CEH Lab M anual

C ry p to g ra p h y
M o d u le

1 9


Module 19 - Cryptography

Cryptography
Cryptography is the study and art of hiding information in human unreadable
format.
I CON KEY
Valuable
inform ation
Test your

**

W eb exercise

m

W orkbook re\

Lab Scenario
The ability to protect and secure inform ation is vital to the growth ot electronic
commerce and to the growth o f the Internet itself. Many people need or want
to use communications and data security 111 different areas. Encrypting the data
plays a major role 111 security. For example, banks use encryption methods

around the world to process financial transactions. This involves the transfer of
large amounts o f money from one bank to another. Banks also use encryption
methods to protect their customers ID numbers at bank autom ated teller
machines. There are many companies and even shopping malls selling any dung
from flowers to bottles o f wines over the Internet and these transactions are
made by the use o f credit cards and secure Internet browsers, including
encryption techniques. Customers using the Internet would like to know the
connection is secure when sending their credit card inform ation and other
financial details related to them over a multi-national environm ent Tins will
only work with the use o f strong and unforgeable encryption methods. Since
you are an expert ethical hacker and penetration tester, your IT director will
instruct you to encrypt data using various encrypting algorithms 111 order to
secure the organization’s information.

Lab Objectives
Tins lab will show you how to encrypt data and how to use it. It will teach you
how to:
■

Use encrypting/decrypting commands

■

Generate hashes and checksum files

Lab Environment
& Tools
dem onstrated in
this lab are
available in

D:\CEHTools\CEHv8
Module 19
Cryptography

To earn‫ ־‬out die lab, you need:
■

A computer nuuiing Window Server 2012

■

A web browser with Internet access

Lab Duration
Time: 50 Minutes

Overview of Cryptography
Cryptography is the practice and study o f hiding information. Modern cryptography
intersects the disciplines of mathematics, computer science, and electrical
engineering.
C E H L ab M an u al P ag e 915

E th ical H a ck in g a nd C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.


Module 19 - Cryptography

Cryptology prior to the modern age was almost synonymous with encryption, die
conversion of information from a readable state to one apparently without sense.


Lab Tasks
Overview

Recommended labs to assist you 111 Cryptography:
■ Basic Data Encrypting Using HashCalc
■ Basic Data Encrypting Using MD5 Calculator
■ Basic Data Encrypting Using A dvance Encryption P ack age
■ Basic Data Encrypting Using TrueCrypt
■ Basic Data Encrypting Using CrypTool
■

Encrypting and Decrypting the Data Using BCTextEncoder

■

Basic Data Encrypting Using Rohos Disk Encryption

Lab Analysis
Analyze and document the results related to the lab exercise. Give your opinion on
your target’s security posture and exposure.

P L E A S E TA LK T O Y O U R I N S T R U C T O R IF YOU H A V E
R E L A T E D T O T H I S LAB.

C E H L ab M an u al Page 916

QUESTIONS

E th ical H a ck in g a nd C o untenneasures Copyright © by EC-Council

All Rights Reserved. Reproduction is Stricdy Prohibited.


Module 19 - Cryptography

Lab

Basic Data Encrypting Using
HashCalc
HashCalc enablesyou to compute multiple hashes, checksums, and HMACs for
files, text, and hex strings. It supports MD2, MD4, AIDS, SH A1, SH A2
(SHA256, SH.4J84, SHA512), RIPEMD160, PANAM A, TIGER,
CRCJ2, AD LERJ2, and the hash used in eDonhy and eMn/e tools.
I CON KEY
/ Valuable
inform ation
.v* Test your
_____knowledge_______
^

W eb exercise

£ Q W orkbook review

Lab Scenario
Laptops are highly susceptible to theft and frequently contain valuable data.
Boot disk encryption requires a key in order to start the operating system and
access the storage media. Disk encryption encrypts all data 011 a system,
including tiles, folders, and the operating system. Tins is m ost appropriate when
the physical security o f the system is not assured. Examples include traveling

laptops 01‫ ־‬desktops that are not 111 a physically secured area. W hen properly
implemented, encryption provides an enhanced level o f assurance to the data,
while encrypted, cannot be viewed 01‫ ־‬otherwise discovered by unauthorized
parties 111 the event o f theft, loss, 01‫ ־‬interception. 111 order to be an expert
ethical hacker and penetration tester, you m ust understand data encryption
using encrypting algorithms.

Lab Objectives
This lab will show you how to encrypt data and how to use it. It will teach you
how to:
H Tools
dem onstrated in
this lab are
available in
D:\CEHTools\CEHv8
Module 19
Cryptography

C E H L ab M an u al Page 917

■

Use encrypting/decrypting command

■

Generate hashes and checksum files

Lab Environment
To carry out the lab, you need:

‫י‬

H ashCalc located at D:\CEH-T00ls\CEHv8 Module 19
Cryptography\MD5 Hash Calculators\H ashCalc

E th ical H a ck in g a nd C ountem ieasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.


