Tools and Utilities

Here are some tools and utilities commonly used for practices related to cryptography:

OpenSSL

  • Tool-kit for cryptography

  • Generate keys and certificates

  • Encrypt and Decrypt data and typical ciphers

Commands

  • Connect as a client

openssl s_client -connect $IP:$port

  • Generate a private key with RSA

openssl genrsa -out $name 2048

  • Generate a hash for a Linux user

openssl passwd -1 -salt AAA $password

  • Encrypt/Decrypt files

openssl enc -aes256 -iter 100000 -pbkdf2 -in $file -out $encFile
openssl enc -d -aes256 -iter 100000 -pbkdf2 -in $encFile -out $file

John the Ripper

  • Password cracking tool, known for its speed and efficiency in cracking weak passwords. Comes with various modules specialized for cracking and retrieving hashes from specific files.

Commands

  • Install

sudo apt install john

  • Broke hash

john $hashfile -w=$wordlist 
john $hashfile --incremental    #Break by bruteforcing

One famous dictionary is rockyou.txt, which can be found by default on Kali Linux on /usr/share/wordlists/rockyou.txt


  • Use unshadow to create a crackable file

unshadow $passwdFile $shadowFile > $outFile
#passwdFile and shadowFile are the /etc/passwd and /etc/shadow files, respectively

  • Extract the hash from a ZIP file

zip2john $zipfile
zip2john $zipfile > $hashfile #To save the recovered hash

Hashcat

  • A password recovery tool that supports a wide range of hashing algorithms, primarily used for cracking passwords stored in hashed formats.

Commands

  • Install

sudo apt install hashcat

  • Filter the code of a hash mode

hashcat --help | grep -i $keyword

  • Attack hash

hashcat -a $attackmode -m $modecode $file $dictionary
hashcat -a 0 -m 0 md5.txt /usr/share/wordlists/rockyou.txt #MD5 Cracking
hashcat -a 0 -m 16500 jwt.txt /usr/share/wordlists/rockyou.txt #JWT Cracking

Dcode.fr

Have a cipher identifier: https://www.dcode.fr/cipher-identifier

Cyberchef

The magic mode helps you identify and decode automatically the ciphertext

Crackstation

Hash-identifier

  • Command line utility to identify possible hashing methods related to a value

Commands

  • Install

sudo apt install hash-identifier

  • Identify hash mode

hash-identifier $hash

CacheSleuth

  • Versatile online tool to assist in decoding a wide array of ciphers and codes, with an incorporated multidecoder

Last updated