will use the CryptoForge tool to encrypt a file and text message.






refer to blog 



---------------------------------------------------------------------------------------------------------------------------------------




Module 20: Cryptography

Lab 1: Encrypt the Information using Various Cryptography Tools


Task 5: Encrypt and Decrypt Data using BCTextEncoder






BCTextEncoder simplifies encoding and decoding text data. Plain text data are compressed, encrypted, and converted to text format, which

 can then be easily copied to the clipboard or saved as a text file. This utility software uses public key encryption methods and

 password-based encryption, as well as strong and approved symmetric and public key algorithms for data encryption.


Here, we will use the BCTextEncoder tool to encrypt and decrypt data.




refer to blog 



---------------------------------------------------------------------------------------------------------------------------------------








Lab Scenario

As a professional ethical hacker and penetration tester, you should use various cryptography techniques or tools to protect confidential data against unauthorized access. Cryptography protects confidential data such as email messages, chat sessions, web transactions, personal data, corporate data, e-commerce applications, and many other kinds of communication. Encrypted messages can at times be decrypted by cryptanalysis (code breaking), although modern encryption techniques are virtually unbreakable.

The labs in this exercise demonstrate how you can use various cryptography tools to encrypt important information in the system.

Lab Objectives

  • Calculate one-way hashes using HashCalc
  • Calculate MD5 hashes using MD5 Calculator
  • Calculate MD5 hashes using HashMyFiles
  • Perform file and text message encryption using CryptoForge
  • Encrypt and decrypt data using BCTextEncoder

Overview of Cryptography Tools

System administrators use cryptography tools to encrypt system data within their network to prevent attackers from modifying the data or misusing it in other ways. Cryptography tools can also be used to calculate or decrypt hash functions available in MD4, MD5, SHA-1, SHA-256, etc.

Cryptography tools are used to convert the information present in plain text (readable format) into cipher text (unreadable format) using a key or encryption scheme. The converted data are in the form of a scrambled code that is encrypted and sent across a private or public network.

Task 1: Calculate One-way Hashes using HashCalc

Hash functions calculate a unique fixed-size bit string representation, called a message digest, of any arbitrary block of information. Message digest (One-way Hash) functions distill the information contained in a file (small or large) into a single fixed-length number, typically between 128 and 256 bits. If any given bit of the function’s input is changed, every output bit has a 50% chance of changing. Given an input file and its corresponding message digest, it should be nearly impossible to find another file with the same message digest value, as it is computationally infeasible to have two files with the same message digest value.

HashCalc enables you to compute multiple hashes, checksums, and HMACs for files, text, and hex strings. It supports the Secure Hash Algorithm family: MD2, MD4, MD5, SHA1, SHA2 (SHA256, SHA384, SHA512), RIPEMD160, PANAMA, TIGER, CRC32, ADLER32, and the hash used in the peer-to-peer file sharing applications, eDonkey and eMule.

Here, we will use the HashCalc tool to calculate one-way hashes.

  1. Click Windows 10 to switch to the Windows 10 machine. click Ctrl+Alt+Delete to activate it. By default, Admin user profile is selected, click Pa$$w0rd to paste the password in the Password field and press Enter to login.

    Alternatively, you can also click Pa$$w0rd under Windows 10 machine thumbnail in the Resources pane or Click Type Text | Type Password button under Commands (thunder icon) menu.

    If Welcome to Windows wizard appears, click Continue and in Sign in with Microsoft wizard, click Cancel.

    Networks screen appears, click Yes to allow your PC to be discoverable by other PCs and devices on the network.

    Screenshot

  2. Navigate to D:\CEH-Tools\CEHv11 Module 20 Cryptography\MD5 and MD6 Hash Calculators\HashCalc and double click setup.exe.

    If the User Account Control pop-up appears, click Yes.

  3. Setup - HashCalc window appears, click Next.

    cry1.jpg

  4. Follow the installation wizard to install HashCalc using all default settings.

  5. After the completion of the installation, Completing the HashCalc Setup Wizard appears. Uncheck the View the README file checkbox and click Finish.

    cry2.jpg

  6. The HashCalc main window appears, as shown in the screenshot.

    cry3.jpg

  7. Minimize the HashCalc window. Navigate to Desktop, right-click on the Desktop window, and navigate to New --> Text Document to create a new text file.

