Applied Cryptanalysis
🔥 Advanced

Cryptography Attacks

Cryptography attacks exploit weaknesses in cryptographic implementations, algorithms, or protocols. While modern algorithms like AES-256 and RSA-2048 are mathematically secure, implementation flaws, weak configurations, and protocol vulnerabilities provide attack vectors for penetration testers.

Don't Roll Your Own Crypto

Implementing cryptography correctly is extremely difficult. Always use established libraries (NaCl/libsodium, OpenSSL) and standard algorithms. Custom crypto is almost always vulnerable.

Common Crypto Vulnerabilities

Weak Algorithms

  • MD5/SHA1: Collision attacks (use SHA256+)
  • DES/3DES: Small key space (use AES)
  • RC4: Biased output (deprecated in TLS 1.3)
  • ECB mode: Deterministic encryption

Implementation Flaws

  • Hardcoded Keys: Keys in source code
  • Weak RNG: Predictable random numbers
  • Key Reuse: Same key for multiple purposes
  • No Salt: Unsalted password hashes

Protocol Attacks

  • Downgrade Attacks: Force TLS 1.0
  • MITM: Missing certificate validation
  • Padding Oracle: CBC mode with error messages
  • Timing Attacks: Time-based side channels

Configuration Issues

  • Weak Ciphers: Allowing DES, RC4
  • Short Keys: RSA-1024, 56-bit DES
  • No HSTS: Downgrade to HTTP possible
  • Self-Signed Certs: Bypassing validation

Testing for Crypto Flaws

1. Identify Crypto Usage

Find where encryption, hashing, or random number generation occurs. Look for SSL/TLS endpoints, login forms, password reset tokens.

2. Test TLS Configuration

Use testssl.sh, sslyze, or online tools (SSL Labs) to identify weak ciphers, missing HSTS, or certificate issues.

3. Analyze Encrypted Data

Intercept encrypted tokens, cookies, or API requests. Look for patterns (ECB mode), test for padding oracle, attempt replay attacks.

4. Test Randomness

Generate multiple tokens (password reset, session IDs) and analyze for patterns. Use statistical tests (ENT, NIST SP 800-22).

Essential Crypto Attack Tools

TLS Testing

  • • testssl.sh
  • • sslyze
  • • sslscan
  • • SSL Labs

Hash Cracking

  • • Hashcat
  • • John the Ripper
  • • CrackStation
  • • RainbowCrack

Crypto Analysis

  • • PadBuster
  • • Bleichenbacher
  • • hash_extender
  • • RsaCtfTool

Focus on Configuration, Not Algorithms

You're unlikely to break AES or RSA through cryptanalysis. Focus on misconfigurations, implementation bugs, and protocol flaws—that's where real vulnerabilities exist.

Guide Contents

🔐
1

Crypto Fundamentals

Core cryptographic concepts for security testing.
💔
2

Weak Cryptography

Attacking deprecated and weak algorithms like MD5, DES, RC4.
⚠️
3

Padding Oracle Attacks

Exploiting CBC mode encryption with padding validation.
📏
4

Hash Length Extension

Exploiting Merkle-Damgård construction vulnerabilities.
🔒
5

TLS/SSL Attacks

Testing TLS implementations for POODLE, BEAST, and more.
🔑
6

RSA Attacks

Attacking weak RSA implementations and key generation.
🧱
7

ECB Mode Attacks

Exploiting Electronic Codebook mode vulnerabilities.
🗝️
8

Key Management

Finding hardcoded keys and insecure key storage.
🎲
9

PRNG Attacks

Exploiting weak random number generators.

Related Topics

Web Penetration Testing

API Pentesting

Reverse Engineering