Saturday, August 12, 2017

Social Engineering and Encoding with ROT13

One example of this I recently saw in real life was at Defcon 18. I was part of the team that brought the Social Engineering CTF to Defcon. We saw many contestants who used the pretext of an internal employee. When presented with an objection like, “What is your employee badge number?” an unskilled social engineer would get nervous and either not have an answer or hang up, whereas a skilled social engineer would bring those dissonant beliefs into alignment for the target. Simply stating a badge number they found online or using another method they were able to convince the target that information was not needed, therefore aligning the target to their beliefs. These points are very technical answers to a very simple problem, but you must understand that one can do only so much fake. Choose your path wisely.

Social Engineering: The Art of HumanHacking Published by Wiley publishing, Inc.
Copyright©2011 by Christopher Hadnagy

----------------
Python Web Penetration Testing Cookbook
Encoding with ROT13
ROT13 encoding is definitely not the most secure method of encoding anything. Typically, ROT13 was used many years ago to hide offensive jokes on forums as a kind of Not Safe For Work (NSFW) tag so people wouldn't instantly see the remark. These days, it's mostly used within Capture The Flag (CTF) challenges, and you'll find out why. 

Getting ready

For this script, we will need quite specific modules. We will be needing the maketrans feature, and the lowercase and uppercase features from the string module.

How to do it…

To use the ROT13 encoding method, we need to replicate what the ROT13 cipher actually does. The 13 indicates that each letter will be moved 13 places along the alphabet scale, which makes the encoding very easy to reverse:

from string import maketrans, lowercase, uppercase
def rot13(message):
  lower = maketrans(lowercase, lowercase[13:] + lowercase[:13])
  upper = maketrans(uppercase, uppercase[13:] + uppercase[:13])
 return message.translate(lower).translate(upper)
message = raw_input('Enter :')
print rot13(message)


How it works…

This is the first of our scripts that doesn't simply require the hashlib module; instead it requires specific features from a string. We can import these using the following:

from string import maketrans, lowercase, uppercase

Next, we can create a block of code to do the encoding for us. We use the maketrans feature of Python to tell the interpreter to move the letters 13 places across and to keep uppercase within the uppercase and lower within the lower. We then request that it returns the value to us:

def rot13(message):
 lower = maketrans(lowercase, lowercase[13:] + lowercase[:13])
 upper = maketrans(uppercase, uppercase[13:] + uppercase[:13])
 return message.translate(lower).translate(upper)


We then need to ask the user for some input so we have a string to work with; this is done in 
the traditional way:
message = raw_input('Enter :')
Once we have the user input, we can then print out the value of our string being passed through our rot13 block of code:

print rot13(message)

The following is an example of the code in use:
Enter :This is an example of encoding in Python
Guvf vf na rknzcyr bs rapbqvat va Clguba

Cracking a substitution cipher
The following is an example of a real-life scenario that was recently encountered. A substitution cipher is when letters are replaced by other letters to form a new, hidden message. During a CTF that was hosted by "NullCon" we came across a challenge that looked like a substitution cipher. 
The challenge was:
Find the key:
TaPoGeTaBiGePoHfTmGeYbAtPtHoPoTaAuPtGeAuYbGeBiHoTaTmPtHoTmGePoAuGe 
 ErTaBiHoAuRnTmPbGePoHfTmGeTmRaTaBiPoTmPtHoTmGeAuYbGeTbGeLuTmPtTm 
 PbTbOsGePbTmTaLuPtGeAuYbGeAuPbErTmPbGeTaPtGePtTbPoAtPbTmGeTbPtEr 
 GePoAuGeYbTaPtErGePoHfTmGeHoTbAtBiTmBiGeLuAuRnTmPbPtTaPtLuGePoHf 
 TaBiGeAuPbErTmPbPdGeTbPtErGePoHfTaBiGePbTmYbTmPbBiGeTaPtGeTmTlAt 
 TbOsGeIrTmTbBiAtPbTmGePoAuGePoHfTmGePbTmOsTbPoTaAuPtBiGeAuYbGeIr 
 TbPtGeRhGeBiAuHoTaTbOsGeTbPtErGeHgAuOsTaPoTaHoTbOsGeRhGeTbPtErGe 
 PoAuGePoHfTmGeTmPtPoTaPbTmGeAtPtTaRnTmPbBiTmGeTbBiGeTbGeFrHfAuOs 
 TmPd

Getting ready
For this script, there is no requirement for any external libraries.