Module 19 - Cryptography

■
■

You can also download the latest version o f HashCalc from the link
h ttp :/ Avww.slavasott.com/hashcalc/
If you decide to download the la te st version, then screenshots shown
the lab might differ

111

■

Follow the wizard driven installation instructions

■

Run tins tool

■


Administrative privileges to run tools

111

W indows Server 2012

Lab Duration
Time: 10 Minutes

Overview of Hash
HashCalc is a fast and easy-to-use calculator that allows computing message
d igests, checksum s, and HMACs for files, as well as for text and hex strings. It
offers a choice o f 13 o f the most popular hash and checksum algontlnns for
calculations.

3

TASK 1

Calculate the
Hash

Lab Tasks
1. Launch the Start m enu by hovering the mouse cursor on the lower-left
corner o f the desktop.

■3 Windows Server 2012

c a You can also

download HashCalc from


WindowsServer2012ReviseQnflidauC0t»cEvaluatorcop;.9u!dM
OC

**I
i v n i ^

FIGURE 1.1: Windows Server2012—Desktopview
2.

C E H L ab M anual Page 918

Click the H ashCalc app to open the HashCalc window.

E th ical H a ck in g a nd C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.


Module 19 - Cryptography

S ta rt

Windows
PowerS hell

Server
Manager

Fa
Computer

Hyper-V
Manager

Google
Chrome

m

<9

‫וי‬

Control
Panel

Hypef-V
Virtual
Machine...

SQL Server
Installation
Center...

Worlcspace
Studio

Mozilla
Firefox

V

¥

Command
Prompt

& HashCalc simple
dialog-si2e interface
dispenses with glitz to
plainlylist input and
results.

e
Inlrmr* i*pl

nm F‫־‬

5

<©

Nmap
Zenmap
GUI

HashCalc

O

O '* ,

₪
FIGURE 1.2:Windows Server2012—Apps

3. The main window ot HashCalc appears as shown
figure.
4.

111

the following

From the Data Format drop-down list, select File.
H

HashCalc

Data Format:

Data:
1

-1

Key Format:

r

HMAC

Key:

| Text string

W MD5
r

MD4

lv SHA1

r
r

SHA256

r

SHA512

SHA384

I* RIPEMD160
r

m Hash algorithms

support diree input data
formats: file, text string,
and hexadecimal string.

PANAMA

r

TIGER

r
r

MD2
AD LER 32

17 CRC32
‫ —ן‬eDortkey/
eMule

S la v a S o ft

1‫־‬
| Calculate |

Close

1

Help

1

FIGURE 1.3: HashCalc mainwindow
5.

Enter/B row se the data to calculate.

6.

Choose the appropriate Hash algorithm s and check the check boxes.

7. Now% click C alculate.

C E H L ab M anual Page 919

E th ical H a ck in g a nd C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.


Module 19 - Cryptography

HashCalc
Data Format:

IS

Data:

H I|C:\Pf0 gtam Files (x86l\HashCalc\HashCalc.exe
Key Foirnat:

r

HMAC

R

MD5

r

MD4

e922301da3512247ab71407096ab7810

W SHA1

‫ ט‬HashCalc is used to
generate cryptingtext.

Key_____________________________

IT ext shing ‫|•״‬

67559307995703808ed2f6n723e00556dbb0e01

r

SHA256

r

SHA384

r

SHA512

I? RIPEMD160 a751 ce46a02b73b792564Gcb0ccf810bc00dd6b4
T

PANAMA

r
r
r

TIGER
MD2
ADLER32

W CRC32
‫ —ן‬eDonkey/
eMule

S la v a S o ft.

Calculate ~|

Help

FIGURE 1.4: Hashisgeneratedfor chosenhashstring

Lab Analysis
Document all Hash, MD5, and CRC values for furtlier reference.

P L E A S E TALK T O Y O U R I N S T R U C T O R IF YOU H A V E
R E L A T E D T O T H I S LAB.

T o o l/U tility

QUESTIONS

In fo rm atio n C o lle c te d /O b je c tiv e s A chieved
O u tp u t: Generated Hashes for

H a sh C a lc

‫י‬
‫י‬
‫י‬
‫י‬

MD5
SHA1
RIPEAID160
CEC32

Questions
1. Determ ine how to calculate multiple checksums simultaneously.
C E H L ab M anual Page 920

E th ical H a ck in g a nd C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.


Module 19 - Cryptography

In te rn e t C o n n ectio n R eq u ired
□ Yes

0 No

P latform S upported
0 C lassroom

C E H L ab M an u al Page 921

0 !Labs

E th ical H a ck in g a nd C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.


Module 19 - Cryptography

Basic Data Encrypting Using MD5
Calculator

MD5 Calculator is a simple application that calculates the AIDS hash of a
givenfile. It can be used with bigfiles (some GB). It features a progress counter
and a text field from which the final AID ‫ כ‬hash can be easily copied to the
clipboard.

■con key ‫ ־־‬Lab Scenario
£__ Valuable
inform ation
T est your
knowledge
—

W eb exercise

m

W orkbook review

There has been a need to protect information from “prying eyes.” 111 the
electronic age, inform ation that could otherwise benefit or educate a group or
individual can also be used against such groups or individuals. Industrial
espionage among highly competitive businesses often requires that extensive
security measures be put into place. And, those w ho wish to exercise then‫־‬
personal freedom, outside o f the oppressive nature o f governments, may also
wish to encrypt certain inform ation to avoid suffering the penalties o f going
against the wishes o f those who attem pt to control. Still, the m ethod ol data
encryption and decryption are relatively straightforward; encryption algorithms
are used to encrypt the data and it stores system information files on the
system, safe from prying eyes. 111 order to be an expert ethical hacker and
penetration tester, you m ust understand data encryption using encrypting

algorithms.

Lab Objectives
H Tools
dem onstrated in
this lab are
available in
D:\CEHTools\CEHv8
Module 19
Cryptography

C E H L ab M an u al Page 922

Tins lab will give you experience on encrypting data and show you how to do it.
It will teach you how to:
■

Use encrypting/decrypting commands

■

Calculate the MD5 value o f the selected file

Lab Environment
To earn* out the lab, you need:

E th ical H a ck in g a nd C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 19 - Cryptography

■

MD5 Calculator located at D:\CEH-Tools\CEHv8Module19
Cryptography\MD5 Hash Calculators\MD5 Calculator

■

You can also download the latest version o f MD5 Calculator from the
link http: / / www.bullzip.com / products/ md5 / m fo.php

■

If you decide to download the la te st version, then screenshots shown
the lab might differ

111

■

Follow the wizard driven installation instructions

■

Run this tool

■

Administrative privileges to run tools

111

W indows Server 2012

Lab Duration
Tune: 10 Minutes

Overview of MD5 Calculator
MD5 Calculator is a bare-bones program for calculating and comparing MD5
tiles. While its layout leaves some dung to be desired, its results are tast and simple.
TASK 1
Calculate MD5
Checksum

Lab Tasks
1.

To find MD5 Hash o f any file, right-click the file and select MD5
Calculator from the context menu.

||
IL&

mw

nd5calc(
.0).ms

In s ta ll

R e p a ir

0

U n in s t a ll
C m d H e re
M D 5 C a l c u la t o r
T r o u b le s h o o t c o m p a t ib ilit y
O p e n w ith

►

S h a re w ith

►

A d d t o a r c h iv e ...
A d d t o " m d 5 c a lc ( 1 . 0 .0 .0 ) .r a r "
C o m p r e s s a n d e m a il.. .

m MD5 checksumis
used to generate MD5
hash.

§

C o m p r e s s t o " m d 5 c a lc ( 1 . 0 . 0 . 0 ) . r a r " a n d e m a il
R e s to r e p r e v io u s v e r s io n s
S end to

*

C ut
C opy
C re a te s h o r tc u t
D e le te
R enam e
P r o p e r tie s

FIGURE 2.1: MD5 option in contest menu
2.

C E H L ab M anual Page 923

MD5 Calculator shows the MD5 digest o f the selected file.

E th ical H a ck in g a nd C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.


Module 19 - Cryptography

Note: Alternatively, you can browse any file to calculate the MD5 hash and click
the C alculate button to calculate die MD5 hash o f the file.

MD5 Calculator

B|C:\Llsers'.Administrator\DesktopVnd5calcl'1.0.0.0).i

MD5 hash (or

checksum) functions as a
compact digital fingerprint
of a file.

B

’ %

“

■ ‫־‬.‫■־■׳‬-

■~ •

r

x

'‫־‬
Calculate

MD5 Digest

J

Compare To

19434b8108cdecab051867717cc58dbdf

1

‫ו‬

11

I I Uppercase
Exit

FIGURE 2.2: MD5 is generate for the chosen file

Lab Analysis
Analyze and document die results related to die lab exercise.

P L E A S E TA LK T O Y O U R I N S T R U C T O R IF YOU H A V E
R E L A T E D T O T H IS LAB.

T o o l/U tility
M D 5 C alculator

QUESTIONS

In fo rm atio n C o lle c te d /O b je c tiv e s A chieved
O u tp u t: MD5 Hashes for selected software

Questions
1. W hat are the alternatives to the AIDS sum calculator?
2.

C E H L ab M anual Page 924

Is the j\ID 5 (Message-Digest algorithm 5) calculator a widely used
cryptographic hash function with a 128-bit hash value?

E th ical H a ck in g a nd C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.


Module 19 - Cryptography

In te rn e t C o n n ectio n R eq u ired
□

Y es

0 No

P latform S upported
0 !Labs

C E H L ab M an u al Page 925

E th ical H a ck in g a nd C o untenneasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.


Module 19 - Cryptography

3

Basic Data Encrypting Using

Advanced Encryption Package
Advanced Encryption Package is most noteworthyfor itsflexibility; not only can
yon encryptfilesforyour ownprotection, butyon can easily create "selfdecrypting'
versions of your files that others can run without needing this or any other
soft!!are.
ICON

KEY

/ Valuable
inform ation
> > T est your
knowledge
—

W eb exercise

m

W orkbook review

Lab Scenario
Data encryption and decryption operations are major security applications to
secure data. M ost systems use block ciphers, such as public AES standard.
However, implementations o f block ciphers such as AES, as well as other
cryptographic algorithms, are subject to side-channel attacks. These attacks
allow adversaries to extract secret keys from devices by passively monitoring
power consumption, other side channels. Countermeasures are required for
applications where side-channel attacks are a threat. These include several
military and aerospace applications where program information, classified data,

algorithms, and secret keys reside on assets that may not always be physically
protected. 111 order to be an expert ethical hacker and penetration tester, you
m ust understand data encrypted over files.

