CIPHERBASE

Cybersecurity Reference - Interactive Toolkit - Practice Hub

Based on TryHackMe Content
Interactive Tools Practice Quiz Authentication Sessions
NEW PAGE
Authentication & Login Security
IAAA, Auth Factors, Enumeration, Brute Force, Hydra
NEW PAGE
Session Management & Cookies
Sessions, Cookie Security, OWASP Guidelines
AT A GLANCE

// ENCODING

Data representation. Reversible, no key, no security.

Base64 URL Encoding HTML Entities Hex ASCII

// ENCRYPTION

Secure data with a key. Reversible only with key.

AES RSA DES/3DES Blowfish Caesar

// HASHING

One-way function. Not reversible, no key needed.

MD5 SHA-1 SHA-256 bcrypt NTLM
01

ENCODING

// WHAT IS ENCODING?

Encoding is the process of transforming data from one format to another. It is NOT encryption - it is immediately reversible and provides no security. It is simply a way to represent data.

// URL ENCODING

Also called percent-encoding. Replaces special characters with a % followed by two hex digits.

Original: http://example.com/my file.txt
Encoded:  http://example.com/my%20file.txt

// BASE64

A binary-to-text encoding using 64 printable characters. Increases data size by ~33%. Used to transmit binary data over text channels.

Input:  Many hands make light work.
Output: TWFueSBoYW5kcyBtYWtlIGxpZ2h0IHdvcmsu

// HTML ENCODING

Converts special HTML characters into entity codes to prevent the browser from interpreting them as markup. Critical for preventing XSS.

&  ?  &amp;     <  ?  &lt;     >  ?  &gt;
"  ?  &quot;    '  ?  &#x27;

// HEX & BINARY

Hexadecimal (base-16) is a compact way to represent binary data. Each hex digit maps to 4 bits.

A = 0x41 = 01000001
Z = 0x5A = 01011010
0 = 0x30 = 00110000

URL ENCODING - COMMON CHARS

Char Encoded
space %20
" %22
% %25
< %3C
> %3E
\ %5C
{ %7B
} %7D
| %7C
~ %7E

HTML ENTITY ENCODING

Char Entity
& &amp;
< &lt;
> &gt;
" &quot;
' &#x27;

BASE64 ALPHABET (PARTIAL)

Val Char Val Char
0 A 26 a
25 Z 51 z
52 0 61 9
62 + 63 /
Base64URL: + ? - and / ? _
02

ENCRYPTION & CRYPTOGRAPHY

// CRYPTOGRAPHY

The practice and study of techniques for secure communication. Protects confidentiality (data is private), integrity (data is unaltered), and authenticity (data is genuine).

// SYMMETRIC ENCRYPTION

Uses the same key to encrypt and decrypt. Faster, smaller keys. Examples: AES (128/256-bit keys), DES (56-bit, broken).

// ASYMMETRIC ENCRYPTION

Uses a key pair - public key encrypts, private key decrypts (and vice versa). Slower, larger keys. Examples: RSA, ECC.

// KEY EXCHANGE & TLS

Asymmetric encryption is used to securely exchange a symmetric key. Once both parties have the symmetric key, they switch to faster symmetric encryption. This is the foundation of TLS/HTTPS.

// CAESAR CIPHER

Shift each letter by a fixed number. Only 25 possible keys. HELLO shift 3 ? KHOOR

// MODULO MATH

The % operator returns the remainder of division. 25 % 5 = 0 | 23 % 6 = 5. Modulo is not reversible.

Ciphertext
The result of encrypting plaintext - unreadable without the key.
Plaintext
The original, readable data before encryption.
Cipher
A method/algorithm for encrypting or decrypting data.
Key
Information needed to correctly decrypt ciphertext.
Passphrase
Like a password - used to protect a cryptographic key.
Digital Signature
Verifies sender identity and message integrity.
Brute Force
Attacking by trying every possible password or key.
Cryptanalysis
Attacking by finding weaknesses in the mathematics.
IV / Nonce
Initialization Vector - random value ensuring same input encrypts differently each time.

SYMMETRIC vs ASYMMETRIC

Property Symmetric Asymmetric
Keys 1 shared key Key pair (public + private)
Speed Fast Slow
Key Size 128-256 bits 2048-4096 bits
Examples AES, DES, Blowfish RSA, ECC, DSA
03

HASHING

// WHAT IS A HASH FUNCTION?

Takes input data of any size and produces a fixed-size digest. No key - it is a one-way function. Any small change in input causes a massive change in output (avalanche effect).

// HASH COLLISIONS

When two different inputs produce the same hash. Unavoidable due to pigeonhole effect. MD5 and SHA1 are broken due to engineered collisions.

// PASSWORD HASHING

Never encrypt passwords - store their hash instead. Add a salt (random unique string per user) to prevent rainbow table attacks. Use bcrypt or sha512crypt.

// RAINBOW TABLES

Pre-computed lookup tables of hash ? plaintext. Fast to look up, trades disk space for speed. Defeated by salting.

// CRACKING TOOLS

Hashcat - GPU-based, extremely fast. John the Ripper - CPU-based. Common wordlist: rockyou.txt

HASH SIZES

Algorithm Output Status
MD5 16 bytes (128 bit) Broken
SHA1 20 bytes (160 bit) Broken
SHA256 32 bytes (256 bit) Safe
bcrypt 60 chars Recommended

HASH IDENTIFICATION TIPS

MD5: 32 hex chars

SHA1: 40 hex chars

SHA256: 64 hex chars

SHA512: 128 hex chars

bcrypt: starts with $2y$ or $2a$

04

INTERACTIVE TOOLS

URL Encode / Decode

Output:
-

Base64 Encode / Decode

Output:
-

HTML Entity Encode / Decode

Output:
-

Caesar Cipher

Shift:
Output:
-

ROT13 Cipher

Output:
-

Hash Generator (Browser-based)

Output:
-

Hex / Binary / Decimal Converter

Output:
-

XOR Cipher

Key:
Output:
-
05

PRACTICE QUESTIONS

For Authentication & Login Security practice questions (IAAA, enumeration, brute force, Hydra), visit the Authentication page
SCORE TRACKER 0 / 0 correct
// Q1 - ENCODING
What encoding schema is also called percent encoding?
// Q2 - ENCODING
Decode this Base64 string: TXkgRmlyc3QgQmFzZTY0IERlY29kZQo=
Hint: Use the Base64 tool above
// Q3 - ENCODING
What is the HTML encoded value for &?
// Q1 - ENCRYPTION
What do you call the encrypted plaintext?
// Q2 - ENCRYPTION
What type of encryption uses the same key for both encryption and decryption?
// Q1 - HASHING
What is the output size in bytes of the MD5 hash function?
// Q2 - HASHING
Can you avoid hash collisions? (Yea/Nay)
// Q3 - HASHING
What hash format is this? e22084c2ca255918f9f9c755e06e9dbe7cdf13f0635bdcafaa6dbc8ba963c25b
06

RESOURCES & TOOLS

TryHackMe

Beginner-friendly cybersecurity training platform.
HackTheBox

Challenging machines and challenges for all skill levels.
CyberChef

The "Swiss Army Knife" of data transformation.
Authentication Links

OWASP, PortSwigger, Microsoft, Auth0, Hydra, and TryHackMe practice.
Session & Cookie Links

OWASP, MDN, and PortSwigger references for session management.
PortSwigger Auth Labs

Hands-on labs for username enumeration, 2FA bypass, and timing attacks.
Continue to Authentication & Login Security