    You can create a text file at any location of your choice.

  8. A newly created text file appears; rename it to Test.txt and open it. Write some text in it (here, Hello World !!) and press Ctrl+S to save the file. Close the text file.

    cry5.jpg

  9. Now, switch back to the HashCalc window; ensure that the File option is selected in the Data Format field and click ellipsis icon under the Data filed.

    cry.3.jpg

  10. The Find window appears, navigate to the location where you saved the Test.txt file (here, Desktop) and click Open.

    cry6.jpg

  11. The path of the selected file (Test.txt) appears under the Data field. Ensure that the MD5, SHA1, RIPEMD160, and CRC32 hash functions are selected. Click the Calculate button.

    cry7.jpg

  12. The calculated hash values of the Test.txt file appears, as shown in the screenshot.

    cry8.jpg

  13. Minimize the HashCalc window, navigate to Desktop, and double-click the Test.txt file to open it. Modify the file content by writing some text (here, Modified File …!!!) and press Ctrl+S to save it. Close the text file.

    cry9.jpg

  14. Now, double-click HashCalc shortcut from Desktop to launch another HashCalc window.

  15. A new HashCalc window appears, perform Steps #9-12

  16. Now, maximize the first HashCalc window and place it beside the second HashCalc window. You can observe changes in the hash values of the text file (Test.txt) before and after the modification, as shown in the screenshot.

    cry11.png

    In real-time, the HashCalc tool is used to check the integrity of a file where the changes in the hash values indicate that the file content has been modified.

  17. This concludes the demonstration of calculating one-way hashes using HashCalc.

  18. Close all open windows and document all the acquired information.

Task 2: Calculate MD5 Hashes using MD5 Calculator

MD2, MD4, MD5, and MD6 are message digest algorithms used in digital signature applications to compress documents securely before the system signs it with a private key. The algorithms can be of variable length, but the resulting message digest is always 128 bits.

The MD5 algorithm is a widely used cryptographic hash function that takes a message of arbitrary length as input and outputs a 128-bit (16-byte) fingerprint or message digest of the input. The MD5 algorithm is used in a wide variety of cryptographic applications and is useful for digital signature applications, file integrity checking, and storing passwords.

MD5 Calculator is a simple application that calculates the MD5 hash of a given file, and it can be used with large files (e.g., multiple gigabytes). It features a progress counter and a text field from which the final MD5 hash can be easily copied to the clipboard. MD5 calculator can be used to check the integrity of a file.

Here, we will use the MD5 Calculator tool to calculate MD5 hashes.

  1. In the Windows 10 machine, navigate to D:\CEH-Tools\CEHv11 Module 20 Cryptography\MD5 and MD6 Hash Calculators\MD5 Calculator and double-click md5calc(1.0.0.0).msi.

    2020-06-30_16-43-09.png

  2. The MD5 Calculator setup window appears; click Next.

    cry12.jpg

  3. Follow the installation wizard to install the MD5 Calculator using all default settings.

    If a User Account Control pop-up appears, click Yes.

  4. After the completion of the installation, the Installation Complete wizard appears; click Close.

    cry13.jpg

  5. Navigate to Desktop, right-click on the text file (Test.txt) that we created in the previous task, and click MD5 Calculator from the context menu to calculate the MD5 hash of the file.

    cry14.jpg

  6. The MD5 Calculator window appears, with the path of file under the File Name field and MD5 hash value under the MD5 Digest field, as shown in the screenshot.

  7. Copy the MD5 hash value from the MD5 Digest field.

    cry15.jpg

  8. Now, double-click the Test.txt file from Desktop to open it and change the content of the file by inserting text within (here, Hello World…!!!). Save and close the Test.txt file.

    cry16.jpg

  9. After changing the file content, again right-click on the text file (Test.txt) and click MD5 Calculator from the context menu to calculate the MD5 hash of the file.

  10. A new MD5 Calculator window appears, with the MD5 hash value under the MD5 Digest field. In the Compare To field, paste the copied MD5 hash value of the file before it was modified.

  11. The symbol (<>) between the MD5 Digest and Compare To fields indicates that the MD5 hash values of the file before modification is not equal to the MD5 hash value of the file after modification.