Lab Objectives
Tins lab will give you experience on encrypting data and show you how to do it.
It will teach you how to:
H Tools
dem onstrated in
this lab are
available in
D:\CEHTools\CEHv8
Module 19
Cryptography

C E H L ab M an u al Page 926

■

Use encrypting/decrypting commands

■

Calculate the encrypted value o f the selected file

Lab Environment
To carry out the lab, you need:
”

Advanced Encryption P ack age located at D:\CEH-Tools\CEHv8

Module 19 Cryptography\Cryptography Tools\A dvanced Encryption
P ack age

E th ical H a ck in g a nd C o untenneasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.


M o d u le 1 9 - C r y p to g r a p h y

■ You can also download die latest version of Advanced Encryption
Package from the link p ro/
■

If you decide to download the latest version, then screenshots shown
111 the lab might differ

■ Follow the wizard-driven installation instructions
■ Run tins tool 111 Windows Server 2012
■ Administrative privileges to mil tools

Lab Duration
Time: 10 Minutes

Overview of Advanced Encryption Package
Advanced Encryption Package includes a file shredder diat wipes out die contents
of your onguial tiles. It also integrates nicely widi Windows Explorer, allowing you
to use Explorer's context menus and avoid having another window clutter your
screen.
=

TASK 1

Encrypting a File

Lab Tasks
1. Launch the Start menu by hovering the mouse cursor on the lower-left
corner of the desktop.

■3 Windows Server 2012

m You can also
downloadAdvance
EncryptionPackage from
ureaction.c
ora

mmGJj&l&iJIMl■

Windowsvmir 2 0 3 <‫ ו‬2‫<<א‬1‫ *י‬CarxMaKo*srm.‫׳־‬
Iv»l*4t10r cosy. Build80:‫׳‬

a

FIGURE3.1:Windows Servex2012—Desktopview7
2. Click the Advanced Encryption Package app to open the Advanced
Encryption Package window7.
Administrator £

S ta rt

H/per-V
Manager

Adi/antod
Encryption

o

8h

‫®י‬

Hyp«-V
Virtual

SQL Server
installation

<*rvor
row Sw H

fL

r
Control

S 3

‫*יי—יס‬

S L

V

«?

V

C
ommand
Prompt

Workspace
Studio

Mozilla

E5“

■

«

Nmap •

HashCak

o■

a

FIGURE 3.2:Windows Server 2012- Apps
C E H L a b M a n u a l Page 927

E th ic a l H a c k in g and C ounterm easures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Stricdy Prohibited.


M o d u le 1 9 - C r y p to g r a p h y

3. The Register Advanced Encryption Package 2013 trial period
window appears. Click Try Now!.
A dvan ced E ncryp tion Package 2013 P rofessional
011‫׳‬

R e g is te r A d v a n c e d E n c ry p tio n P ackag e 2 0 1 3
P ro fe s s io n a l n o w
You may use AEP PRO during the trial period. It expires in 30
days. Please click Buy Now! if you would like to continue using it
after that period.
You can order the registered version online. Immediate online
delivery is available from www.aeppro.com

Try Now!

11

Buy Now!

1|~

Activate

]|

Cancel

FIGURE 3.3: ActivationWindow
4. The main window of Advanced Encryption Package appears,
111 the following figure.
Advanced Encwlion Packag2012

‫־‬

v5 67 ■Trial V < *i‫־‬n

show

□

.

Fie E-Mail Options Tools Help

> c:
►a 01

m Advance Encryption
Package is easyto use for
novices.

>2*

Encrypt

j[

SFX

||

ZIP

Delete

||

E-mail

O

Decrypt

Encryption

Mode: Password
<■ 1

|

‫!״‬

I

| | PubkcKey

Password:

□ 0
Again:

Ridde:

Algorithm:
jDESX

[“

128-bit key

v|

Pack file, then crypt

Source Files
r

Delete after encryption
I”

Wes Fiter

Securely delete

Set Output Folder

C Show all files
(• Apply filter...

(• Current folder

[777]

1------------------------------------------- 1
Apply
|

^

Custom:

1

1— 1

Logflmfl:

Encrypt Now!

m AdvancedEncryption

Package is a symmetric-key
encryption comprising
three blockciphers, AES128, AES-192 andAES256.

>

<

FIGURE 3.4:Welcome screenof Advance Encryption Package
5. Select the sample file to encrypt. The file is located D:\CEH-

Tools\CEHv8 Module 19 Cryptography\Cryptography Tools\Advanced
Encryption Package.
6. Click Encrypt. It will ask you to enter the password. Type the password
111 the Password field, and again type the password in the Again field.
7. Click Encrypt Now!.