How to do it…
To solve this problem, we run our string against values in our periodic dictionary and transformed the discovered values into their ascii form. This in returned the output of  our final answer:

string = 
 "TaPoGeTaBiGePoHfTmGeYbAtPtHoPoTaAuPtGeAuYbGeBiHoTaTmPtHoTmGePoA 
 uGeErTaBiHoAuRnTmPbGePoHfTmGeTmRaTaBiPoTmPtHoTmGeAuYbGeTbGeLuTmP 
 tTmPbTbOsGePbTmTaLuPtGeAuYbGeAuPbErTmPbGeTaPtGePtTbPoAtPbTmGeTbP 
 tErGePoAuGeYbTaPtErGePoHfTmGeHoTbAtBiTmBiGeLuAuRnTmPbPtTaPtLuGeP 
 oHfTaBiGeAuPbErTmPbPdGeTbPtErGePoHfTaBiGePbTmYbTmPbBiGeTaPtGeTmT 
 lAtTbOsGeIrTmTbBiAtPbTmGePoAuGePoHfTmGePbTmOsTbPoTaAuPtBiGeAuYbG 
 eIrTbPtGeRhGeBiAuHoTaTbOsGeTbPtErGeHgAuOsTaPoTaHoTbOsGeRhGeTbPtE 
 rGePoAuGePoHfTmGeTmPtPoTaPbTmGeAtPtTaRnTmPbBiTmGeTbBiGeTbGeFrHfA 
 uOsTmPd"

n=2
list = []
answer = []

[list.append(string[i:i+n]) for i in range(0, len(string), n)]

print set(list)

periodic ={"Pb": 82, "Tl": 81, "Tb": 65, "Ta": 73, "Po": 84, "Ge": 
 32, "Bi": 83, "Hf": 72, "Tm": 69, "Yb": 70, "At": 85, "Pt": 78, 
 "Ho": 67, "Au": 79, "Er": 68, "Rn": 86, "Ra": 88, "Lu": 71, 
 "Os": 76, "Tl": 81, "Pd": 46, "Rh": 45, "Fr": 87, "Hg": 80, 
 "Ir": 77}

for value in list:
 if value in periodic:
 answer.append(chr(periodic[value]))

lastanswer = ''.join(answer)
print lastanswer

How it works…
To start this script off, we first defined the key string within the script. The n variable was then 
defined as 2 for later use and two empty lists were created— list and answer:
string = --snipped--
n=2
list = []
answer = []
We then started to create the list, which ran through the string and pulled out the sets of two 
letters and appended them to the list value, which was then printed:
[list.append(string[i:i+n]) for i in range(0, len(string), n)]
print set(list)
Each of the two letters corresponded to a value in the periodic table, which relates to a 
number. Those numbers when transformed into ascii related to a character. Once this was 
discovered, we needed to map the elements to their periodic number and store that:
periodic ={"Pb": 82, "Tl": 81, "Tb": 65, "Ta": 73, "Po": 84, "Ge": 
 32, "Bi": 83, "Hf": 72, "Tm": 69, "Yb": 70, "At": 85, "Pt": 78, 
 "Ho": 67, "Au": 79, "Er": 68, "Rn": 86, "Ra": 88, "Lu": 71, 
 "Os": 76, "Tl": 81, "Pd": 46, "Rh": 45, "Fr": 87, "Hg": 80, 
 "Ir": 77}
We are then able to create a loop that will go through the list of elements that we previously 
created and named as list, and map them to the value in the periodic set of data that we 
created. As this is running, we can have it append the findings into our answer string while 
transforming the ascii number to the relevant letter:
for value in list:
 if value in periodic:
 answer.append(chr(periodic[value]))
Finally, we need to have the data printed to us:
lastanswer = ''.join(answer)
print lastanswer
Here is an example of the script running:

set(['Pt', 'Pb', 'Tl', 'Lu', 'Ra', 'Pd', 'Rn', 'Rh', 'Po', 'Ta',  'Fr', 'Tb', 'Yb', 'Bi', 'Ho', 'Hf', 'Hg', 'Os', 'Ir', 'Ge', 'Tm',  'Au', 'At', 'Er'])

IT IS THE FUNCTION OF SCIENCE TO DISCOVER THE EXISTENCE OF A GENERAL 
 REIGN OF ORDER IN NATURE AND TO FIND THE CAUSES GOVERNING THIS 
 ORDER. AND THIS REFERS IN EQUAL MEASURE TO THE RELATIONS OF MAN - 
 SOCIAL AND POLITICAL - AND TO THE ENTIRE UNIVERSE AS A WHOLE.

Key stretching - explicação

Você pode fazer uma chave fraca se tornar mais forte ao executar múltiplos processos para a mesma chave. Por exemplo, você pode ter uma se...