Introduction to Cryptography TryackMe Walkthrough

Rich
4 min readSep 27, 2023

TL;DR Walkthrough of Introduction to Cryptography, part of TryHackMe’s new Security Engineer pathway.

A full list of our TryHackMe walkthroughs and cheatsheets is here.

Background

The Security Engineer pathway is new to TryHackMe, so Google isn’t already flooded with walkthroughs of the room. Hence I figured I’d post my notes in case it helps anyone else.

On a sidenote, TryHackMe’s promotion of the new Security Engineer pathway ended 25 September. I was in training for work during most of the promotion and hence only got a few rooms done. I did not win anything via the tickets. Hopefully one of you did.

This room can be done completely in BASH in Kali, all I had to do was run updates and add hmac256 to Kali.

I am going to assume that everyone reading this already knows what PKI is, has digitally signed and encrypted email before, and knows about hashes and how passwords are stored. Hence we will just plough ahead into how to get the answers using a standard issue Kali VM.

— — Task 2 — -

Decrypt the file quote01 encrypted (using AES256) with the key s!kR3T55 using gpg. What is the third word in the file?

gpg - output origninal_message.txt - decrypt quote01.txt.gpg

cat origninal_message.txt

Do not waste time idling or thinking after you have set your goals.

Miyamoto Musashi

Decrypt the file quote02 encrypted (using AES256-CBC) with the key s!kR3T55 using openssl. What is the third word in the file?

openssl aes-256-cbc -d -in quote02 -out original_message2.txt

The true science of martial arts means practicing them in such a way that they will be useful at any time, and to teach them in such a way that they will be useful in all things.

Miyamoto Musashi

Decrypt the file quote03 encrypted (using CAMELLIA256) with the key s!kR3T55 using gpg. What is the third word in the file?

gpg — output origninal_message3.txt — decrypt quote03.txt.gpg

You must understand that there is more than one path to the top of the mountain.

Miyamoto Musashi

— — Task 3 — -

Bob has received the file ciphertext_message sent to him from Alice. You can find the key you need in the same folder. What is the first word of the original plaintext?

openssl pkeyutl -decrypt -in ciphertext_message -inkey private-key-bob.pem -out decrypted.txt

“Perception is strong and sight weak. In strategy it is important to see distant things as if they were close and to take a distanced view of close things.”

Miyamoto Musashi

Take a look at Bob’s private RSA key. What is the last byte of p?

openssl rsa -in private-key-bob.pem -text -noout

First prime #, last 2 digits

e7

Take a look at Bob’s private RSA key. What is the last byte of q?

Second prime #, last 2 digits

27

— — Task 4 — -

A set of Diffie-Hellman parameters can be found in the file dhparam.pem. What is the size of the prime number in bits?

openssl dhparam -in dhparams.pem -text -noout

4096

What is the prime number’s last byte (least significant byte)?

4f

— — Task 5 — -

What is the SHA256 checksum of the file order.json?

sha256sum order.json

2c34b68669427d15f76a1c06ab941e3e6038dacdfb9209455c87519a3ef2c660

Open the file order.json and change the amount from 1000 to 9000. What is the new SHA256 checksum?

I simply used gedit to change it.

sha256sum order.json

11faeec5edc2a2bad82ab116bbe4df0f4bc6edd96adac7150bb4e6364a238466

Using SHA256 and the key 3RfDFz82, what is the HMAC of order.txt?

sudo apt-get update

hmac256

yes to all

hmac256 3RfDFz82 order.txt

c7e4de386a09ef970300243a70a444ee2a4ca62413aeaeb7097d43d2c5fac89f

— — Task 6 — -

What is the size of the public key in bits?

openssl x509 -in cert.pem -text

4096

Till which year is this certificate valid?

2039

— — Task 7 — -

You were auditing a system when you discovered that the MD5 hash of the admin password is 3fc0a7acf087f549ac2b266baf94b8b1. What is the original password?

hashcat -m 0 “3fc0a7acf087f549ac2b266baf94b8b1” /home/kali/Downloads/Wordlists/rockyou.txt

qwerty123

An alternate method is to simply copy/paste the hash into crackstation.net

Summary

I’m always happy to see TryHackMe roll out a new pathway. This one has been educational and interesting so far. It’s unfortunate that I was unable to get more rooms done during the promotion due to work and life. My co-worker didn’t join, so I couldn’t get tickets for referrals. TryHackMe didn’t like my last walkthrough on Active Directory Hardening, so no tickets there. Hopefully ya’ll won something even though I didn’t!

--

--

Rich

I work various IT jobs & like Windows domain security as a hobby. Most of what’s here is my notes from auditing or the lab.