Eikonal Blog

2012.11.02

Java keytool

Filed under: crypto, hashes, infosec, it, java — Tags: , — sandokan65 @ 10:45
  • Download the CA certificate from the proxy and convert it to PEM format:

      /usr/java/default/bin/keytool -import -trustcacerts -file  -alias CA_ALIAS -keystore /usr/java/default/lib/security/cacerts -storepass changeit
      

More:

Advertisements

2012.02.14

OpenSSL

  • HTTPS server banner:

      openssl s_client -connect:IPAddress:443

    after connection is established, type in “HEAD / HTTP/1.0” and press enter.

    Alternative:

      echo -e "HEAD / HTTP/1.0\n\n" | openssl s_client -quiet -connect IPAddress:443

  • NTTPS server banner

      openssl s_client -connect:IPAddress:563
      

  • IMAPS server banner:

      openssl s_client -connect:IPAddress:993
      

  • POP3S server banner:

      openssl s_client -connect:IPAddress:995
      

  • Identifying SSL cyphers:

      openssl s_client -connect website:443 -cipher EXPORT40
      openssl s_client -connect website:443 -cipher NULL
      openssl s_client -connect website:443 -cipher HIGH
      

  • Generating password hash four unix:

      openssl passwd -1 -salt QIGCa pippo
      

    output: $1$QIGCa$/ruJs8AvmrkmzKTzM2TYE.

  • Converting a PKCS12-encoded (or .pfx) certificate to PEM format:

      openssl pkcs12 -in CertFile.p12  -out NewCertFile.pem   -nodes. -cacerts
      

  • Converting a DER-encoded certificate to PEM format:

      openssl x509  -in CertFile.crt.  -inform DER  -out NewCertName.pem   -outform PEM
      

  • Download a proxy’s public certificate:

      openssl s_client-connect ProxyHostname:port   proxycert.pem
      

  • Create a key:

      openssl genrsa -des3 -out server.key 1024
      

  • Create a CSR (certificate signing request):

      openssl req -new -key server.key -out server.csr
      

  • Remove a password from a key:

      cp server.key server.key.org
      openssl rsa -in server.key.org -out server.key
      

  • Sign the CSR and create the certificate:

      openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
      cat server.crt server.key > certificate.pem
      

  • Encrypting a file:

      cat INFILE | openssl aes-256-ecb -salt -k PASSWORD > INFILE.ssl
      

  • Decrypting a file:

      cat INFILE.ssl | openssl aes-256-ecb -d -k PASSWORD > INFILE
      

2011.05.12

Passwords related postings

Generating password hashes

  • Generating unix-style MD5 hash: openssl passwd -1 -salt QIGCa pippo
    • produces: $1$QIGCa$/ruJs8AvmrknzKTzM2TYE.
  • generating password hash using system’s native crypt() command: perl -e ‘print crypt(“pippo”, “\$1\$QIGCa”),”\n”‘
    • produces: $1Su6NR9CFU/6
  • Using Python’s Passlib library (http://packages.python.org/passlib/):
    • Install Python (e.g. in Cygwin)
    • Install Passlib library following instructions at http://packages.python.org/passlib/install.html
    • start Python: python
    • Calculate the SHA256 hash of the word Password:

      >>> from passlib.hash import sha256_crypt
      >>> hash = sha256_crypt.encrypt("password")
      >>> hash
      '$5$rounds=80000$9GPMLb8EE.1QFrUk$Y0XQiZRKMhOrB2GcfCeWREG.x3jCfa5pbmxSO/hjCE3'
      >>> sha256_crypt.encrypt("password")
      '$5$rounds=80000$9fjOxTQNeyPhsCvp$XmyKju3TfWUEPXGPXMZ6sIPcv26Uok7NLPyZhx5g7R9'
      >>> sha256_crypt.encrypt("password", rounds=12345)
      '$5$rounds=12345$Kk9DTJPMRyxGFB3q$7tdzdJXq4YRu7ms6PGo7zTlOHVwYOQO1aUeUsZ3Mrl5'
      >>> sha256_crypt.verify("password", hash)
      True
      >>> sha256_crypt.verify("letmeinplz", hash)
      False
        

    • Generating BouncyCastle SHA1-512 hashes for use in Atlassian JIRA:

