📔
Notes
  • Notes
  • Starting with (n)vim
  • Bluetooth
  • Hacking boot2root/ OSCP notes
  • Capture the flag(CTF)
    • Commonly Used Tools
    • Web
    • Cryptography
    • Forensics
  • Making a boot2root VM
    • Important rules
    • [General things](VM/Make boot2root VM.md)
    • Setting Systemd services
    • Setting fail2ban
  • BugBounty notes for Android
    • General
    • Adb/drozer commands
    • Intents
    • Permissions
    • Activities
    • Broadcast Receivers
    • Content Providers
    • Services
  • BugBounty notes for WEB
    • Authentication
    • CORS
    • General Web
    • HTTP Parameter poisoning
    • IDOR
    • graphql
  • Age of Empires IV
    • Age Of Empires
    • Build Orders
      • English Civ
    • Sheep scouting
Powered by GitBook
On this page
  • Basic Ciphers
  • XOR
  • AES
  • ECB
  1. Capture the flag(CTF)

Cryptography

PreviousWebNextForensics

Last updated 3 years ago

This is kinda weird category because either this will contain very simple challenges like decoding bases, solvig ciphers like caesar, subsititution or this will have challenges that will require a very good understanding for Mathematics.

Basic Ciphers

These type of challenges can contain very basic ciphers to be decoded using online tools. Like decode the given caesar cipher or the vignere cipher etc

All this can be done by using simple online tools.

My goto tools are:

  • For caesar cipher

  • For Vignere cipher:

  • rot:

  • Substituion:

  • If you have no clue what the given cipher is then you can use the following:

      • Don't use it if the given cipher contains lot of number.

      • It usually ignores number.

      • Differentiate between vignere, substitution.

For all the other type of cipher just look it on www.dcode.fr It's got lot of decoders.

XOR

Xor challenges are also very common in CTF. In some challenges might be directly about XOR like decode/brute-force the given xor cipher or in some challenges you might encounter XOR cipher as the final step or the starting step. In any case mostly you might have to bruteforce the cipher.

AES

ECB

So ECB is the mode which is generate a kind of pattern in it's encyrtion. Say we are using ECB for cookie purpose in a website now what we can do is register a user with name something like aaaaa and then take out the cookie. Then we can register a user with name like aaaaaadmin. Usually the auth cookie is specific to a user and envolves a user's name. Now say if it contains a pattern like username <somerandom junk> passwords <maybe again some junk>.

What we can do here is that we can find patterns by looking at the hex of the cookie. That would usually give away what kind of junk does the application uses. Once we have found the pattern or the number of bytes or padding we can make a cookie for the admin user and get the access. EX: https://pentesterlab.com/exercises/ecb/course

caesar-cipher
vigenere-solver
https://www.dcode.fr/rot-cipher
https://www.guballa.de/substitution-solver
quipqiup
I.C calculator