Symmetric Encryption
Overview
Hey there! In this write-up, I'm going to walk you through the process I followed while working on the Blue VM exercise. The goal here is to learn about vulnerability scanning and exploitation techniques in a controlled environment. I’ll be covering the steps I took to identify vulnerabilities, exploit them, escalate my privileges, and eventually capture some flags. So, grab a coffee, and let’s dive in!
Key Information
Terminology:
- Cryptographic Algorithm or Cipher This algorithm defines the encryption and decryption processes.
- Key The cryptographic algorithm needs a key to convert the plaintext into ciphertext and vice versa.
- plaintext is the original message that we want to encrypt
- ciphertext is the message in its encrypted form
A symmetric encryption algorithm uses the same key for encryption and decryption.
| Encryption Algorithm | Notes |
|---|---|
| AES, AES192, and AES256 | AES with a key size of 128, 192, and 256 bits |
| IDEA | International Data Encryption Algorithm (IDEA) |
| 3DES | Triple DES (Data Encryption Standard) and is based on DES. We should note that 3DES will be deprecated in 2023 and disallowed in 2024. |
| CAST5 | Also known as CAST-128. Some sources state that CAST stands for the names of its authors: Carlisle Adams and Stafford Tavares. |
| BLOWFISH | Designed by Bruce Schneier |
| TWOFISH | Designed by Bruce Schneier and derived from Blowfish |
| CAMELLIA128, CAMELLIA192, and CAMELLIA256 | Designed by Mitsubishi Electric and NTT in Japan. Its name is derived from the flower camellia japonica. |
Notes
Popular tools for symmetric encryption:
-
GNU Priacy Guard: The GNU Privacy Guard, also known as GnuPG or GPG, implements the OpenPGP standard..
-
OpenSSL Project: The OpenSSL Project maintains the OpenSSL software.
Conclusion
So, that’s how I tackled the Blue VM exercise! This was a great hands-on approach to learning about vulnerability scanning, exploitation, privilege escalation, and cracking passwords on a Windows machine. The Blue VM is perfect for beginners, and it really helped me understand common attack vectors like EternalBlue, privilege escalation, and password cracking.
By now, you should have a good understanding of the techniques involved in penetration testing. As you move on to more complex environments, these foundational skills will come in handy. If you’re just starting with penetration testing, this is an excellent first step!
Happy hacking, and I hope this guide helps you in your learning journey!
Resources
- TryHackMe: Blue VM Room
- Metasploit Framework: Metasploit Official Website
- Nmap: Nmap Official Website
Good luck, and keep learning!