      >>> from passlib.hash import atlassian_pbkdf2_sha1
      >>> atlassian_pbkdf2_sha1.encrypt("password")
      '{PKCS5S2}fU8ppRTCuJeS8n7PGYOQMhVqZ4hUidTIiWI4K8R8IBOXm/lYywaouSLtvlTeTr3V'
      >>> atlassian_pbkdf2_sha1.encrypt("password")
      '{PKCS5S2}+X+PMcYYAwBAKIWwFsJY639EipU1NXJfc1jKC5VYHZV7zoDI4zTEpKO4xZQoegg1'
      >>> atlassian_pbkdf2_sha1.encrypt("password")
      '{PKCS5S2}1Nq7N2YM4ZyTstZaSynlnGGh2rgAG+b7SB+9xreszUhrE39BnfwNg2RGm6tqvDg2'
      >>> atlassian_pbkdf2_sha1.encrypt("password")
      '{PKCS5S2}bu1dK0WotXYuBaB0bo2RslxMAp4JawLofUFw4S5fZdAtfsm3Ats6kO6j5NaHZCdt'
      >>> atlassian_pbkdf2_sha1.encrypt("password")
      '{PKCS5S2}z/mfc47xvjcm5Ny7dw7BeExB68Oc4XiTJvUS5HRAadKr4/Aomn1WOMMrMWtikUPK'
        

    • Supported hashing algorithms:
      • Archaic Unix Schemes:
        • passlib.hash.des_crypt – DES Crypt
        • passlib.hash.bsdi_crypt – BSDi Crypt
        • passlib.hash.bigcrypt – BigCrypt
        • passlib.hash.crypt16 – Crypt16
      • Standard Unix Schemes:
        • passlib.hash.md5_crypt – MD5 Crypt
        • passlib.hash.bcrypt – BCrypt
        • passlib.hash.sha1_crypt – SHA-1 Crypt
        • passlib.hash.sun_md5_crypt – Sun MD5 Crypt
        • passlib.hash.sha256_crypt – SHA-256 Crypt
        • passlib.hash.sha512_crypt – SHA-512 Crypt
      • Other Modular Crypt Schemes:
        • passlib.hash.apr_md5_crypt – Apache’s MD5-Crypt variant
        • passlib.hash.phpass – PHPass’ Portable Hash
        • passlib.hash.pbkdf2_digest – Generic PBKDF2 Hashes
        • passlib.hash.cta_pbkdf2_sha1 – Cryptacular’s PBKDF2 hash
        • passlib.hash.dlitz_pbkdf2_sha1 – Dwayne Litzenberger’s PBKDF2 hash
        • passlib.hash.scram – SCRAM Hash
        • passlib.hash.bsd_nthash – FreeBSD’s MCF-compatible nthash encoding
        • passlib.hash.unix_disabled – Unix Disabled Account Helper
      • Standard LDAP (RFC2307) Schemes:
        • passlib.hash.ldap_md5 – MD5 digest
        • passlib.hash.ldap_sha1 – SHA1 digest
        • passlib.hash.ldap_salted_md5 – salted MD5 digest
        • passlib.hash.ldap_salted_sha1 – salted SHA1 digest
        • passlib.hash.ldap_crypt – LDAP crypt() Wrappers
        • passlib.hash.ldap_plaintext – LDAP-Aware Plaintext Handler
      • Non-Standard LDAP Schemes:
        • passlib.hash.ldap_hex_md5 – Hex-encoded MD5 Digest
        • passlib.hash.ldap_hex_sha1 – Hex-encoded SHA1 Digest
        • passlib.hash.ldap_pbkdf2_digest – Generic PBKDF2 Hashes
        • passlib.hash.atlassian_pbkdf2_sha1 – Atlassian’s PBKDF2-based Hash
        • passlib.hash.fshp – Fairly Secure Hashed Password
        • passlib.hash.roundup_plaintext – Roundup-specific LDAP Plaintext Handler
      • SQL Database Hashes:
        • passlib.hash.mssql2000 – MS SQL 2000 password hash
        • passlib.hash.mssql2005 – MS SQL 2005 password hash
        • passlib.hash.mysql323 – MySQL 3.2.3 password hash
        • passlib.hash.mysql41 – MySQL 4.1 password hash
        • passlib.hash.postgres_md5 – PostgreSQL MD5 password hash
        • passlib.hash.oracle10 – Oracle 10g password hash
        • passlib.hash.oracle11 – Oracle 11g password hash
      • MS Windows Hashes:
        • passlib.hash.lmhash – LanManager Hash
        • passlib.hash.nthash – Windows’ NT-HASH
        • passlib.hash.msdcc – Windows’ Domain Cached Credentials
        • passlib.hash.msdcc2 – Windows’ Domain Cached Credentials v2
      • Other Hashes:
        • passlib.hash.cisco_pix – Cisco PIX hash
        • passlib.hash.cisco_type7 – Cisco “Type 7” hash
        • passlib.hash.django_digest – Django-specific Hashes
        • passlib.hash.grub_pbkdf2_sha512 – Grub’s PBKDF2 Hash
        • passlib.hash.hex_digest – Generic Hexdecimal Digests
        • passlib.hash.plaintext – Plaintext
      • Cisco “Type 5” hashes

Passphrase Hashes

Articles


Passwords related postings at this blog:

Blog at WordPress.com.