hacktricks/cryptography/crypto-ctfs-tricks.md
Carlos Polop f0447c9b2e arte
2024-01-16 23:09:51 +01:00

12 KiB
Raw Blame History

Crypto CTFs Tricks

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

Online Hashes DBs

Magic Autosolvers

Encoders

Most of encoded data can be decoded with these 2 ressources:

Substitution Autosolvers

Caesar - ROTx Autosolvers

Atbash Cipher

Base Encodings Autosolver

Check all these bases with: https://github.com/dhondta/python-codext

  • Ascii85
    • BQ%]q@psCd@rH0l
  • Base26 [A-Z]
    • BQEKGAHRJKHQMVZGKUXNT
  • Base32 [A-Z2-7=]
    • NBXWYYLDMFZGCY3PNRQQ====
  • Zbase32 [ybndrfg8ejkmcpqxot1uwisza345h769]
    • pbzsaamdcf3gna5xptoo====
  • Base32 Geohash [0-9b-hjkmnp-z]
    • e1rqssc3d5t62svgejhh====
  • Base32 Crockford [0-9A-HJKMNP-TV-Z]
    • D1QPRRB3C5S62RVFDHGG====
  • Base32 Extended Hexadecimal [0-9A-V]
    • D1NMOOB3C5P62ORFDHGG====
  • Base45 [0-9A-Z $%*+-./:]
    • 59DPVDGPCVKEUPCPVD
  • Base58 (bitcoin) [1-9A-HJ-NP-Za-km-z]
    • 2yJiRg5BF9gmsU6AC
  • Base58 (flickr) [1-9a-km-zA-HJ-NP-Z]
    • 2YiHqF5bf9FLSt6ac
  • Base58 (ripple) [rpshnaf39wBUDNEGHJKLM4PQ-T7V-Z2b-eCg65jkm8oFqi1tuvAxyz]
    • pyJ5RgnBE9gm17awU
  • Base62 [0-9A-Za-z]
    • g2AextRZpBKRBzQ9
  • Base64 [A-Za-z0-9+/=]
    • aG9sYWNhcmFjb2xh
  • Base67 [A-Za-z0-9-.!~_]
    • NI9JKX0cSUdqhr!p
  • Base85 (Ascii85) [!"#$%&'()*+,-./0-9:;<=>?@A-Z[\]^_`a-u]
    • BQ%]q@psCd@rH0l
  • Base85 (Adobe) [!"#$%&'()*+,-./0-9:;<=>?@A-Z[\]^_`a-u]
    • <~BQ%]q@psCd@rH0l~>
  • Base85 (IPv6 or RFC1924) [0-9A-Za-z!#$%&()*+-;<=>?@^`{|}~_]
    • Xm4yV_|Y(V{dF>`
  • Base85 (xbtoa) [!"#$%&'()*+,-./0-9:;<=>?@A-Z[\]^_`a-u]
    • xbtoa Begin\nBQ%]q@psCd@rH0l\nxbtoa End N 12 c E 1a S 4e6 R 6991d
  • Base85 (XML) [0-9A-Za-y!#$()*+,-./:;=?@^`{|}~z_]
    • Xm4y|V{~Y+V}dF?
  • Base91 [A-Za-z0-9!#$%&()*+,./:;<=>?@[]^_`{|}~"]
    • frDg[*jNN!7&BQM
  • Base100 []
    • 👟👦👣👘👚👘👩👘👚👦👣👘
  • Base122 []
    • 4F ˂r0Xmvc
  • ATOM-128 [/128GhIoPQROSTeUbADfgHijKLM+n0pFWXY456xyzB7=39VaqrstJklmNuZvwcdEC]
    • MIc3KiXa+Ihz+lrXMIc3KbCC
  • HAZZ15 [HNO4klm6ij9n+J2hyf0gzA8uvwDEq3X1Q7ZKeFrWcVTts/MRGYbdxSo=ILaUpPBC5]
    • DmPsv8J7qrlKEoY7
  • MEGAN35 [3G-Ub=c-pW-Z/12+406-9Vaq-zA-F5]
    • kLD8iwKsigSalLJ5
  • ZONG22 [ZKj9n+yf0wDVX1s/5YbdxSo=ILaUpPBCHg8uvNO4klm6iJGhQ7eFrWczAMEq3RTt2]
    • ayRiIo1gpO+uUc7g
  • ESAB46 []
    • 3sHcL2NR8WrT7mhR
  • MEGAN45 []
    • kLD8igSXm2KZlwrX
  • TIGO3FX []
    • 7AP9mIzdmltYmIP9mWXX
  • TRIPO5 []
    • UE9vSbnBW6psVzxB
  • FERON74 []
    • PbGkNudxCzaKBm0x
  • GILA7 []
    • D+nkv8C1qIKMErY1
  • Citrix CTX1 []
    • MNGIKCAHMOGLKPAKMMGJKNAINPHKLOBLNNHILCBHNOHLLPBK

