Lab - Encrypting and Decrypting Data using a Hacker Tool
Objectives
Part 1: Create and Encrypt Files
Part 2: Recover Encrypted Zip File Passwords
Background / Scenario
What if you work for a large corporation that had a corporate policy regarding removable media? Specifically,
it states that only encrypted zipped documents can be copied to portable USB flash drives.
In this scenario, the Chief Financial Officer (CFO) is out-of-town on business and has contacted you in a
panic with an emergency request for help. While out-of-town on business, he attempted to unzip important
documents from an encrypted zip file on a USB drive. However, the password provided to open the zip file is
invalid. The CFO contacted you to see if there was anything you could to do.
Note: The provided scenario is simple and only serves as an example.
There may some tools available to recover lost passwords. This is especially true in situations such as this
where the cybersecurity analyst could acquire pertinent information from the CFO. The pertinent information
could be the length of the password and an idea of what it could be. Knowing pertinent information
dramatically helps when attempting to recover passwords.
Examples of password recovery utilities and programs include hashcat, John the Ripper, Lophtcrack, and
others. In our scenario, we will use fcrackzip which is a simple Linux utility to recover the passwords of
encrypted zip files.
Consider that these same tools can be used by cybercriminals to discover unknown passwords. Although
they would not have access to some pertinent information, with time, it is possible to discover passwords to
open encrypted zip files. The amount of time required depends on the password strength and the password
length. Longer and more complex passwords (mix of different types of characters) are more secure.
In this lab, you will:
• Create and encrypt sample text files.
• Decrypt the encrypted zip file.
Note: This lab should be used for instructional purposes only. The methods presented here should NOT be
used to secure truly sensitive data.
Required Resources
Security Workstation virtual machine
Instructions
Part 1: Create and Encrypt Files
In this part, you will create a few text files that will be used to created encrypted zip files in the next step.
Step 1: Create text files.
a. Start the Security Workstation VM and log in with username sec_admin and password net_secPW.
© 2017 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 8 www.netacad.com
�Lab - Encrypting and Decrypting Data using a Hacker Tool
b. Open a terminal window. Verify that you are in the sec_admin home directory. Otherwise, enter cd ~ at
the terminal prompt.
c. Create a new folder called Zip-Files using the mkdir Zip-Files command.
d. Move into that directory using the cd Zip-Files command.
e. Enter the following to create three text files.
[sec_admin@secOps Zip-Files]$ echo This is a sample text file > sample-1.txt
[sec_admin@secOps Zip-Files]$ echo This is a sample text file > sample-2.txt
[sec_admin@secOps Zip-Files]$ echo This is a sample text file > sample-3.txt
f. Verify that the files have been created, using the ls command.
[sec_admin@secOps Zip-Files]$ ls -l
total 12
-rw-r--r-- 1 sec_admin sec_admin 27 May 13 10:58 sample-1.txt
-rw-r--r-- 1 sec_admin sec_admin 27 May 13 10:58 sample-2.txt
-rw-r--r-- 1 sec_admin sec_admin 27 May 13 10:58 sample-3.txt
Step 2: Zip and encrypt the text files.
Next, we will create several encrypted zipped files using varying password lengths. To do so, all three text
files will be encrypted using the zip utility.
a. Create an encrypted zip file called file-1.zip containing the three text files using the following command:
[sec_admin@secOps Zip-Files]$ zip –e file-1.zip sample*
b. When prompted for a password, enter a one-character password of your choice. In the example, the letter
B was entered. Enter the same letter when prompted to verify.
[sec_admin@secOps Zip-Files]$ zip -e file-1.zip sample-*
Enter password:
Verify password:
adding: sample-1.txt (stored 0%)
adding: sample-2.txt (stored 0%)
adding: sample-3.txt (stored 0%)
c. Repeat the procedure to create the following 4 other files
• file-2.zip using a 2-character password of your choice. In our example, we used R2.
• file-3.zip using a 3-character password of your choice. In our example, we used 0B1.
© 2017 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 2 of 8 www.netacad.com
�Lab - Encrypting and Decrypting Data using a Hacker Tool
• file-4.zip using a 4-character password of your choice. In our example, we used Y0Da.
• file-5.zip using a 5-character password of your choice. In our example, we used C-3P0.
d. Verify that all zipped files have been created using the ls -l f* command.