C E H L a b M a n u a l Page 928

E th ic a l H a c k in g and C ounterm easures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Stricdy Prohibited.


M o d u le 1 9 - C r y p to g r a p h y

-rm m

File E-M
ail Options Tools Help
> fc C :

[_

A r a D:
A ± CEH-Tods
t> M CEHv8 Module 02 Footpmbng and Recormarssance

^
a

Delete
O

CEHv8 Module 05 System Hacking
CBti/8 Module 07 Viruses and Worms
CEHv8 Module 18 Cryptography

t
E:

2

‫־=׳‬

ZIP

1

6 ‫׳ ™־‬

Encryption

| [ Public Key

]

Pwd (6 of 16)

0

►‫״‬

Decrypt

L

Mode: Password

Advance Enayption Package
sppprn.m«i

a

|

SFX

>
CEHv8 Module 03 Scanrmg Networks
t> >) C&tv8 Moduie 04 Enumeration

>

Encrypt

113] Sample File.docx 1
t> M HA4h(JAk
> 2 MO5 Calculator
New folder

E

-

Again:
“ ‫־״״־‬1
Riddle:

Algorithm:
jDESX
r

128 * i t key

v |

Pack fite, then crypt

Source FJes
P

Delete after enayption
■

Files FIter
r

Securely delete

Set Output Folder

(• Current folder

Show all files

(• Apply filter...

‫ם‬

Apply

& Tools
demonstrated in
this lab are
available in
D:\CEHTools\CEHv8
Module 19
Cryptography

FIGURE 3.5: Welcome screen of Advance Encryption Package
The encrypted sample file can be shown 111 the same location of the

original tile, as shown 111 the following tignre.
Advanced Encryption Package 2012 Profession v5 67 • Trial Version

File E-M
ail Options Tools Help
.c:
±
t>
>

>
t>
>
a

CEH-Tools
CEHv8 Module 02 Footprntmg and Recormarssance
CEHv8 Module 03 Scarmng Networks
,. CEHv8 Module 04 Enumeration
j . C&tv8 Modiie 05 System Hadang
J . C&tv8 Module 07 Viruses and Worms
j . CEHv8 Module 18 Cryptography
a J . Advance Encryption Package

0

Encryption

Mode: Password

0 aeppro.msl
gJ*I Sample File.docx
| « 3 Sample File.doot.aep|
> J HashCalc
MD5 Calculator

E E

> J.

PQ: □C
Riddle:

1, New folder

Algorithm:
DESX
I-

128 ■bit key

Pack fie, then crypt

Source Files
P

Delete after encryption
f ” Securely delete

Files Filter

r

Set Output Folder

(• Current folder

Show all files

Q
Apply
Logg^g:
D

D:\CEH-T00ls\CEHv8 Module 18 Cryptography\Advance Enayption PackageV

Sample Fie.docx [18 KB] - > Sample Fie.docx.aep [18 KB]

C E H L a b M a n u a l Page 929

0

Done. Processed 1 files. Succeeded: 1. Failed: 0

0

Processed 18 KB. Average speed: 18 KB/s

* |

a

v I

E th ic a l H a c k in g and C ounterm easures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Stricdy Prohibited.


M o d u le 1 9 - C r y p to g r a p h y

FIGURE 3.6: Encryptingthe selected file
9. To decrypt die tile, first select the encrypted file. Click Decrypt; it will
prompt you to enter the password.
10. Click Decrypt Now!.
Advanced Encryption
rc—
Fie E-M
ai Options lools Help

**

CEH-Tods
CEHv8 Module 02 Footpmting and Recomassance
J4 CEHv8 Module 03 Scamng Networks
,. CEHv8 Module 04 Enumeration

O

,. CEHv8 Module 05 System Hadang
JA CEHv8 Module 07 Viruses and Worms
^ CB‫־‬tv8 Module 18 Cryptography
a ,. Advance Encryption Package

m It creates encrypted
self-extractingfiles to send
as email attachments.

II

Delete

|

ZIP
E-mai

Decryption

Mode: Password
Pnv Key

|

Password:

$

aeppro.msi
3 ) Sample File.docx
|< 3 Sample File.docx.aep |

....1

> ^ HashCaic
> J . MO5 Calculator
1. New folder

□E

Find password on USB Sbck
Source fle(s):

(• Leave it alone
r

Files Fiter
r

Delete

Set Ojtput Folder

(• Current folder

Show afl files

(• Apply filter...

Q

Apply
Logging:

Q

D:VCEH-T00ls'CEHv8 Module 18 CryptographyWivance Encryption PackageV

Sample Ne.docx [18 KB] - > Sample He.docx.aep [18KB]
0

Done. Processed 1 files. Succeeded: 1. Faled: 0

0

Processed 18 KB. Average speed: 18 KB/s

FIGURE 3.7: Decryptingdie selected file

Lab Analysis
Analyze and document the results related to die lab exercise.

P L E A S E

T A L K

T O

Y O U R

I N S T R U C T O R

R E L A T E D

T o o l/U tility
Advance
Encryption

C E H L a b M a n u a l Page 930

T O

T H IS

IF

Y O U

H A V E

Q U E S T IO N S

L A B .