http://k4.cba.pl/dw/crypo/tools/eng_atom128c.html - 404 Dead: https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html

HackerizeXS [╫Λ↻├☰┏]

╫☐↑Λ↻Λ┏Λ↻☐↑Λ

Morse

.... --- .-.. -.-. .- .-. .- -.-. --- .-.. .-

UUencoder

begin 644 webutils_pl
M2$],04A/3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/3$%(
M3TQ!2$],04A/3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/
F3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/3$$`
`
end

XXEncoder

begin 644 webutils_pl
hG2xAEIVDH236Hol-G2xAEIVDH236Hol-G2xAEIVDH236Hol-G2xAEIVDH236
5Hol-G2xAEE++
end

YEncoder

=ybegin line=128 size=28 name=webutils_pl
ryvkryvkryvkryvkryvkryvkryvk
=yend size=28 crc32=35834c86

BinHex

(This file must be converted with BinHex 4.0)
:#hGPBR9dD@acAh"X!$mr2cmr2cmr!!!!!!!8!!!!!-ka5%p-38K26%&)6da"5%p
-38K26%'d9J!!:

ASCII85

<~85DoF85DoF85DoF85DoF85DoF85DoF~>

Dvorak keyboard

drnajapajrna

A1Z26

Letters to their numerical value

8 15 12 1 3 1 18 1 3 15 12 1

Affine Cipher Encode

Letter to num (ax+b)%26 (a and b are the keys and x is the letter) and the result back to letter

krodfdudfrod

SMS Code

Multitap replaces a letter by repeated digits defined by the corresponding key code on a mobile phone keypad (This mode is used when writing SMS).
For example: 2=A, 22=B, 222=C, 3=D...
You can identify this code because you will see** several numbers repeated**.

You can decode this code in: https://www.dcode.fr/multitap-abc-cipher

Bacon Code

Substitude each letter for 4 As or Bs (or 1s and 0s)

00111 01101 01010 00000 00010 00000 10000 00000 00010 01101 01010 00000
AABBB ABBAB ABABA AAAAA AAABA AAAAA BAAAA AAAAA AAABA ABBAB ABABA AAAAA

Runes

Compression

Raw Deflate and Raw Inflate (you can find both in Cyberchef) can compress and decompress data without headers.

Easy Crypto

XOR - Autosolver

Bifid

A keywork is needed

fgaargaamnlunesuneoa

Vigenere

A keywork is needed

wodsyoidrods

Strong Crypto

Fernet

2 base64 strings (token and key)

Token:
gAAAAABWC9P7-9RsxTz_dwxh9-O2VUB7Ih8UCQL1_Zk4suxnkCvb26Ie4i8HSUJ4caHZuiNtjLl3qfmCv_fS3_VpjL7HxCz7_Q==

Key:
-s6eI5hyNh8liH7Gq0urPC-vzPgNnxauKvRO4g03oYI=

Samir Secret Sharing

A secret is splitted in X parts and to recover it you need Y parts (Y <=X).

8019f8fa5879aa3e07858d08308dc1a8b45
80223035713295bddf0b0bd1b10a5340b89
803bc8cf294b3f83d88e86d9818792e80cd

http://christian.gen.co/secrets/

OpenSSL brute-force

Tools

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks: