12 KiB
Crypto CTFs Tricks
🎙️ HackTricks LIVE Twitch Wednesdays 5.30pm (UTC) 🎙️ - 🎥 Youtube 🎥
-
Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access to the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!
-
Discover The PEASS Family, our collection of exclusive NFTs
-
Get the official PEASS & HackTricks swag
-
Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.
-
Share your hacking tricks by submitting PRs to the hacktricks repo and hacktricks-cloud repo.
Online Hashes DBs
- Google it
- http://hashtoolkit.com/reverse-hash?hash=4d186321c1a7f0f354b297e8914ab240
- https://www.onlinehashcrack.com/
- https://crackstation.net/
- https://md5decrypt.net/
- https://www.onlinehashcrack.com
- https://gpuhash.me/
- https://hashes.org/search.php
- https://www.cmd5.org/
- https://hashkiller.co.uk/Cracker/MD5
- https://www.md5online.org/md5-decrypt.html
Magic Autosolvers
- https://github.com/Ciphey/Ciphey
- https://gchq.github.io/CyberChef/ (Magic module)
- https://github.com/dhondta/python-codext
- https://www.boxentriq.com/code-breaking
Encoders
Most of encoded data can be decoded with these 2 ressources:
Substitution Autosolvers
Caesar - ROTx Autosolvers
Atbash Cipher
Base Encodings Autosolver
Check all these bases with: https://github.com/dhondta/python-codext
- Ascii85
BQ%]q@psCd@rH0l
- Base26 [A-Z]
BQEKGAHRJKHQMVZGKUXNT
- Base32 [A-Z2-7=]
NBXWYYLDMFZGCY3PNRQQ====
- Zbase32 [ybndrfg8ejkmcpqxot1uwisza345h769]
pbzsaamdcf3gna5xptoo====
- Base32 Geohash [0-9b-hjkmnp-z]
e1rqssc3d5t62svgejhh====
- Base32 Crockford [0-9A-HJKMNP-TV-Z]
D1QPRRB3C5S62RVFDHGG====
- Base32 Extended Hexadecimal [0-9A-V]
D1NMOOB3C5P62ORFDHGG====
- Base45 [0-9A-Z $%*+-./:]
59DPVDGPCVKEUPCPVD
- Base58 (bitcoin) [1-9A-HJ-NP-Za-km-z]
2yJiRg5BF9gmsU6AC
- Base58 (flickr) [1-9a-km-zA-HJ-NP-Z]
2YiHqF5bf9FLSt6ac
- Base58 (ripple) [rpshnaf39wBUDNEGHJKLM4PQ-T7V-Z2b-eCg65jkm8oFqi1tuvAxyz]
pyJ5RgnBE9gm17awU
- Base62 [0-9A-Za-z]
g2AextRZpBKRBzQ9
- Base64 [A-Za-z0-9+/=]
aG9sYWNhcmFjb2xh
- Base67 [A-Za-z0-9-.!~_]
NI9JKX0cSUdqhr!p
- Base85 (Ascii85) [!"#$%&'()*+,-./0-9:;<=>?@A-Z[\]^_`a-u]
BQ%]q@psCd@rH0l
- Base85 (Adobe) [!"#$%&'()*+,-./0-9:;<=>?@A-Z[\]^_`a-u]
<~BQ%]q@psCd@rH0l~>
- Base85 (IPv6 or RFC1924) [0-9A-Za-z!#$%&()*+-;<=>?@^`{|}~_]
Xm4y
V_|Y(V{dF>`
- Base85 (xbtoa) [!"#$%&'()*+,-./0-9:;<=>?@A-Z[\]^_`a-u]
xbtoa Begin\nBQ%]q@psCd@rH0l\nxbtoa End N 12 c E 1a S 4e6 R 6991d
- Base85 (XML) [0-9A-Za-y!#$()*+,-./:;=?@^`{|}~z_]
Xm4y|V{~Y+V}dF?
- Base91 [A-Za-z0-9!#$%&()*+,./:;<=>?@[]^_`{|}~"]
frDg[*jNN!7&BQM
- Base100 []
👟👦👣👘👚👘👩👘👚👦👣👘
- Base122 []
4F ˂r0Xmvc
- ATOM-128 [/128GhIoPQROSTeUbADfgHijKLM+n0pFWXY456xyzB7=39VaqrstJklmNuZvwcdEC]
MIc3KiXa+Ihz+lrXMIc3KbCC
- HAZZ15 [HNO4klm6ij9n+J2hyf0gzA8uvwDEq3X1Q7ZKeFrWcVTts/MRGYbdxSo=ILaUpPBC5]
DmPsv8J7qrlKEoY7
- MEGAN35 [3G-Ub=c-pW-Z/12+406-9Vaq-zA-F5]
kLD8iwKsigSalLJ5
- ZONG22 [ZKj9n+yf0wDVX1s/5YbdxSo=ILaUpPBCHg8uvNO4klm6iJGhQ7eFrWczAMEq3RTt2]
ayRiIo1gpO+uUc7g
- ESAB46 []
3sHcL2NR8WrT7mhR
- MEGAN45 []
kLD8igSXm2KZlwrX
- TIGO3FX []
7AP9mIzdmltYmIP9mWXX
- TRIPO5 []
UE9vSbnBW6psVzxB
- FERON74 []
PbGkNudxCzaKBm0x
- GILA7 []
D+nkv8C1qIKMErY1
- Citrix CTX1 []
MNGIKCAHMOGLKPAKMMGJKNAINPHKLOBLNNHILCBHNOHLLPBK
http://k4.cba.pl/dw/crypo/tools/eng_atom128c.html - 404 Dead: https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html
HackerizeXS [╫Λ↻├☰┏]
╫☐↑Λ↻Λ┏Λ↻☐↑Λ
- http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html - 404 Dead: https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html
Morse
.... --- .-.. -.-. .- .-. .- -.-. --- .-.. .-
UUencoder
begin 644 webutils_pl
M2$],04A/3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/3$%(
M3TQ!2$],04A/3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/
F3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/3$$`
`
end
XXEncoder
begin 644 webutils_pl
hG2xAEIVDH236Hol-G2xAEIVDH236Hol-G2xAEIVDH236Hol-G2xAEIVDH236
5Hol-G2xAEE++
end
YEncoder
=ybegin line=128 size=28 name=webutils_pl
ryvkryvkryvkryvkryvkryvkryvk
=yend size=28 crc32=35834c86
BinHex
(This file must be converted with BinHex 4.0)
:#hGPBR9dD@acAh"X!$mr2cmr2cmr!!!!!!!8!!!!!-ka5%p-38K26%&)6da"5%p
-38K26%'d9J!!:
ASCII85
<~85DoF85DoF85DoF85DoF85DoF85DoF~>
Dvorak keyboard
drnajapajrna
A1Z26
Letters to their numerical value
8 15 12 1 3 1 18 1 3 15 12 1
Affine Cipher Encode
Letter to num (ax+b)%26
(a and b are the keys and x is the letter) and the result back to letter
krodfdudfrod
SMS Code
Multitap replaces a letter by repeated digits defined by the corresponding key code on a mobile phone keypad (This mode is used when writing SMS).
For example: 2=A, 22=B, 222=C, 3=D...
You can identify this code because you will see** several numbers repeated**.
You can decode this code in: https://www.dcode.fr/multitap-abc-cipher
Bacon Code
Substitude each letter for 4 As or Bs (or 1s and 0s)
00111 01101 01010 00000 00010 00000 10000 00000 00010 01101 01010 00000
AABBB ABBAB ABABA AAAAA AAABA AAAAA BAAAA AAAAA AAABA ABBAB ABABA AAAAA
Runes
Compression
Raw Deflate and Raw Inflate (you can find both in Cyberchef) can compress and decompress data without headers.
Easy Crypto
XOR - Autosolver
Bifid
A keywork is needed
fgaargaamnlunesuneoa
Vigenere
A keywork is needed
wodsyoidrods
- https://www.guballa.de/vigenere-solver
- https://www.dcode.fr/vigenere-cipher
- https://www.mygeocachingprofile.com/codebreaker.vigenerecipher.aspx
Strong Crypto
Fernet
2 base64 strings (token and key)
Token:
gAAAAABWC9P7-9RsxTz_dwxh9-O2VUB7Ih8UCQL1_Zk4suxnkCvb26Ie4i8HSUJ4caHZuiNtjLl3qfmCv_fS3_VpjL7HxCz7_Q==
Key:
-s6eI5hyNh8liH7Gq0urPC-vzPgNnxauKvRO4g03oYI=
Samir Secret Sharing
A secret is splitted in X parts and to recover it you need Y parts (Y <=X).
8019f8fa5879aa3e07858d08308dc1a8b45
80223035713295bddf0b0bd1b10a5340b89
803bc8cf294b3f83d88e86d9818792e80cd
http://christian.gen.co/secrets/
OpenSSL brute-force
Tools
- https://github.com/Ganapati/RsaCtfTool
- https://github.com/lockedbyte/cryptovenom
- https://github.com/nccgroup/featherduster
🎙️ HackTricks LIVE Twitch Wednesdays 5.30pm (UTC) 🎙️ - 🎥 Youtube 🎥
-
Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access to the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!
-
Discover The PEASS Family, our collection of exclusive NFTs
-
Get the official PEASS & HackTricks swag
-
Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.
-
Share your hacking tricks by submitting PRs to the hacktricks repo and hacktricks-cloud repo.