Encryption Quick Reference
Hackers Manifest - hackersmanifest.com
Quick Reference
Essential commands for OpenSSL, GPG, SSH keys, hash cracking, and cryptographic primitives.
🔍 Hash Identification Quick Reference
32 chars → MD540 chars → SHA164 chars → SHA256128 chars → SHA51232 chars (hex) → NTLM$2a$/$2b$ → bcrypt$6$ → SHA512crypt$1$ → MD5crypt$y$ → yescryptUse hashid or hash-identifier for automatic detection
Weak Algorithms to Avoid
Broken/Weak: MD5, SHA1, DES, 3DES, RC4, WEP
Use Instead: SHA256+, AES-256, ChaCha20, bcrypt/Argon2 for passwords
Use Instead: SHA256+, AES-256, ChaCha20, bcrypt/Argon2 for passwords
Certificate Verification
To verify if a private key matches a certificate, compare their modulus:
openssl x509 -noout -modulus -in cert.pem | openssl md5 openssl rsa -noout -modulus -in key.pem | openssl md5 📂 Common Wordlist Locations
SecLists GitHub →/usr/share/wordlists/rockyou.txt/usr/share/seclists//usr/share/wordlists/dirb//usr/share/john/password.lstInstall SecLists: apt install seclists | Decompress rockyou: gunzip rockyou.txt.gz
🍳 CyberChef - The Cyber Swiss Army Knife
gchq.github.io/CyberChef - Drag & drop operations for encoding, encryption, compression, and more.
Magic - Auto-detect encoding
From Base64 - Decode base64
From Hex - Decode hex
XOR - XOR with key
AES Decrypt - Symmetric decrypt
Entropy - Detect encryption
Pro tip: Use "Magic" operation first to auto-detect encoding chains
#️⃣ Hashing Commands
| MD5 | md5sum file.txt |
| SHA256 | sha256sum file.txt |
| SHA512 | sha512sum file.txt |
| OpenSSL | openssl dgst -sha256 file.txt |
| Verify | sha256sum -c checksums.txt |
| HMAC | openssl dgst -sha256 -hmac "key" file.txt |
🔄 Encoding & Decoding
bash
# Base64 Encode/Decode
echo "text" | base64
echo "dGV4dAo=" | base64 -d
# Hex Encode/Decode
echo "text" | xxd -p
echo "74657874" | xxd -r -p
# URL Encode (Python)
python3 -c "import urllib.parse; print(urllib.parse.quote('test string'))"
# ROT13
echo "text" | tr 'A-Za-z' 'N-ZA-Mn-za-m'🔒 OpenSSL - Certificates
openssl.org → bash
# Generate Private Key & CSR
openssl req -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr
# Self-Signed Certificate
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout domain.key -out domain.crt| View CSR Info | openssl req -text -noout -verify -in request.csr |
| View Cert Info | openssl x509 -text -noout -in cert.pem |
| Check Expiry | openssl x509 -enddate -noout -in cert.pem |
🔐 OpenSSL - Symmetric Encryption
bash
# Encrypt file with AES-256-CBC
openssl enc -aes-256-cbc -salt -pbkdf2 -in plaintext.txt -out encrypted.enc
# Decrypt file
openssl enc -d -aes-256-cbc -pbkdf2 -in encrypted.enc -out decrypted.txt
# Encrypt with specific key/IV (hex)
openssl enc -aes-256-cbc -K <hex_key> -iv <hex_iv> -in file.txt -out encrypted.enc🔨 John the Ripper - File Cracking
openwall.com → bash
# Crack SSH Key (John)
ssh2john id_rsa > hash.txt
john --wordlist=rockyou.txt hash.txt
# Crack Zip File
zip2john protected.zip > hash.txt
john --wordlist=rockyou.txt hash.txt
# Crack PDF
pdf2john protected.pdf > hash.txt
# Crack 7z Archive
7z2john protected.7z > hash.txt