    12121.jpg

    If a person wants to send a file to another person via a medium, they will calculate its hashes and send the file (along with the hash value) to the intended person. When the intended person receives the email, they will download the file and calculate its value using the MD5 Calculator.

    The recipient compares the generated hash value with the hash value that was sent through email: if both tally, it is evident that they received the file without any modifications by a third person and that the integrity of the file is intact.

  12. This concludes the demonstration of calculating MD5 hashes using MD5 Calculator.

  13. Close all open windows and document all the acquired information.

Task 3: Calculate MD5 Hashes using HashMyFiles

HashMyFiles is a small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system: you can easily copy the MD5/SHA1 hashes list into the clipboard, or save them into text/html/xml file. HashMyFiles can also be launched from the context menu of Windows Explorer, and can display the MD5/SHA1 hashes of the selected file or folder.

Here, we will use the HashMyFiles tool to calculate MD5 hashes.

  1. In the Windows 10 machine, navigate to D:\CEH-Tools\CEHv11 Module 20 Cryptography\MD5 and MD6 Hash Calculators\HashMyFiles and double-click HashMyFiles.exe.

    2020-06-30_16-44-29.png

  2. The HashMyFiles main window appears, as shown in the screenshot.

    cry18.jpg

  3. In the HashMyFiles window, click Files from the menu bar. From the drop-down list, click the Add Folder option.

    You can also use the Add Files option to add multiple files.

    cry19.jpg

  4. The Select Folder pop-up appears; click on the ellipsis icon to select the folder you want to encrypt.

  5. The Browse for Folder window appears; navigate to D:\CEH-Tools\CEHv11 Module 20 Cryptography\MD5 and MD6 Hash Calculators\HashMyFiles and select the Sample Files folder; then, click OK.

    You can select any folder of your choice that you wish to encrypt.

    cry20.jpg

  6. The location of the selected folder appears in the field; click OK.

  7. A list of files contained in the folder appears, along with their various hash values such as MD5, SHA1, CRC32, etc.

    cry21.jpg

  8. In the HashMyFiles window, click Options from the menu bar and choose Hash Types from the options. You can observe a list of hash functions such as MD5, SHA1, CRC32, SHA-256, SHA-512, and SHA-384, which you can choose (here, the MD5, SHA1, and CRC32 hash functions were selected).

    cry22.jpg

    In real-time, you may share confidential information in the folder in an encrypted form to maintain its integrity.

  9. This concludes the demonstration of calculating MD5 hashes using HashMyFiles.

  10. You can also use other MD5 and MD6 hash calculators such as MD6 Hash Generator (https://www.browserling.com), All Hash Generator (https://www.browserling.com), MD6 Hash Generator (https://convert-tool.com), and md5 hash calculator (https://onlinehashtools.com) to calculate MD5 and MD6 hashes.

  11. Close all open windows and document all the acquired information.

Task 4: Perform File and Text Message Encryption using CryptoForge

CryptoForge is a file encryption software for personal and professional data security. It allows you to protect the privacy of sensitive files, folders, or email messages by encrypting them with strong encryption algorithms. Once the information has been encrypted, it can be stored on insecure media or transmitted on an insecure network—such as the Internet—and remain private. Later, the information can be decrypted into its original form.

Here, we will use the CryptoForge tool to encrypt a file and text message.

  1. Click on Windows Server 2019 to switch to the Windows Server 2019 machine, click Ctrl+Alt+Delete to activate the machine. By default, Administrator profile is selected, click on Pa$$w0rd to enter password in the password field and press Enter.

    Networks screen appears, click Yes to allow your PC to be discoverable by other PCs and devices on the network.

    Screenshot

  2. Navigate to Z:\CEHv11 Module 20 Cryptography\Cryptography Tools\CryptoForge and double-click CryptoForge.exe.

    If a User Account Control pop-up appears, click Yes.

    2020-06-30_16-46-42.png

  3. The CryptoForge Installation window appears; click Next.

    cry23.jpg

  4. Follow the installation steps to install the application using all default settings.

  5. After completion of the installation, CryptoForge installation successful wizard appears; click Finish.

    cry24.jpg

  6. Now, click on Windows 10 to switch to the Windows 10 machine.

  7. Navigate to D:\CEH-Tools\CEHv11 Module 20 Cryptography\Cryptography Tools\CryptoForge, double-click CryptoForge.exe, and follow the steps to install the application using default settings.

