Skip to main content

Symmetric Encryption

Overview

Hey there! In this write-up, I'm going to walk you through the process I followed while working on the Blue VM exercise. The goal here is to learn about vulnerability scanning and exploitation techniques in a controlled environment. I’ll be covering the steps I took to identify vulnerabilities, exploit them, escalate my privileges, and eventually capture some flags. So, grab a coffee, and let’s dive in!

Key Information

FirstTerminology:

things
    first,
  • Cryptographic IAlgorithm hador Cipher This algorithm defines the encryption and decryption processes.
  • Key The cryptographic algorithm needs a key to scanconvert the plaintext into ciphertext and vice versa.
  • Blue VMplaintext, which is athe Windows-basedoriginal machinemessage designedthat we want to encrypt
  • ciphertext is the message in its encrypted form

A symmetric encryption algorithm uses the same key for learning purposes. Right off the bat, I noticed the machine doesn’t respond to ping (ICMP),encryption and itdecryption.

mighttake knownvulnerabilities.OnekeyMS17-010,better makesidentifyingand exploiting the vulnerability much easier. So, let me break down the key steps here.

Encryption AlgorithmNotes
AES, AES192, and AES256AES with a bitkey longersize toof boot128, up.

My task was to identify open ports (less than 1000)192, and look256 forbits
IDEA International vulnerabilityData IEncryption targetedAlgorithm was(IDEA)
3DESTriple DES (Data Encryption Standard) and is based on DES. We should note that 3DES will be deprecated in 2023 and disallowed in 2024.
CAST5Also known as EternalBlue.CAST-128. ThisSome vulnerabilitysources state that CAST stands for the names of its authors: Carlisle Adams and Stafford Tavares.
BLOWFISHDesigned by Bruce Schneier
TWOFISHDesigned by Bruce Schneier and derived from Blowfish
CAMELLIA128, CAMELLIA192, and CAMELLIA256Designed by Mitsubishi Electric and NTT in Japan. Its name is widelyderived known for being exploitable viafrom the Metasploitflower framework,camellia whichjaponica.

Notes

  1. SetGNU RHOSTSPriacy Guard: ThisThe isGNU wherePrivacy IGuard, setalso known as GnuPG or GPG, implements the targetOpenPGP IP address (RHOSTS) of the Blue machinestandard.. If you’ve worked with Metasploit before, you know that setting the target IP is crucial.

  2. SetOpenSSL PayloadProject: IThe neededOpenSSL toProject choosemaintains the rightOpenSSL payload. I went with windows/x64/shell/reverse_tcp. This payload opens a reverse TCP shell, which is useful for maintaining a connection with the target system.

  3. Run Exploit: After configuring the settings, I ran the exploit. If successful, it gives me access to the target system via a DOS shell. It worked like a charm!

  4. Troubleshooting: Sometimes, the exploit didn’t work on the first try. If that happens, I simply rebooted the target machine and tried running the exploit again. It’s always a good practice to retry if the initial attempt fails.software.

Conclusion

So, that’s how I tackled the Blue VM exercise! This was a great hands-on approach to learning about vulnerability scanning, exploitation, privilege escalation, and cracking passwords on a Windows machine. The Blue VM is perfect for beginners, and it really helped me understand common attack vectors like EternalBlue, privilege escalation, and password cracking.

By now, you should have a good understanding of the techniques involved in penetration testing. As you move on to more complex environments, these foundational skills will come in handy. If you’re just starting with penetration testing, this is an excellent first step!

Happy hacking, and I hope this guide helps you in your learning journey!

Resources

Good luck, and keep learning!

Back to top