Protected file transfers

# File Encryption on Windows Many different methods can be used to encrypt files and information on Windows systems. One of the simplest methods is the `Invoke-AESEncryption.ps1` PowerShell script. This script is small and provides encryption of files and strings. ### Invoke-AESEncryption.ps1 ```powershell .EXAMPLE Invoke-AESEncryption -Mode Encrypt -Key "p@ssw0rd" -Text "Secret Text" Description ----------- Encrypts the string "Secret Test" and outputs a Base64 encoded ciphertext. .EXAMPLE Invoke-AESEncryption -Mode Decrypt -Key "p@ssw0rd" -Text "LtxcRelxrDLrDB9rBD6JrfX/czKjZ2CUJkrg++kAMfs=" Description ----------- Decrypts the Base64 encoded string "LtxcRelxrDLrDB9rBD6JrfX/czKjZ2CUJkrg++kAMfs=" and outputs plain text. .EXAMPLE Invoke-AESEncryption -Mode Encrypt -Key "p@ssw0rd" -Path file.bin Description ----------- Encrypts the file "file.bin" and outputs an encrypted file "file.bin.aes" .EXAMPLE Invoke-AESEncryption -Mode Decrypt -Key "p@ssw0rd" -Path file.bin.aes Description ----------- Decrypts the file "file.bin.aes" and outputs an encrypted file "file.bin" #> function Invoke-AESEncryption { [CmdletBinding()] [OutputType([string])] Param ( [Parameter(Mandatory = $true)] [ValidateSet('Encrypt', 'Decrypt')] [String]$Mode, [Parameter(Mandatory = $true)] [String]$Key, [Parameter(Mandatory = $true, ParameterSetName = "CryptText")] [String]$Text, [Parameter(Mandatory = $true, ParameterSetName = "CryptFile")] [String]$Path ) Begin { $shaManaged = New-Object System.Security.Cryptography.SHA256Managed $aesManaged = New-Object System.Security.Cryptography.AesManaged $aesManaged.Mode = [System.Security.Cryptography.CipherMode]::CBC $aesManaged.Padding = [System.Security.Cryptography.PaddingMode]::Zeros $aesManaged.BlockSize = 128 $aesManaged.KeySize = 256 } Process { $aesManaged.Key = $shaManaged.ComputeHash([System.Text.Encoding]::UTF8.GetBytes($Key)) switch ($Mode) { 'Encrypt' { if ($Text) {$plainBytes = [System.Text.Encoding]::UTF8.GetBytes($Text)} if ($Path) { $File = Get-Item -Path $Path -ErrorAction SilentlyContinue if (!$File.FullName) { Write-Error -Message "File not found!" break } $plainBytes = [System.IO.File]::ReadAllBytes($File.FullName) $outPath = $File.FullName + ".aes" } $encryptor = $aesManaged.CreateEncryptor() $encryptedBytes = $encryptor.TransformFinalBlock($plainBytes, 0, $plainBytes.Length) $encryptedBytes = $aesManaged.IV + $encryptedBytes $aesManaged.Dispose() if ($Text) {return [System.Convert]::ToBase64String($encryptedBytes)} if ($Path) { [System.IO.File]::WriteAllBytes($outPath, $encryptedBytes) (Get-Item $outPath).LastWriteTime = $File.LastWriteTime return "File encrypted to $outPath" } } 'Decrypt' { if ($Text) {$cipherBytes = [System.Convert]::FromBase64String($Text)} if ($Path) { $File = Get-Item -Path $Path -ErrorAction SilentlyContinue if (!$File.FullName) { Write-Error -Message "File not found!" break } $cipherBytes = [System.IO.File]::ReadAllBytes($File.FullName) $outPath = $File.FullName -replace ".aes" } $aesManaged.IV = $cipherBytes[0..15] $decryptor = $aesManaged.CreateDecryptor() $decryptedBytes = $decryptor.TransformFinalBlock($cipherBytes, 16, $cipherBytes.Length - 16) $aesManaged.Dispose() if ($Text) {return [System.Text.Encoding]::UTF8.GetString($decryptedBytes).Trim([char]0)} if ($Path) { [System.IO.File]::WriteAllBytes($outPath, $decryptedBytes) (Get-Item $outPath).LastWriteTime = $File.LastWriteTime return "File decrypted to $outPath" } } } } End { $shaManaged.Dispose() $aesManaged.Dispose() } } ``` After the script has been transferred to a target host, it only needs to be imported as a module. ### Import module Invoke-AESEncryption.ps1 ```powershell Import-Module .\\Invoke-AESEncryption.ps1 ``` ### File Encryption example ```powershell PS C:\\abc> Invoke-AESEncryption -Mode Encrypt -Key "p4ssw0rd" -Path .\\scan-results.txt File encrypted to C:\\htb\\scan-results.txt.aes PS C:\\abc> ls Directory: C:\\abc Mode LastWriteTime Length Name ---- ------------- ------ ---- -a---- 11/18/2020 12:17 AM 9734 Invoke-AESEncryption.ps1 -a---- 11/18/2020 12:19 PM 1724 scan-results.txt -a---- 11/18/2020 12:20 PM 3448 scan-results.txt.aes ``` --- # File Encryption on Linux `OpenSSL` is frequently included in Linux distributions and it can be used to send files “nc style” to encrypt files. To encrypt a file using `openssl` we can select different ciphers. Let’s use `-aes256` as an example. We can also override the default iterations counts with the option `-iter 100000` and add the option `-pbkdf2` to use the Password-Based Key Derivation Function 2 algorithm. ### Encrypting /etc/passwd with openssl ```powershell openssl enc -aes256 -iter 100000 -pbkdf2 -in /etc/passwd -out passwd.enc ``` ### Decrypt passwd.enc with openssl ```powershell openssl enc -d -aes256 -iter 100000 -pbkdf2 -in passwd.enc -out passwd ```