HackTricksCrypto CTFs Tricks
Reading time: 6 minutes
tip
Jifunze na fanya mazoezi ya AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: 
HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za udukuzi kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.
Online Hashes DBs
- Google it
- http://hashtoolkit.com/reverse-hash?hash=4d186321c1a7f0f354b297e8914ab240
- https://www.onlinehashcrack.com/
- https://crackstation.net/
- https://md5decrypt.net/
- https://www.onlinehashcrack.com
- https://gpuhash.me/
- https://hashes.org/search.php
- https://www.cmd5.org/
- https://hashkiller.co.uk/Cracker/MD5
- https://www.md5online.org/md5-decrypt.html
Magic Autosolvers
- https://github.com/Ciphey/Ciphey
- https://gchq.github.io/CyberChef/ (Magic module)
- https://github.com/dhondta/python-codext
- https://www.boxentriq.com/code-breaking
Encoders
Sehemu kubwa ya data iliyokodishwa inaweza kufichuliwa kwa kutumia rasilimali hizi 2:
Substitution Autosolvers
Caesar - ROTx Autosolvers
Atbash Cipher
Base Encodings Autosolver
Angalia hizi zote za msingi na: https://github.com/dhondta/python-codext
- Ascii85
BQ%]q@psCd@rH0l- Base26 [A-Z]
BQEKGAHRJKHQMVZGKUXNT- Base32 [A-Z2-7=]
NBXWYYLDMFZGCY3PNRQQ====- Zbase32 [ybndrfg8ejkmcpqxot1uwisza345h769]
pbzsaamdcf3gna5xptoo====- Base32 Geohash [0-9b-hjkmnp-z]
e1rqssc3d5t62svgejhh====- Base32 Crockford [0-9A-HJKMNP-TV-Z]
D1QPRRB3C5S62RVFDHGG====- Base32 Extended Hexadecimal [0-9A-V]
D1NMOOB3C5P62ORFDHGG====- Base45 [0-9A-Z $%*+-./:]
59DPVDGPCVKEUPCPVD- Base58 (bitcoin) [1-9A-HJ-NP-Za-km-z]
2yJiRg5BF9gmsU6AC- Base58 (flickr) [1-9a-km-zA-HJ-NP-Z]
2YiHqF5bf9FLSt6ac- Base58 (ripple) [rpshnaf39wBUDNEGHJKLM4PQ-T7V-Z2b-eCg65jkm8oFqi1tuvAxyz]
pyJ5RgnBE9gm17awU- Base62 [0-9A-Za-z]
g2AextRZpBKRBzQ9- Base64 [A-Za-z0-9+/=]
aG9sYWNhcmFjb2xh- Base67 [A-Za-z0-9-.!~_]
NI9JKX0cSUdqhr!p- Base85 (Ascii85) [!"#$%&'()*+,-./0-9:;<=>?@A-Z[\]^_`a-u]
BQ%]q@psCd@rH0l- Base85 (Adobe) [!"#$%&'()*+,-./0-9:;<=>?@A-Z[\]^_`a-u]
<~BQ%]q@psCd@rH0l~>- Base85 (IPv6 or RFC1924) [0-9A-Za-z!#$%&()*+-;<=>?@^`{|}~_]
Xm4yV_|Y(V{dF>`- Base85 (xbtoa) [!"#$%&'()*+,-./0-9:;<=>?@A-Z[\]^_`a-u]
xbtoa Begin\nBQ%]q@psCd@rH0l\nxbtoa End N 12 c E 1a S 4e6 R 6991d- Base85 (XML) [_0-9A-Za-y!#$()*+,-./:;=?@^`{|}~z__]
Xm4y|V{~Y+V}dF?- Base91 [A-Za-z0-9!#$%&()*+,./:;<=>?@[]^_`{|}~"]
frDg[*jNN!7&BQM- Base100 []
👟👦👣👘👚👘👩👘👚👦👣👘- Base122 []
4F ˂r0Xmvc- ATOM-128 [/128GhIoPQROSTeUbADfgHijKLM+n0pFWXY456xyzB7=39VaqrstJklmNuZvwcdEC]
MIc3KiXa+Ihz+lrXMIc3KbCC- HAZZ15 [HNO4klm6ij9n+J2hyf0gzA8uvwDEq3X1Q7ZKeFrWcVTts/MRGYbdxSo=ILaUpPBC5]
DmPsv8J7qrlKEoY7- MEGAN35 [3G-Ub=c-pW-Z/12+406-9Vaq-zA-F5]
kLD8iwKsigSalLJ5- ZONG22 [ZKj9n+yf0wDVX1s/5YbdxSo=ILaUpPBCHg8uvNO4klm6iJGhQ7eFrWczAMEq3RTt2]
ayRiIo1gpO+uUc7g- ESAB46 []
3sHcL2NR8WrT7mhR- MEGAN45 []
kLD8igSXm2KZlwrX- TIGO3FX []
7AP9mIzdmltYmIP9mWXX- TRIPO5 []
UE9vSbnBW6psVzxB- FERON74 []
PbGkNudxCzaKBm0x- GILA7 []
D+nkv8C1qIKMErY1- Citrix CTX1 []
MNGIKCAHMOGLKPAKMMGJKNAINPHKLOBLNNHILCBHNOHLLPBK