    2020-06-30_16-47-44.png

  8. Right-click the Confidential.txt file located at the same location (D:\CEH-Tools\CEHv11 Module 20 Cryptography\Cryptography Tools\CryptoForge) and select Encrypt from the context menu.

    In this task, we are encrypting the Confidential.txt file, although you can encrypt any file of your choice.

    cry25.jpg

  9. The Enter Passphrase - CryptoForge Files dialog-box appears; type a password in the Passphrase field, retype it in the Confirm field, and click OK. The password used in this lab is qwerty@1234.

    cry26.jpg

  10. Now, the file will be encrypted in the same location, and the old file will be deleted automatically, as shown in the screenshot.

    No one can access this file unless the user provides the password for the encrypted file. You will have to share the password with the user through message, email, or any other means.

    cry27.jpg

  11. Let us assume that you shared this file through a shared network drive.

  12. Now, click on Windows Server 2019 to switch to the Windows Server 2019 machine and navigate to Z:\CEHv11 Module 20 Cryptography\Cryptography Tools\CryptoForge. You will observe the encrypted file in this location.

  13. Double-click the encrypted file to decrypt it and view its contents.

    cry28.jpg

  14. The Enter Passphrase - CryptoForge Files dialog-box appears; enter the password that you have provided in Step#9 to encrypt the file and click OK.

    cry29.jpg

  15. Upon entering the password, the file will be successfully decrypted. You may now double-click the text file to view its contents.

    Screenshot

  16. So far, you have seen how to encrypt a file and share it with the intended user. Now, we shall share an encrypted message with a user.

  17. In the Windows Server 2019 machine, click the Start icon present in the bottom-left corner of Desktop and click CryptoForge Text from the apps to launch the application.

  18. The CryptoForge Text window appears; type a message and click Encrypt from the toolbar.

    cry30.jpg

  19. The Enter Passphrase - CryptoForge Text dialog-box appears; type a password in the Passphrase field, retype it in the Confirm field, and click OK. The password used in this lab is test@123.

    cry31.jpg

  20. The message that you have typed will be encrypted, as shown in the screenshot.

    cry32.jpg

  21. Now, you need to save the file. Click File in the menu bar and click Save.

    cry33.jpg

  22. The Save As window appears; navigate to Z:\CEHv11 Module 20 Cryptography\Cryptography Tools\CryptoForge, specify the file name as Secret Message.cfd, and click Save.

    Screenshot

  23. Close the CryptoForge Text window.

  24. Now, let us assume that you shared the file through the mapped network drive and shared the password to decrypt the file in an email message or through some other means.

  25. Click on Windows 10 to switch to the Windows 10 machine and navigate to D:\CEH-Tools\CEHv11 Module 20 Cryptography\Cryptography Tools\CryptoForge.

  26. You will observe the encrypted file in this location; double-click the file Secret Message.cfd.

    Screenshot

  27. The CryptoForge Text window appears, displaying the message in an encrypted format. Click Decrypt from the toolbar to decrypt it.

    Screenshot

  28. The Enter Passphrase - CryptoForge Text dialog-box appears; enter the password you provided in Step#19 to decrypt the message in the Passphrase field and click OK.

    Screenshot

  29. The CryptoForge Text window appears, displaying the message in plain-text format, as shown in the screenshot.

    In real-time, you may share sensitive information through email by encrypting data using CryptoForge.

    Screenshot

  30. This concludes the demonstration of performing file and text message encryption using CryptoForge.

  31. Close all open windows and document all the acquired information.

Task 5: Encrypt and Decrypt Data using BCTextEncoder

BCTextEncoder simplifies encoding and decoding text data. Plain text data are compressed, encrypted, and converted to text format, which can then be easily copied to the clipboard or saved as a text file. This utility software uses public key encryption methods and password-based encryption, as well as strong and approved symmetric and public key algorithms for data encryption.

Here, we will use the BCTextEncoder tool to encrypt and decrypt data.

  1. In the Windows 10 machine, navigate to D:\CEH-Tools\CEHv11 Module 20 Cryptography\Cryptography Tools\BCTextEncoder and double click BCTextEncoder_v.1.03.2.1.exe.

