📔
eCPPTv2 Notes
  • About
  • 1-System Security
    • Architecture Fundamentals
      • Security Implementations
      • References
    • Assembler Debuggers and Tool Arsenal
      • Compiler
      • NASM
      • Tool Arsenal
      • References
    • Buffer Overflow
      • Finding Buffer Overflows
      • Exploiting Buffer Overflow
      • Security Implementations
      • References
    • Shellcoding
      • Types of Shellcode
      • Encoding of Shellcode
      • Debugging a Shellcode
      • Creating our First Shellcode
      • More Advanced Shellcode
      • Shellcode and Payload Generators
      • References
    • Cryptography and Password Cracking
      • Cryptography Hash Function
      • Public Key Infrastructure
      • Pretty Good Privacy (PGP)
      • Secure Shell (SSH)
      • Cryptographic Attack
      • Security Pitfalls
      • Windows 2000/XP/2k3/Vista/7/8 Passwords
      • References
    • MALWARE
      • Techniques Used by Malware
      • How Malware Spreads
      • Samples
      • References
  • 2-Network Security
    • Information Gathering
      • Search Engines
      • Social Media
      • Infrastructures
      • Tools
      • References
    • Scanning
      • Detect Live Hosts and Ports
      • Service and OS detection
      • Firewall/IDS Evasion
      • References
    • Enumeration
      • NetBIOS
      • SNMP
      • References
    • Sniffing and MitM Attacks
      • What is Sniffing
      • Sniffing in Action
      • Basic of ARP
      • Sniffing Tools
      • Man in the Middle Attacks
      • Attacking Tools
      • Intercepting SSL Traffic
      • References
    • Exploitation
      • Vulnerability Assessment
      • Low Hanging Fruits
      • Exploitation
      • References
    • Post Exploitation
      • Privilege Escalation and Maintaining Access
      • Pillaging / Data Harvesting
      • Mapping the internal network
      • Exploitation through Pivoting
      • References
    • Anonymity
      • Browsing Anonymously
      • Tunneling for Anonymity
      • References
    • Social Engineering
      • Types of Social Engineering
      • Samples of Social Engineering Attacks
      • Pretexting Samples
      • Tools
      • References
  • 3-Powershell for Pentesters
    • Introduction
      • Why PowerShell ?
      • References
    • PowerShell Fundamentals
      • Cmdlets
      • Modules
      • Scripts
      • Objects
      • References
    • Offensive PowerShell
      • Downloading & Execution
      • Obfuscation
      • Information Gathering & Recon
      • Post-Exploitation With Powershell
      • References
Powered by GitBook
On this page

Was this helpful?

  1. 1-System Security

Cryptography and Password Cracking

PreviousReferencesNextCryptography Hash Function

Last updated 4 years ago

Was this helpful?

1. Classification

Classification of algorithms:

  1. Based on Cryptography

  • Symmetric Cryptography (DES/3DES, AES. RC4, Blowfish, Caesar's, etc.) Both sender and receiver share the same key

  • Public-Key / Asymmetric Cryptography Sender and receiver uses different keys, public-key (for encrypting) and private-key (for decrypting).

    When a message is encrypted using Bob's public key, only Bob's private key will be able to decrypt the message.

    Public and private key are from prime number's however private key cannot be derived from public key. It is based on the factorization mathematical problem (harder to find a factor of something than to create a number by multiplying its factors).

  1. Based on How Plaintext in Handled

  • Block Cipher (DES, AES, etc.) Data is handled in blocks (say chunks of 8 bytes)

    Simple block ciphers can be used din a number of modes, we will explain 2 very basis modes:

    • ECB (Electronic Code Book) In this mode, the message is divided into blocks and each block is encrypted separately.

      This makes ciphertext analysis much easier because identical plaintext blocks are encrypted into identical ciphertext blocks.

      This mode is deprecated

    • CBC (Cipher Block Chaining) In this mode, each ciphertext block is derived from the previous block as well. An initialization vector is used for the first block.

  • Stream Cipher (RC4, A5/1, etc.) Data is handled 1 byte at a time

mathematically derived