{"id":2615,"date":"2021-12-27T00:47:19","date_gmt":"2021-12-27T00:47:19","guid":{"rendered":"https:\/\/dft.wiki\/?p=2615"},"modified":"2022-01-10T01:40:38","modified_gmt":"2022-01-10T01:40:38","slug":"rsa-cheat-sheet","status":"publish","type":"post","link":"https:\/\/dft.wiki\/?p=2615","title":{"rendered":"RSA Cheat Sheet"},"content":{"rendered":"<p><strong>RSA<\/strong> is an <strong>asymmetric<\/strong> cryptosystem that used public and private key pairs.<\/p>\n<ul>\n<li>Key Terms<\/li>\n<li>Encrypt \/ Decrypt<\/li>\n<li>Popular Tools<\/li>\n<li>Known Vulnerabilities\n<ul>\n<li>Common Modulus<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<hr \/>\n<p>Key <strong>terms<\/strong> for crypto:<\/p>\n<ul>\n<li>Ciphertext &#8211; the encrypted data.<\/li>\n<li><span style=\"font-size: 1rem;\">Cipher &#8211; method of encrypting or decrypting data.<\/span><\/li>\n<li><span style=\"font-size: 1rem;\">Plaintext &#8211; the data before encryption.<\/span><\/li>\n<li><span style=\"font-size: 1rem;\">Encoding &#8211; a form of data representation, not encryption.<\/span><\/li>\n<li><span style=\"font-size: 1rem;\">Key &#8211; a piece of information needed to decrypt.<\/span><\/li>\n<li><span style=\"font-size: 1rem;\">Passphrase\/password &#8211; used to protect a key.<\/span><\/li>\n<li><span style=\"font-size: 1rem;\">Cryptanalysis &#8211; attacking cryptography with math.<\/span><\/li>\n<li><span style=\"font-size: 1rem;\">Elliptic Curve Cryptography (ECC) &#8211; a more efficient encryption method than RSA.<\/span><\/li>\n<\/ul>\n<hr \/>\n<p>Encrypt:<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2618\" src=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2021\/12\/formulas-rsa.drawio-2.png\" alt=\"\" width=\"168\" height=\"40\" \/>Decrypt:<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2619\" src=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2021\/12\/formulas-rsa.drawio-3.png\" alt=\"\" width=\"168\" height=\"40\" \/><\/p>\n<p>Note:<\/p>\n<ul>\n<li><strong><span style=\"color: #3366ff;\">n<\/span><\/strong> is the <strong>modulus<\/strong>, and it is common on public and private keys.<\/li>\n<li>The public key is <strong><span style=\"color: #339966;\">e<\/span><\/strong> and <strong><span style=\"color: #3366ff;\">n<\/span><\/strong>.\n<ul>\n<li><strong><span style=\"color: #339966;\">e<\/span><\/strong> is the public exponent or <strong>encryption exponent<\/strong>.<\/li>\n<\/ul>\n<\/li>\n<li>The private key is <span style=\"color: #ff0000;\">d<\/span> and <span style=\"color: #3366ff;\"><strong>n<\/strong><\/span>.\n<ul>\n<li><span style=\"color: #ff0000;\">d<\/span> is the private exponent or <strong>decryption exponent<\/strong>.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Where:<\/p>\n<ul>\n<li><strong><span style=\"color: #3366ff;\">n<\/span><\/strong> = <strong>p<\/strong> * <strong>q<\/strong>\n<ul>\n<li><strong>p<\/strong> and <strong>q<\/strong> are large prime numbers.<\/li>\n<li><span style=\"color: #3366ff;\"><strong>n<\/strong> <\/span>is a number.<\/li>\n<\/ul>\n<\/li>\n<li><strong>m<\/strong> is the message.\n<ul>\n<li><strong>Not encrypted<\/strong> data.<\/li>\n<\/ul>\n<\/li>\n<li><strong>c<\/strong> is the cyphertext.\n<ul>\n<li><strong>Encrypted<\/strong> data.