[sec_admin@secOps Zip-Files]$ ls -l f*
-rw-r--r-- 1 sec_admin sec_admin 643 May 13 11:01 file-1.zip
-rw-r--r-- 1 sec_admin sec_admin 643 May 13 11:02 file-2.zip
-rw-r--r-- 1 sec_admin sec_admin 643 May 13 11:03 file-3.zip
-rw-r--r-- 1 sec_admin sec_admin 643 May 13 11:03 file-4.zip
-rw-r--r-- 1 sec_admin sec_admin 643 May 13 11:03 file-5.zip
e. Attempt to open a zip using an incorrect password as shown.
[sec_admin@secOps Zip-Files]$ unzip file-1.zip
Archive: file-1.zip
[file-1.zip] sample-1.txt password:
password incorrect--reenter:
password incorrect--reenter:
skipping: sample-1.txt incorrect password
[file-1.zip] sample-2.txt password:
password incorrect--reenter:
password incorrect--reenter:
skipping: sample-2.txt incorrect password
[file-1.zip] sample-3.txt password:
password incorrect--reenter:
password incorrect--reenter:
skipping: sample-3.txt incorrect password
© 2017 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 3 of 8 www.netacad.com
�Lab - Encrypting and Decrypting Data using a Hacker Tool
Part 2: Recover Encrypted Zip File Passwords
In this part, you will use the fcrackzip utility to recover lost passwords from encrypted zipped files. Fcrackzip
searches each zip file given for encrypted files and tries to guess the password using brute-force methods.
The reason we created zip files with varying password lengths was to see if password length influences the
time it takes to discover a password.
Step 1: Introduction to fcrackzip
From the terminal window, enter the fcrackzip –h command to see the associated command options.
In our examples, we will be using the –v, -u, and -l command options. The -l option will be listed last because
it specifies the possible password length. Feel free to experiment with other options.
© 2017 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 4 of 8 www.netacad.com
�Lab - Encrypting and Decrypting Data using a Hacker Tool
Step 2: Recovering Passwords using fcrackzip
a. Now attempt to recover the password of the file-1.zip file. Recall, that a one-character password was
used to encrypt the file. Therefore, use the following fcrackzip command:
[sec_admin@secOps Zip-Files]$ fcrackzip -vul 1-4 file-1.zip
found file 'sample-1.txt', (size cp/uc 39/ 27, flags 9, chk 5754)
found file 'sample-2.txt', (size cp/uc 39/ 27, flags 9, chk 5756)
found file 'sample-3.txt', (size cp/uc 39/ 27, flags 9, chk 5757)
PASSWORD FOUND!!!!: pw == B
Note: The password length could have been set to less than 1 – 4 characters.
Question:
How long does it take to discover the password?
It takes less than a second.
b. Now attempt to recover the password of the file-2.zip file. Recall, that a two-character password was
used to encrypt the file. Therefore, use the following fcrackzip command:
[sec_admin@secOps Zip-Files]$ fcrackzip –vul 1-4 file-2.zip
found file 'sample-1.txt', (size cp/uc 39/ 27, flags 9, chk 5754)
found file 'sample-2.txt', (size cp/uc 39/ 27, flags 9, chk 5756)
found file 'sample-3.txt', (size cp/uc 39/ 27, flags 9, chk 5757)
PASSWORD FOUND!!!!: pw == R2
Question:
How long does it take to discover the password?
It takes less than a second.
© 2017 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 5 of 8 www.netacad.com
�Lab - Encrypting and Decrypting Data using a Hacker Tool
c. Repeat the procedure and recover the password of the file-3.zip file. Recall, that a three-character
password was used to encrypt the file. Time to see how long it takes to discover a 3-letter password. Use
the following fcrackzip command:
[sec_admin@secOps Zip-Files]$ fcrackzip –vul 1-4 file-3.zip
found file 'sample-1.txt', (size cp/uc 39/ 27, flags 9, chk 5754)
found file 'sample-2.txt', (size cp/uc 39/ 27, flags 9, chk 5756)
found file 'sample-3.txt', (size cp/uc 39/ 27, flags 9, chk 5757)
PASSWORD FOUND!!!!: pw == 0B1
Question:
How long does it take to discover the password?
