Crypto on PseudorandomDog's Blog https://binarydog.top/tags/crypto/ Recent content in Crypto on PseudorandomDog's Blog Hugo zh-CN Sun, 10 Nov 2024 00:00:00 +0000 WebGoat笔记之二:Cryptographic Failures https://binarydog.top/posts/webgoat/webgoat-a2-cryptographic-failures/ Sun, 10 Nov 2024 00:00:00 +0000 https://binarydog.top/posts/webgoat/webgoat-a2-cryptographic-failures/ <h2 class="heading" id="crypto-basics"> Crypto Basics <a class="anchor" href="#crypto-basics">#</a> </h2> <h3 class="heading" id="实验一http-basic-auth"> 实验一:HTTP Basic Auth <a class="anchor" href="#%e5%ae%9e%e9%aa%8c%e4%b8%80http-basic-auth">#</a> </h3> <p>这种模式流行于 HTTP 的早期,密码和用户名只做了编码而未做加密</p> <p><code>Authorization: Basic d2ViZ29hdDoxMjM0NTY=</code></p> <p><code>webgoat:passw0rd</code></p> <h3 class="heading" id="实验二ibm-websphere-application-server-xor-encoding"> 实验二:IBM WebSphere Application Server XOR encoding <a class="anchor" href="#%e5%ae%9e%e9%aa%8c%e4%ba%8cibm-websphere-application-server-xor-encoding">#</a> </h3> <p>根据资料,XOR 的密钥始终是 _*n (长度和明文等长)</p> <p><code>{xor}Oz4rPj0+LDovPiwsKDAtOw==</code></p> <p><code>databasepassword</code></p> <h3 class="heading" id="实验三哈希"> 实验三:哈希 <a class="anchor" href="#%e5%ae%9e%e9%aa%8c%e4%b8%89%e5%93%88%e5%b8%8c">#</a> </h3> <p>第一个哈希</p> <p><code>21232F297A57A5A743894A0E4A801FC3</code></p> <p>看长度是 MD5</p> <p><code>hashcat -m 0 hash.txt /usr/share/wordlists/rockyou.txt</code></p> <p>得 <code>admin</code></p> <p>第二个哈希</p> <p><code>2BB80D537B1DA3E38BD30361AA855686BDE0EACD7162FEF6A25FE97BF527A25B</code></p> <p>看长度是 SHA256</p> <p><code>hashcat -m 1400 hash.txt /usr/share/wordlists/rockyou.txt</code></p> <p>得 <code>secret</code></p> <h3 class="heading" id="实验四从-pem-文件提取-rsa-私钥并对-n-签名"> 实验四:从 PEM 文件提取 RSA 私钥并对 n 签名 <a class="anchor" href="#%e5%ae%9e%e9%aa%8c%e5%9b%9b%e4%bb%8e-pem-%e6%96%87%e4%bb%b6%e6%8f%90%e5%8f%96-rsa-%e7%a7%81%e9%92%a5%e5%b9%b6%e5%af%b9-n-%e7%ad%be%e5%90%8d">#</a> </h3> <p>HTTPS 的基本流程:</p> <ol> <li>客户端向服务端请求它的证书</li> <li>客户端依据本机安装的权威证书验证证书签名链,从而决定服务端是否可信</li> <li>客户端从证书读取服务端的公钥</li> <li>客户端生成一些用于对称加密密钥的随机值,用服务端的公钥加密并发送给服务端</li> <li>两边根据约定的算法同步产生对称加密密钥</li> <li>使用对称加密密钥加密 HTTP 报文进行通讯</li> </ol> <p>签名三要素:数据、签名、证书</p>