Information C ollected /O b jectives Achieved

Output: Encrypted simple File.docx.ape

E th ic a l H a c k in g and C ounterm easures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Stricdy Prohibited.


M o d u le 1 9 - C r y p to g r a p h y

Package

Questions
1. Which algorithm does Advanced Encryption Package use to protect
sensitive documents?
2. Is there any other way to protect the use of private key tile with a
password?

Internet C onnection Required
□ Yes

0 No

Platform Supported

0 !Labs

C E H L a b M a n u a l Page 931

E th ic a l H a c k in g and C ounterm easures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Stricdy Prohibited.


M o d u le 1 9 - C r y p to g r a p h y

B

a

T

r u

s

i c

e

C

D

r y

a

p

t a

E

n

c

r y

p

t i n

g

U

s i n

g

t

TrueCrypt is a software system for establishing and maintaining an on-thefly
encrypted volume (data storage device). On-thefly encryption means that data is
automatically enaypted or decrypted right before it is loaded or saved, nithout any
user intervention.
I C O N

K E Y

/ V a lu a b le
in f o r m a t io n
>>

Test y o u r
k n o w le d g e

—

W e b e x e rc is e

m

W o r k b o o k r e v ie w

Lab Scenario
CiTx is a billion-doUar company and does not want to take chances 01‫ ־‬risk the
data stored 011 its laptops. These laptops contain proprietary partner
information, customer data, and financial information. CiTx cannot afford its
data to be lost to any of its competitors. The CiTx Company started using full
disk encryption to protect its data from preying eyes. Full disk encryption
encrypts all data 011 a system, including files, folders and the operating system.
Tins is most appropriate when the physical security of the system is not assured.
Encryption uses one 01‫ ־‬more cryptographic keys to encrypt and decrypt the
data that they protect.

Lab Objectives
This lab will give you experience 011 encrypting data and show you how to do it.
It will teach you how to:
■ Use encrypting/decrypting commands
■

& Tools
demonstrated in
this lab are
available in
D:\CEHTools\CEHv8
Module 19
Cryptography

C E H L a b M a n u a l Page 932

Create a virtual encrypted disk with a file

Lab Environment
To carry out the lab, you need:

■ TrueCrypt located at D:\CEH-T00 ls\CEHv8 Module 19
Cryptography\Disk Encryption Tools\TrueCrypt
■ You can also download the latest version of TrueCrypt from the link
http:/ / www.truec1ypt.org/downloads

E th ic a l H a c k in g and Countenneasures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Stricdy Prohibited.


M o d u le 1 9 - C r y p to g r a p h y

■

If you decide to download die latest version, dien screenshots shown
111 the lab might differ

■ FoUow the wizard-driven installation instructions
■ Run tins tool 111 Windows Server 2012
■ Administrative privileges to run tools

Lab Duration
Time: 10 ]Minutes

Overview of TrueCrypt
TrueCrypt is a software application used for on-die-fly encryption (OTFE). It is
distributed without cost, and die source code is available. It can create a virtual
encrypted disk widiui a tile or encrypt a partition or an entire storage device.
B

TASK 1

Create a Volume

Lab Tasks
1. Launch the Start menu by hovering the mouse cursor on the lower-lett
corner of the desktop.

FIGURE4.1:WindowsServer2012—Desktopview
2. Click the TrueCrypt app to open the TrueCrypt window.

m You can also
downloadTruecrypt from


FIGURE 4.2:Windows Server 2012- Apps
3. Tlie TrueCrypt main window appears.

C E H L a b M a n u a l Page 933

E tliic a l H a c k in g and Countenneasures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Strictly Prohibited.

M o d u le 1 9 - C r y p to g r a p h y

4. Select the desired volume to be encrypted and click Create Volume.
TrueCrypt

□
V o lum es

m TrueCrypt is a
software application used
for on-the-flyencryption
(OTFE). It is distributed
without cost and the source
code is available.

Drive

System

Favorites

T oo ls

Settings

Help

H o m ep age
Size

Volume

Encryption algorithm

Type

a

e
:
‫^־‬TT

*#»K:
*#*l:
>^N:
s * ‫ ״‬P:

s-Q:

«^R:
,^S:
x^»T:

Create Volume

Volume Properties...

Wipe Cache

Volume
-

m TrueCrypt have the
abilityto create and run a
hidden encrypted operating
systemwhose existence
maybe denied.

Select File.

W Never save history
Volume Tools.

1

Auto-Mount Devices

Select Device.

Dismount All

Exit

FIGURE 4.3:TrueCrypt MainWindowWith Create Volume Option
‫כ‬.

m IMPORTANT: Note
that TrueCrypt will not
encrypt anyexistingfiles

(whencreatingaTrueCrypt
file container). If you select
an existingfile in this step,
it will be overwrittenand
replaced bythe newly
createdvolume (sothe
overwritten filewill be lost,
not encrypted). Youwill be
able to encrypt existing files
(later on) bymovingdiem
to the TrueCrypt volume
that we are creatingnow.