    2020-06-30_16-51-11.png

  2. The BCTextEncoder Utility window appears, as shown in the screenshot.

    cry49.jpg

  3. To encrypt the text, insert text in the clipboard.

    Or

    Select the data that you want to encode and paste it to the clipboard by pressing Ctrl+V.

  4. Ensure that the password option is selected in the Encode by field and click Encode.

    cry51.jpg

  5. The Enter password pop-up appears; enter the password into the Password field and retype it in the Confirm field; then, click OK. (Here, we use the password test@123).

    cry52.jpg

  6. BCTextEncoder encodes the text and displays it in under the Encoded text section, as shown in the screenshot.

    cry54.jpg

  7. To decrypt the data, first, you need to clean the Decoded plain text in the clipboard, and then click the Decode button.

    cry55.jpg

  8. The Enter password for encoding text dialog-box appears; insert the Password (test@123) into the password field and click OK.

    cry56.jpg

  9. The decoded plain text appears under the Decoded plain text section, as shown in the screenshot.

    cry57.jpg

    In real-time, using this procedure, you can encode the text while sending it to the intended user along with the password used for encryption. The user for whom the text is intended should have the BCTextEncoder application installed on his/her machine. He/she will have to paste the encoded text into the Encoded text section and use the password you shared, to decode it to plain text.

  10. This concludes the demonstration of encrypting and decrypting the data using BCTextEncoder.

  11. You can also use other cryptography tools such as AxCrypt (https://www.axcrypt.net), Microsoft Cryptography Tools (https://docs.microsoft.com), and Concealer (https://www.belightsoft.com) to encrypt confidential data.

  12. Close all open windows and document all the acquired information.

Comments

Post a Comment

Popular posts from this blog

Lab 7: Perform Enumeration using Various Enumeration Tools

Image
  Lab 7: Perform Enumeration using Various Enumeration Tools Module 04: Enumeration Lab 7: Perform Enumeration using Various Enumeration Tools Task 1: Enumerate Information using Global Network Inventory Task 2: Enumerate Network Resources using Advanced IP Scanner Task 3: Enumerate Information from Windows and Samba Hosts using Enum4linux The details obtained in the previous steps might not reveal all potential vulnerabilities in the target network.  There may be more information available that could help attackers to identify loopholes to exploit. As an ethical hacker,  you should use a range of tools to find as much information as possible about the target network’s systems. This lab activity  will demonstrate further enumeration tools for extracting even more information about the target system. refer to blog Lab Scenario The details obtained in the previous steps might not reveal all potential vulnerabilities in the target network. There may be more information ...
Read more

Lab 1: Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools

Image
Lab 1: Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools Lab Scenario As an ethical hacker, you must try to obtain as much information as possible about the target cloud environment using various enumeration tools. This lab will demonstrate various S3 bucket enumeration tools that can help you in extracting the list of publicly available S3 buckets. Lab Objectives Enumerate S3 buckets using lazys3 Enumerate S3 buckets using S3Scanner Overview of Enumeration Tools Enumeration tools are used to collect detailed information about target systems to exploit them. Information collected by S3 enumeration tools consists of a list of misconfigured S3 buckets that are available publicly. Attackers can exploit these buckets to gain unauthorized access to them. Moreover, they can modify, delete, and exfiltrate the bucket content. Task 1: Enumerate S3 Buckets using lazys3 lazys3 is a Ruby script tool that is used to brute-force AWS S3 buckets using different permutations. This...
Read more

Lab 2: Perform Vulnerability Assessment using Various Vulnerability Assessment Tools

Image
  Lab 2: Perform Vulnerability Assessment using Various Vulnerability Assessment Tools Module 05: Vulnerability Analysis Lab 2: Perform Vulnerability Assessment using Various Vulnerability Assessment Tools Task 1: Perform Vulnerability Analysis using OpenVAS OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability  scanning and vulnerability management solution. Its capabilities include unauthenticated testing, authenticated testing,  various high level and low-level Internet and industrial protocols, performance tuning for large-scale scans, and a powerful  internal programming language to implement any vulnerability test. The actual security scanner is accompanied with a regularly  updated feed of Network Vulnerability Tests (NVTs)—over 50,000 in total. Vulnerability Analysis to identify security loopholes using Parrot Security / OpenVAS // Vulnerability Assessment  - Applications --> Pentesting --> Vu...
Read more