Our Scenarios

Crypto101 – Encryption #1


This scenario serves as a basic introduction to symmetric-key cryptography. It is especially useful when doing penetration tests involving applicaion security as some applications employ application-level encryption


Imagine the following:

You are a Penetration Tester carrying out an internal network assessment for a client. You manage to gain user-level access to a system in scope and start sniffing network traffic to see if this might help you escalate your privileges. You notice inbound, encrypted traffic from various different systems is being sent to the IP of your compromised host and suspect this might help you gain access to sensitive resources on your victim machine, which is running multiple services (web applications and database servers).

You identify where the credentials for the services are stored, but they are hashed, and after an unsuccessful attempt to crack the hashes, you carry out an SSL-splitting attack to insert yourself between your compromised host and the other systems. However, you soon realize the systems are using application-level encryption as a supposed added layer of defence. Being an experiend operator, you know already that the encrypted traffic and local application files include everything needed for decryption. Decrypt the application traffic to gain access to sensitive resources.

What you will learn

After completing the scenario, participants will become familiar with the most common types of symmetric encryption:

Block Ciphers

AES (Advanced Encryption Standard) will be used as an example of a block cipher, and participants will be introduced to three common types of operation: ECB, CBC and GCM modes

Stream Ciphers

RC4 and ChaCha will be used as examples of stream ciphers; RC4 is an insecure cipher but should still be used sometimes in specific situations

Scenario Pre-requisites / recommendations

CyberChef (recommended) PyCryptoDome (recommended)

Technical Details

This scenario does not have a target virtual machine. All challenges can be solved solely from the details provided in each question.