# Crack KeePass Database
keepass2john Database.kdbx > hash.txt
# Crack Office Documents
office2john protected.docx > hash.txt⚡ Hashcat - GPU Cracking
hashcat.net → bash
# Crack MD5
hashcat -m 0 hash.txt wordlist.txt
# Crack NTLM
hashcat -m 1000 hash.txt wordlist.txt
# Crack SHA256
hashcat -m 1400 hash.txt wordlist.txt
# Crack bcrypt
hashcat -m 3200 hash.txt wordlist.txt
# With Rules
hashcat -m 0 hash.txt wordlist.txt -r rules/best64.rule
# Kerberoast (TGS-REP)
hashcat -m 13100 tgs_hashes.txt wordlist.txt
# AS-REP Roast
hashcat -m 18200 asrep_hashes.txt wordlist.txt
# NetNTLMv2
hashcat -m 5600 ntlmv2_hashes.txt wordlist.txt
# MSSQL (2012+)
hashcat -m 1731 mssql_hashes.txt wordlist.txt
# MySQL (SHA1)
hashcat -m 300 mysql_hashes.txt wordlist.txtCommon Hash Modes: (Full list)
0 = MD5 100 = SHA1 1000 = NTLM 1400 = SHA256 1800 = SHA512crypt 3200 = bcrypt 5600 = NetNTLMv2 13100 = Kerberos TGS 🖼️ Steganography
Stego Tools List → bash
# === IMAGE STEGANOGRAPHY ===
# Extract Data (Steghide)
steghide extract -sf image.jpg
# Extract Data (Binwalk)
binwalk -e image.jpg
# Zsteg (PNG analysis)
zsteg -a image.png
# Foremost (file carving)
foremost -i image.jpg -o output/
# Stegseek (fast steghide cracker)
stegseek image.jpg wordlist.txt
# Exiftool (metadata)
exiftool image.jpg
# Strings (hidden text)
strings -n 8 image.jpg
# === AUDIO STEGANOGRAPHY ===
# Sonic Visualizer - check spectrogram
# Audacity - Layer > Spectrogram view
# Decode SSTV (Slow-Scan TV)
sstv -d audio.wav -o output.png
# LSB audio extraction
python3 lsb_audio.py audio.wav
# Deepsound (Windows)
deepsound.exe -extract audio.wav🔄 OpenSSL - Conversion
| PEM to DER | openssl x509 -outform der -in cert.pem -out cert.der |
| DER to PEM | openssl x509 -inform der -in cert.der -out cert.pem |
| PEM to PFX | openssl pkcs12 -export -out bundle.pfx -inkey key.pem -in cert.pem |
| PFX to PEM | openssl pkcs12 -in bundle.pfx -out bundle.pem -nodes |
🔑 GPG (GnuPG)
gnupg.org →| Generate Key | gpg --full-generate-key |
| List Keys | gpg --list-keys |
| Export Public | gpg --armor --export user > pub.asc |
| Import Key | gpg --import pubkey.asc |
| Encrypt File | gpg --recipient user --encrypt file.txt |
| Decrypt File | gpg --decrypt file.txt.gpg > file.txt |
| Sign File | gpg --sign file.txt |
| Verify Sig | gpg --verify file.txt.sig |
💻 SSH Keys
| Generate Ed25519 | ssh-keygen -t ed25519 -C "comment" |
| Generate RSA | ssh-keygen -t rsa -b 4096 |
| Copy ID | ssh-copy-id user@host |
| Change Pass | ssh-keygen -p -f ~/.ssh/id_rsa |
| Fingerprint | ssh-keygen -lf ~/.ssh/id_rsa.pub |
| Convert to PEM | ssh-keygen -p -m PEM -f key |
| Permissions | chmod 600 ~/.ssh/id_rsa |
🪟 Windows Cryptography
| List Certs | certutil -store My |
| Export Cert | certutil -exportPFX My "cert" out.pfx |
| Hash File | certutil -hashfile file.txt SHA256 |
| Base64 Decode | certutil -decode enc.txt dec.txt |
| DPAPI (Mimikatz) | dpapi::masterkey /in:masterkey |
| Credential Files | %APPDATA%\Microsoft\Credentials\ |
📡 Encrypted Shells
| Ncat Bind | ncat --exec cmd.exe -vnl 4444 --ssl |
| Ncat Connect | ncat -v target 4444 --ssl |
| Socat Listen | socat OPENSSL-LISTEN:443,cert=cert.pem,verify=0 EXEC:/bin/bash |