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>The inverse is also true: the public key can decrypt if the data was encrypted with the private key.<\/p>\n<p>Additionally: in <strong>a mod b = c<\/strong>, the value <strong>c<\/strong> is the reminder of the division of <strong>a<\/strong> by <strong>b<\/strong>.<\/p>\n<hr \/>\n<p>Popular tools for solving RSA crypto challenges in CTFs.<\/p>\n<ul>\n<li>RsaCtfTools [<a href=\"https:\/\/github.com\/Ganapati\/RsaCtfTool\">Link<\/a>].<\/li>\n<li>RSATools [<a href=\"https:\/\/github.com\/ius\/rsatool\">Link<\/a>].<\/li>\n<li>Pem2John [<a href=\"https:\/\/raw.githubusercontent.com\/openwall\/john\/f6d2e4b55f4ad2439cf2610e75844cd9b32c9a9d\/run\/pem2john.py\">Link<\/a>] from JohnTheRipper [<a href=\"https:\/\/github.com\/openwall\/john\">Link<\/a>].<\/li>\n<li>Ssh2John [<a href=\"https:\/\/raw.githubusercontent.com\/openwall\/john\/bleeding-jumbo\/run\/ssh2john.py\">Link<\/a>] from JohnTheRipper.<\/li>\n<\/ul>\n<hr \/>\n<p>Cracking the password\/passphrase of an SSH private key with RSA encryption:<\/p>\n<pre>wget https:\/\/raw.githubusercontent.com\/openwall\/john\/bleeding-jumbo\/run\/ssh2john.py\r\npython3 ssh2john.py id_rsa &gt; id_rsa.hash\r\njohn --wordlist=\/usr\/share\/wordlists\/rockyou.txt id_rsa.hash<\/pre>\n<hr \/>\n<p><strong>COMMONLY KNOWN WEAKINESS AND VULNERABILITIES<\/strong><\/p>\n<ul>\n<li><strong>Common Modulus<\/strong> &#8211; It is a rare case in the real-world but popular in CTF and great for understanding the concepts of RSA [<a href=\"https:\/\/infosecwriteups.com\/rsa-attacks-common-modulus-7bdb34f331a5\">Link<\/a>].<\/li>\n<\/ul>\n<p>It requires knowing:<\/p>\n<ul>\n<li><strong>n<\/strong><\/li>\n<li><strong>c1<\/strong> and\u00a0<strong>e1<\/strong><\/li>\n<li><strong>c2<\/strong> and\u00a0<strong>e2<\/strong><\/li>\n<\/ul>\n<pre>git clone https:\/\/github.com\/Ganapati\/RsaCtfTool.git\r\npython3 RsaCtfTool\/RsaCtfTool.py --createpub -n <strong>MODULUS<\/strong> -e <strong>E1<\/strong> &gt; key1.pub\r\npython3 RsaCtfTool\/RsaCtfTool.py --createpub -n <strong>MODULUS<\/strong> -e <strong>E2<\/strong> &gt; key2.pub\r\nsed -i '1d' key1.pub\r\nsed -i '1d' key2.pub\r\n\r\n# From Hex to Base64\r\necho <strong>C1<\/strong> | xxd -r -p | base64 &gt; ct1.b64\r\necho <strong>C2<\/strong> | xxd -r -p | base64 &gt; ct2.b64\r\n\r\nwget \"https:\/\/raw.githubusercontent.com\/HexPandaa\/RSA-Common-Modulus-Attack\/master\/rsa-cm.py\"\r\npython3 rsa-cm.py -h\r\npython3 rsa-cm.py -c1 ct1.b64 -c2 ct2.b64 -k1 key1.pub -k2 key2.pub<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>RSA is an asymmetric cryptosystem that used public and private key pairs. Key Terms Encrypt [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-2615","post","type-post","status-publish","format-standard","hentry","category-hacking"],"_links":{"self":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/2615","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2615"}],"version-history":[{"count":6,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/2615\/revisions"}],"predecessor-version":[{"id":2715,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/2615\/revisions\/2715"}],"wp:attachment":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2615"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2615"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2615"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}