http://k4.cba.pl/dw/crypo/tools/eng_atom128c.html - 404 Dead: https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html
HackerizeXS [╫Λ↻├☰┏]
╫☐↑Λ↻Λ┏Λ↻☐↑Λ
- http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html - 404 Kufa: https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html
Morse
.... --- .-.. -.-. .- .-. .- -.-. --- .-.. .-
UUencoder
begin 644 webutils_pl
M2$],04A/3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/3$%(
M3TQ!2$],04A/3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/
F3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/3$$`
`
end
XXEncoder
begin 644 webutils_pl
hG2xAEIVDH236Hol-G2xAEIVDH236Hol-G2xAEIVDH236Hol-G2xAEIVDH236
5Hol-G2xAEE++
end
YEncoder
=ybegin line=128 size=28 name=webutils_pl
ryvkryvkryvkryvkryvkryvkryvk
=yend size=28 crc32=35834c86
BinHex
(This file must be converted with BinHex 4.0)
:#hGPBR9dD@acAh"X!$mr2cmr2cmr!!!!!!!8!!!!!-ka5%p-38K26%&)6da"5%p
-38K26%'d9J!!:
ASCII85
<~85DoF85DoF85DoF85DoF85DoF85DoF~>
Kibodi ya Dvorak
drnajapajrna
A1Z26
Herufi kwa thamani yao ya nambari
8 15 12 1 3 1 18 1 3 15 12 1
Affine Cipher Encode
Herufi kwa nambari (ax+b)%26 (a na b ni funguo na x ni herufi) na matokeo kurudi kwa herufi
krodfdudfrod
SMS Code
Multitap inabadilisha herufi kwa nambari zinazojirudia zilizofafanuliwa na nambari husika kwenye keypad ya simu (Hali hii inatumika wakati wa kuandika SMS).
Kwa mfano: 2=A, 22=B, 222=C, 3=D...
Unaweza kutambua msimbo huu kwa sababu utaona** nambari kadhaa zinazojirudia**.
Unaweza kufungua msimbo huu katika: https://www.dcode.fr/multitap-abc-cipher
Bacon Code
Badilisha kila herufi kwa A nne au B nne (au 1s na 0s)
00111 01101 01010 00000 00010 00000 10000 00000 00010 01101 01010 00000
AABBB ABBAB ABABA AAAAA AAABA AAAAA BAAAA AAAAA AAABA ABBAB ABABA AAAAA
Runes
Compression
Raw Deflate na Raw Inflate (unaweza kuzipata zote katika Cyberchef) zinaweza kubana na kufungua data bila vichwa.
Easy Crypto
XOR - Autosolver
Bifid
Neno la ufunguo linahitajika
fgaargaamnlunesuneoa
Vigenere
Inahitajika neno muhimu
wodsyoidrods
- https://www.guballa.de/vigenere-solver
- https://www.dcode.fr/vigenere-cipher
- https://www.mygeocachingprofile.com/codebreaker.vigenerecipher.aspx
Crypto Imara
Fernet
2 base64 strings (token na ufunguo)
Token:
gAAAAABWC9P7-9RsxTz_dwxh9-O2VUB7Ih8UCQL1_Zk4suxnkCvb26Ie4i8HSUJ4caHZuiNtjLl3qfmCv_fS3_VpjL7HxCz7_Q==
Key:
-s6eI5hyNh8liH7Gq0urPC-vzPgNnxauKvRO4g03oYI=
Samir Secret Sharing
Siri inagawanywa katika sehemu X na ili kuirejesha unahitaji sehemu Y (Y <=X).
8019f8fa5879aa3e07858d08308dc1a8b45
80223035713295bddf0b0bd1b10a5340b89
803bc8cf294b3f83d88e86d9818792e80cd
http://christian.gen.co/secrets/
OpenSSL brute-force
Tools
- https://github.com/Ganapati/RsaCtfTool
- https://github.com/lockedbyte/cryptovenom
- https://github.com/nccgroup/featherduster
tip
Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za udukuzi kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.