The TrueCrypt Volume Creation Wizard window appears.

6. Select the Create an encrypted file container option. Tins option
creates a virtual encrypted disk within a tile.
By default, the Create an encrypted file container option is selected.
Click Next to proceed.

□

TrueCrypt V olum e Creation W izard

TrueCrypt Volume Creation Wizard
‫ •׳‬Create an encrypted file container
Creates a vrtual encrypted disk within a file. Recommended for
inexperienced users.
More mformabon
Encrypt a non-system partition/drive

Encrypts a non-system partition on any internal or external
drive (e.g. a flash drive). Optionally, creates a hidden volume.
Encrypt the system partition or entire system drive
Encrypts the partition/drive where Windows is installed. Anyone
who wants to gain access and use the system, read and write
files, etc., will need to enter the correct password each time
before Windows boots. Optionally, aeates a hidden system.
More information about system encryption

Help

< Back

Next >

Cancel

FIGURE 4.4: TrueCrypt Volume CreationWizard-Create Encrypted File Container
C E H L a b M a n u a l Page 934

E th ic a l H a c k in g and C ounterm easures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Strictly Prohibited.


M o d u le 1 9 - C r y p to g r a p h y

8. 111 the next step of the wizard, choose the type of volume.
9. Select Standard TrueCrypt volume; this creates a normal TrueCrypt
volume.
10. Click Next to proceed.

rzz----------------------------------------------------------------------1— 1‫^ ״‬
□

TrueCrypt V olum e Creation W izard

Volume Type
| ♦ S t a n d a r d T r u e C r y p t v o lu m e |

Note: After you
copyexistingunencrypted
files to a TrueCrypt
volume, you should
securelyerase (,wipe) the
original unencrypted files.
There are software tools
that canbe used for the
purpose of secure erasure
(manyof themare free).

Select this option if you w ant to create a normal TrueCrypt
volume.

C

H id d e n T r u e C r y p t v o lu m e

It may happen th at you a re forced by somebody to reveal the
password to an encrypted volume. There are many situations
where you cannot reflise to reveal the password (for example,
due to extortion). Using a so-called hidden volume allows you to

solve such situations without revealing the password to your
volume.
More information about hidden volumes

< Back

FIGURE 4.5:TrueCrypt Volume CreationWizard-Volume Type
11. 111 the next wizard, select the Volume Location.
12. Click Select File...,

w ‫־‬

TrueCrypt V olum e Creation W izard

Volume Location

I ? Never save history

m TrueCrypt supports a
concept calledplausible
deniability.

A TrueCrypt volume can reside in a file (called TrueCrypt container),
which can reside on a hard disk, on a USB flash drive, etc. A
TrueCrypt container is ju st like any normal file Ot can be, for
example, moved or deleted as any normal file). Click ,Select File' to
choose a filename for the container and to select the location where
you wish the container to be created.
WARNING: If you select an existing file, TrueCrypt will NOT encrypt
it; the file w i be deleted and replaced with the newly created

TrueCrypt container. You will be able to encrypt existing files (later
on) by moving them to the TrueCrypt container th at you are about
to create now.

Help

|

< Back

|

Next >

|

Cancel

FIGURE 4.6:TrueCrypt Volume CreationWizard-Volume Location
13. The standard Windows file selector appears. The TrueCrypt Volume
Creation Wizard window remains open in the background.
14. Select a desired location; provide a File name and Save it.

C E H L a b M a n u a l Page 935

E th ic a l H a c k in g and C ounterm easures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Strictly Prohibited.


M o d u le 1 9 - C r y p to g r a p h y

□
©

Specify Path and File Name
©

‫״‬

^ [" - ► Libraries ► Documents

Organize ▼

V

‫־‬r

C

a

Search Documents

New folder

>0

Documents

>^

Music

t>S

Pictures

-

t>§ Videos

Name

Date modified

J i Hyper-V
J i Snagit
J i SQL Server Management Studio

8/8/2012 2:22 PM

File folder

8/7/2012 11:42 PM

File folder

8/9/2012 5:40 PM

File folder

9/4/2012 2:58 PM

File folder

Visual Studio 2010

^ 19 Computer

| Type

> i b Local Disk (C:)

m The mode of
operationused by
TrueCrypt for encrypted
partitions, drives, and
virtual volumes is XTS.

P1_* Local Disk (D:)
> <_* Local Disk (E:)

=

t % Network
V

>‫ו‬

‫ייי‬

File name: MyVolume
Save as type: All Files (‫״‬.‫ף‬

Hide Folders

FIGURE 4.7:Windows Standard-SpecifyPath and File Name Window
15. After saving the file, the Volume Location wizard continues. Click Next
to proceed.
□

TrueCrypt V olum e Creation W izard

Volume Location
[ C:VJsefs\Administrat0r p 0QjmentsV>1yV0

▼
j

Select File.‫״‬

I

W Never save history

m TrueCrypt volumes
do not contain known file
headers and dieir content is
indistinguishable from
randomdata.

