Some Crypto Notes

So here are some cryptography notes for myself for various tests and things I have to study for.

Terms to know:

Stream Ciphers – This is a class of cipher that encrypts one bit of data at a time. The length of the encrypted text is the same length as the plain text content.  Types of Stream cciphers: RC4, A5/I, E0, VEST, Salsa20, etc.

Block Ciphers -Encrypts data one block at a time. When the data given is an uneven length, then it is padded at the end to create an even block length. PKCS5 or PKCS7 are typically used to pad the data for any uneven blocks. Example Block ciphers: AES, DES, 3DES, Blowfish, Twofish, etc.

Block Cipher Modes:

  • Electronic Codebook
  • Cipher Block Chaining Mode – a plaintext block of data is XOR’ed with the output of the previous cipher text block before it is encrypted. This is an effort to add randomness to each encryption operation and prevent duplicate blocks.
  • Cipher Feedback
  • Output Feedback
  • Counter – A block cipher acting as a stream cipher in a small way. The IV is concatenated with a counter value that represents the input for the algorithm,

 

Analysis:

ent – pseudo random number sequence test  “sudo apt-get install ent

tcpick – This can track, reassemble and reorder TCP streams. Only TCP though, so maybe scapy is a better way to go.

Practice Machines

Here are some extra places you can get target VMs from:

Other Operating Systems:

  • Open Indiana – Community-driven Illumos Distribution
  • XStreamOS – A Server and Desktop OS based on the Illumos kernel.
  • Open Solaris – An Open version of Solaris for you to play around with. You have to create or have an Oracle account to download these. The accounts are free to setup.
  • Android-x86 – Run the Android OS on your PC
  • Pure Darwin – emulates a Mac OS X environment

Course Review: InSEC Techs Metasploit training

Enroll for $110.

Nothing really original here. There are a lot of similar courses available, and I didn’t find anything that really separates this from other courses. Generally I would recommend that you work through this or this, rather than spend the money on this course. Also I should mention that Cybrary has some options that are better than this, IMO. There is mention that the course will follow the PTES standard, but I really did not see it.

OK, on to the review………..

Auxiliary Modules: We do one scan. One SYN scan of Meatsploitable. No other types of port scans, no other port scanning tools that we can import into MSF.  No specific auxiliary modules like SNMP, SMTP, SMB, FTP, SSH, etc. just one lowly port scan.

From there we went into Exploits right away, with specific modules on excellent exploits, good ranking exploits, and normal ranking exploits. All in all, there were 4 videos that discussed the exploit ranking system. Yikes! I can understand how someone might take a little time to understand that concept. Not 4 videos, especially when I am paying for the course. (disclosure: I didn’t actually pay for this, it was purchased for me.) (Also note: all of a sudden we have a windows machine we are attacking. No mentioned of that in setting up a lab. Not even the free temp machines you can use found here.

The only form of vulnerability analysis was running a Nessus scan, and then importing it into MSF. In the exploit ranking videos, they show using the exploits, with no indication of how they knew to run that specific exploit. I get it, that it is a staged environment, this is still something you should teach a new learner.

On changing the MAC attributes, I am not certain. I was taught it is the MACE attributes.

There are tons of videos on building a payload, and running it. One for with a firewall and one, without. One for PDF files, one for Word files, etc. etc. However, there is only a single lesson on what to do once you have access to the host, and this was with Armitage. No command line ideas, only how to do it in a GUI. Nothing on how to look for information on the host to further exploit the network and environment. Nothing on how to find important files, places to look for passwords, or even how to perform a privilege escalation attack if needed to further exploit a host. These are all important items to know when using metasploit.

Final Verdict: Stay Away

There are other courses that are better than this.