About a second
d. How long does it take to crack a password of four characters? Repeat the procedure and recover the
password of the file-4.zip file. Time to see how long it takes to discover the password using the following
fcrackzip command:
[sec_admin@secOps Zip-Files]$ fcrackzip –vul 1-4 file-4.zip
found file 'sample-1.txt', (size cp/uc 39/ 27, flags 9, chk 5754)
found file 'sample-2.txt', (size cp/uc 39/ 27, flags 9, chk 5756)
found file 'sample-3.txt', (size cp/uc 39/ 27, flags 9, chk 5757)
checking pw X9M~
PASSWORD FOUND!!!!: pw == Y0Da
Question:
How long does it take to discover the password?
A few seconds
e. How long does it take to crack a password of five characters? Repeat the procedure and recover the
password of the file-5.zip file. The password length is five characters, so we need to set the -l command
option to 1-5. Again, time to see how long it takes to discover the password using the following fcrackzip
command:
© 2017 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 6 of 8 www.netacad.com
�Lab - Encrypting and Decrypting Data using a Hacker Tool
[sec_admin@secOps Zip-Files]$ fcrackzip –vul 1-5 file-5.zip
found file 'sample-1.txt', (size cp/uc 39/ 27, flags 9, chk 5754)
found file 'sample-2.txt', (size cp/uc 39/ 27, flags 9, chk 5756)
found file 'sample-3.txt', (size cp/uc 39/ 27, flags 9, chk 5757)
checking pw C-H*~
PASSWORD FOUND!!!!: pw == C-3P0
Question:
How long does it take to discover the password?
f. Recover a 6-Character Password using fcrackzip
It appears that longer passwords take more time to discover and therefore, they are more secure.
However, a 6-character password would not deter a cybercriminal.
Question:
To answer that question, create a file called file-6.zip using a 6-character password of your choice. In our
example, we used JarJar.
[sec_admin@secOps Zip-Files]$ zip –e file-6.zip sample*
g. Repeat the procedure to recover the password of the file-6.zip file using the following fcrackzip
command:
[sec_admin@secOps Zip-Files]$ fcrackzip –vul 1-6 file-6.zip
Question:
How long does it take fcrackzip to discover the password?
Type your answers here.
The simple truth is that longer passwords are more secure because they take longer to discover.
Question:
How long would you recommend a password needs to be for it to be secure?
Answers will vary depending on platform and actual password used but it will take much longer (hours).
© 2017 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 7 of 8 www.netacad.com
�Lab - Encrypting and Decrypting Data using a Hacker Tool
End of document
© 2017 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 8 of 8 www.netacad.com
�Lab - Encrypting and Decrypting Data Using OpenSSL
Objectives
Part 1: Encrypting Messages with OpenSSL
Part 2: Decrypting Messages with OpenSSL
Background / Scenario
OpenSSL is an open-source project that provides a robust, commercial-grade, and full-featured toolkit for the
Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose
cryptography library. In this lab, you will use OpenSSL to encrypt and decrypt text messages.
Note: While OpenSSL is the de facto cryptography library today, the use presented in this lab is NOT
recommended for robust protection. Below are two security problems with this lab:
1) The method described in this lab uses a weak key derivation function. The ONLY security is
introduced by a very strong password.
2) The method described in this lab does not guarantee the integrity of the text file.
This lab should be used for instructional purposes only. The methods presented here should NOT be used to
secure truly sensitive data.
Required Resources
Security Workstation virtual machine
Instructions
Part 1: Encrypting Messages with OpenSSL
OpenSSL can be used as a standalone tool for encryption. While many encryption algorithms can be used,
this lab focuses on AES. To use AES to encrypt a text file directly from the command line using OpenSSL,
follow the steps below:
Step 1: Encrypting a Text File.
a. Start the Security Workstation VM and log in with username sec_admin and password net_secPW.
b. Open a terminal window.
c. Because the text file to be encrypted is in the /home/sec_admin/lab.support.files/ directory, change to
that directory:
[sec_admin@secOps ~]$ cd /home/sec_admin/lab.support.files/
[sec_admin@secOps lab.support.files]$
d. Type the command below to list the contents of the encrypted letter_to_grandma.txt text file on the
screen:
[sec_admin@secOps lab.support.files]$ cat letter_to_grandma.txt
Hi Grandma,
I am writing this letter to thank you for the chocolate chip cookies you sent
me. I got them this morning and I have already eaten half of the box! They
are absolutely delicious!