A TrueCrypt volume can reside in a file (called TrueCrypt container),
which can reside on a hard disk, on a USB flash drive, etc. A
TrueCrypt container is ju st like any normal file Ot can be, for
example, moved or deleted as any normal file). Click 'Select File' to
choose a filename for the container and to select the location where
you wish the container to be created.
WARNING: If you select an existing file, TrueCrypt will NOT encrypt
it; the file will be deleted and replaced with the newly created
TrueCrypt container. You will be able to encrypt existing files (later
on) by moving them to the TrueCrypt container th at you are about
to create now.

Help

< Back

|

Next >

j

Cancel

FIGURE 4.8:TrueCrypt Volume CreationWizard-Volume Location

16. Encryption Options appear 111 the wizard.
17. Select AES Encryption Algorithm and RIPEMD-160 Hash Algorithm
and click Next.

C E H L a b M a n u a l Page 936

E th ic a l H a c k in g and C ounterm easures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Stricdy Prohibited.


M o d u le 1 9 - C r y p to g r a p h y

r = ---------------------------------------------------------L3

TrueCrypt V olum e Creation W izard

Encryption Options
m TrueCrypt currently
supports die followinghash
algorithms:
‫ ־‬RIPEMD-160
■ SHA-512
■ Whirlpool

Test
FlPS-approved cipher (Rjjndael, published in 1998) th at may be
used by U.S. government departm ents and agencies to protect
classified information up to the Top Secret level. 256-bit key,
128-bit block, 14 rounds (AES-256). Mode of operation is XTS.
More information on AES

Benchmark

I

Hash Algorithm
|RIPEMD-160

]▼]

Information on hash algorithms

FIGURE 4.9:TrueCrypt Volume CreationWizard-Encryption Options
18. 111 the next step, Volume Size option appears.
19. Specif)* the size of the TrueCrypt container to be 2 megabyte and click

Next.
□

TrueCrypt V olum e Creation W izard

Volume Size
C

kb

<* MB

c

GB

Free space on d riv e C:\ is 10.47 GB

Note: The button
"Next" will be disabled
until passwords in both
input fields are the same.

Please specify the size o f the container you w ant to create.
If you create a dynamic (sparse-file) container, this param eter w l
specify its maximum possible size.
Note th at the minimum possible size of a FAT volume is 292 KB.
The minimum possible size o f an NTFS volume is 3792 KB.

FIGURE 4.10:TrueCrypt Volume CreationWizard-Volume Size
20. The Volume Password option appears. Tins is one of the most
important steps. Read the information displayed 111 the wizard window
on what is considered a good password carefully.
21. Provide a good password 111 the first input field, re-type it 111 the
Confirm held, and click Next.

C E H L a b M a n u a l Page 937

E th ic a l H a c k in g and Countenneasures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Strictly Prohibited.


M o d u le 1 9 - C r y p to g r a p h y

□

TrueCrypt V olum e Creation W izard

| -

| □

Volume Password
Password:
Confirm: |
r

Keyfiles...

Usekeyfiles

V~ Display password

------------*

It is very important th at you choose a good password. You should
avoid choosing one th at contains only a single word th at can be found
in a dictionary (or a combination o f 2, 3, or 4 such words). It should
not contain any names or dates of birth. It should not be easy to
guess. A good password is a random combination of upper and lower
case letters, numbers, and special characters, such as @ A = $ * +
etc. We recommend choosing a password consisting o f more than 20
characters (the longer, the better). The maximum possible length is 64
characters.

m The longer youmove
the mouse, the better. This

significantlyincreases the
c r y p to g ra p h ic
s tre n g th of the
encryption keys.

Help

|

< Back

|

Next >

|

Cancel

FIGURE 4.11:TrueCrypt Volume CreationWizard-Volume Password
22. The Volume Format option appears. Select FAT Filesystem, and set
the cluster to Default.
23. Move your mouse as randomly as possible within the Volume Creation
Wizard window at least for 30 seconds.
24. Click Format.
" [3

TrueCrypt V olum e Creation W izard

| — | ‫ם‬

Volume Format
Options

-

Filesystem

m TrueCrypt volumes
have no "signature" or ID
strings. Until decrypted,
they appear to consist
solelyof randomdata.

Cluster | Default ▼]

1“ Dynamic

Random Pool: 933382C B 6290ED 4B 3& 33B 13E03911ESE-J17
Header Key:
Master Key:

Done

Speed

Left

IMPORTANT: Move your mouse as randomly as possible within this
window. The longer you move it, the better. This significantly

increases the cryptographic strength o f the encryption keys. Then
dick Format to create the volume.

< Back

|

Format

|

Cancel

FIGURE 4.12: TrueCrypt Volume CreationWizard-Volume Format
25. After clicking Format volume creation begms. TrueCrypt will now
create a file called MyVolume 111 the provided folder. Tins file depends
on the TrueCrypt container (it will contain the encrypted TrueCrypt
volume).
26. Depending on the size of the volume, the volume creation may take a
long time. After it finishes, the following dialog box appears.

C E H L a b M a n u a l Page 938

E th ic a l H a c k in g and C ounterm easures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Stricdy Prohibited.