| OpenSSL | openssl s_client -connect host:443 |
🎫 JWT Attacks
⚡ Intermediate
bash
# === DECODE JWT (without verification) ===
# Header.Payload.Signature (base64url encoded)
echo "JWT_TOKEN" | cut -d. -f2 | base64 -d 2>/dev/null
# Python decode
import jwt
jwt.decode(token, options={"verify_signature": False})
# === COMMON JWT ATTACKS ===
# 1. Algorithm None Attack
# Change header: {"alg": "none"} and remove signature
# 2. Algorithm Confusion (RS256 → HS256)
# Sign with public key as HMAC secret
# 3. Weak Secret Brute Force
hashcat -m 16500 jwt.txt wordlist.txt
john jwt.txt --wordlist=wordlist.txt --format=HMAC-SHA256
# jwt_tool - Swiss army knife
jwt_tool TOKEN -C -d wordlist.txt # Crack secret
jwt_tool TOKEN -X a # Algorithm none
jwt_tool TOKEN -I -pc name -pv admin # Inject claim
# === USEFUL JWT TOOLS ===
# jwt.io - Online decoder
# jwt_tool - CLI manipulation
# c-jwt-cracker - Fast brute force🐍 Python Cryptography
PyCryptodome Docs → python
# === HASHING ===
import hashlib
hashlib.md5(b"text").hexdigest()
hashlib.sha256(b"text").hexdigest()
# === AES ENCRYPTION (PyCryptodome) ===
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
key = get_random_bytes(32) # AES-256
cipher = AES.new(key, AES.MODE_GCM)
ciphertext, tag = cipher.encrypt_and_digest(plaintext)
# === RSA ===
from Crypto.PublicKey import RSA
key = RSA.generate(2048)
pubkey = key.publickey().export_key()
# === BASE64 ===
import base64
base64.b64encode(b"text")
base64.b64decode(b"dGV4dA==")
# === PBKDF2 Key Derivation ===
from hashlib import pbkdf2_hmac
key = pbkdf2_hmac('sha256', password, salt, 100000)Install: pip install pycryptodome pyjwt
🔓 RSA Attacks
🔥 Advanced
bash
# === RSA ATTACK TOOLS ===
# RsaCtfTool - Automated RSA attacks
python3 RsaCtfTool.py --publickey pub.pem --private
# With known n and e, try factorization
python3 RsaCtfTool.py -n <modulus> -e <exponent> --private
# === COMMON RSA WEAKNESSES ===
# Small e (e=3) with small message
# Wiener's Attack (small d)
# Fermat Factorization (p,q close together)
# Common Modulus Attack
# Hastad Broadcast Attack
# === EXTRACT RSA PARAMETERS ===
openssl rsa -pubin -in pub.pem -text -noout
# Python extract
from Crypto.PublicKey import RSA
key = RSA.import_key(open("pub.pem").read())
print(f"n={key.n}, e={key.e}")
# === FACTORDB ===
# factordb.com - Check if n is already factored🔒 TLS/SSL Testing
testssl.sh → bash
# === TESTSSL.SH ===
# Comprehensive SSL/TLS scanner
./testssl.sh https://target.com
./testssl.sh --severity HIGH target.com:443
# === SSLYZE ===
sslyze --regular target.com
sslyze --certinfo target.com
# === NMAP SSL SCRIPTS ===
nmap --script ssl-enum-ciphers -p 443 target.com
nmap --script ssl-heartbleed -p 443 target.com
nmap --script ssl-poodle -p 443 target.com
# === OPENSSL TESTING ===
# Check supported protocols
openssl s_client -connect target:443 -tls1_2
openssl s_client -connect target:443 -tls1_3
# Check certificate chain
openssl s_client -connect target:443 -showcerts
# Check for specific cipher
openssl s_client -connect target:443 -cipher 'RC4'Generated from Hackers Manifest | For authorized security testing only | hackersmanifest.com