© 2017 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 4 www.netacad.com
�Lab - Encrypting and Decrypting Data Using OpenSSL
I wish you all the best. Love,
Your cookie-eater grandchild.
[sec_admin@secOps lab.support.files]$
e. From the same terminal window, issue the command below to encrypt the text file. The command will use
AES-256 to encrypt the text file and save the encrypted version as message.enc. OpenSSL will ask for a
password and for password confirmation. Provide the password as requested and be sure to remember
the password.
[sec_admin@secOps lab.support.files]$ openssl aes-256-cbc -in
letter_to_grandma.txt -out message.enc
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:
[sec_admin@secOps lab.support.files]$
Question:
Document the password.
´
encriptacioncj
f. When the process is finished, use the cat command again to display the contents of the message.enc
file.
[sec_admin@secOps lab.support.files]$ cat message.enc
Question:
Did the contents of the message.enc file display correctly? What does it look like? Explain.
No. The file seems broken as just symbols are displayed. The symbols are shown because OpenSSL has
generated a binary file.
© 2017 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 2 of 4 www.netacad.com
�Lab - Encrypting and Decrypting Data Using OpenSSL
Type your answers here.
g. To make the file readable, run the OpenSSL command again, but this time add the -a option. The -a
option tells OpenSSL to encode the encrypted message using a different encoding method of Base64
before storing the results in a file.
Note: Base64 is a group of similar binary-to-text encoding schemes used to represent binary data in an
ASCII string format.
[sec_admin@secOps lab.support.files]$ openssl aes-256-cbc -a -in
letter_to_grandma.txt -out message.enc
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:
h. Once again, use the cat command to display the contents of the, now re-generated, message.enc file:
Note: The contents of message.enc will vary.
[sec_admin@secOps lab.support.files]$ cat message.enc
U2FsdGVkX19ApWyrn8RD5zNp0RPCuMGZ98wDc26u/vmj1zyDXobGQhm/dDRZasG7
rfnth5Q8NHValEw8vipKGM66dNFyyr9/hJUzCoqhFpRHgNn+Xs5+TOtz/QCPN1bi
08LGTSzOpfkg76XDCk8uPy1hl/+Ng92sM5rgMzLXfEXtaYe5UgwOD42U/U6q73pj
a1ksQrTWsv5mtN7y6mh02Wobo3A1ooHrM7niOwK1a3YKrSp+ZhYzVTrtksWDl6Ci
XMufkv+FOGn+SoEEuh7l4fk0LIPEfGsExVFB4TGdTiZQApRw74rTAZaE/dopaJn0
sJmR3+3C+dmgzZIKEHWsJ2pgLvj2Sme79J/XxwQVNpw=
[sec_admin@secOps lab.support.files]$
Questions:
Is message.enc displayed correctly now? Explain.
Yes. While message.enc is encrypted, it is now correctly displayed because it has been converted from
binary to text and encoded with Base64.Ty
Can you think of a benefit of having message.enc Base64-encoded?
The encrypted message can now be copied and pasted in an email message
© 2017 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 3 of 4 www.netacad.com
�Lab - Encrypting and Decrypting Data Using OpenSSL
Type your answers here.
Part 2: Decrypting Messages with OpenSSL
With a similar OpenSSL command, it is possible to decrypt message.enc.
a. Use the command below to decrypt message.enc:
[sec_admin@secOps lab.support.files]$ openssl aes-256-cbc –a -d -in
message.enc -out decrypted_letter.txt
b. OpenSSL will ask for the password used to encrypt the file. Enter the same password again.
c. When OpenSSL finishes decrypting the message.enc file, it saves the decrypted message in a text file
called decrypted_letter.txt. Use the cat display the contents of decrypted_letter.txt:
[sec_admin@secOps lab.support.files]$ cat decrypted_letter.txt
Questions:
Was the letter decrypted correctly?
Yes, the letter was decrypted correctly.
The command used to decrypt also contains -a option. Can you explain?
Because message.enc was Base64 encoded after the encryption process took place, message.enc must be
Base64 decoded before OpenSSL can decrypt it.
Type your answers here.
End of document
© 2017 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 4 of 4 www.netacad.com
