CVE-2008-0166

Spotting and sharing weak cryptographic key materials

snake-oil-crypto Snake-oil crypto is a term coined by Phil Zimmermann in 1991 original PGP user guide that designates bad security products that are hardly distinguishable from good ones: like [] automotive seat belts that look good and feel good, but snap open in the slowest crash test The main aim of this project is therefore to provide slow speed crash tests for crypto

thc-btc-rng-bruteforce A tool to determine if anyone ever used the Bitcoin client software to receive a Bitcoin payment on a system that uses the CVE-2008-0166 broken Random Number Generator (The tool generates all possible combinations of bitcoin addresses using the broken RNG) Answer: We did not find any Though, it was a lot of fun searching The broken version of OpenSS

Private keys vulnerable to Debian OpenSSL bug (CVE-2008-0166)

debianopenssl Private keys vulnerable to Debian OpenSSL bug (CVE-2008-0166) In 2008 a bug in Debian's and Ubuntu's OpenSSL package led to predictable private keys While the number of keys is limited, it takes a few considerations to create a proper list of all plausibly affected keys This repository contains the keys used for the blocklist in the badkeys tool Notes

Debian weak key generator

key_generator Debian weak key generator Introduction CABForum Baseline Requirements 4911 (Reasons for Revoking a Subscriber Certificate) and 6113 (Subscriber Key Pair Generation) expect Certification Authorities (CAs) to check that there is not a proven method that can easily compute the Subscriber's Private Key based on the Public Key, citing the example of Debian

Debian OpenSSL Predictable PRNG Exploitation. This is an integrated repo included the exploitation, usage example, data package and explanation, more.

Debian OpenSSL Predictable PRNG Exploitation This is an integrated repository included the exploitation, usage example, data package and explanation, more Exploitations OpenSSL 098c-1 < 098g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH wwwexploit-dbcom/exploits/5622/ (Perl) wwwexploit-dbcom/exploits/5720/ (Python) wwwe

Debian OpenSSL Predictable PRNG Exploitation. This is an integrated repo included the exploitation, usage example, data package and explanation, more.

Debian OpenSSL Predictable PRNG Exploitation This is an integrated repository included the exploitation, usage example, data package and explanation, more Exploitations OpenSSL 098c-1 < 098g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH wwwexploit-dbcom/exploits/5622/ (Perl) wwwexploit-dbcom/exploits/5720/ (Python) wwwe

CryptoDeepTools Crypto Deep Tools a set of scripts for detailed cryptanalysis of the Blockchain network in cryptocurrency Bitcoin 01BlockchainGoogleDrive Parsing Blockchain in Google Drive Tutorial: youtube/ECAPypsmMQs Tutorial: cryptodeepru/blockchain-google-drive 02BreakECDSAcryptography Analyze the data from the file "RawTXjson" Scrip

Simple python3 framework to parellelise ssh key bruteforcing

ssh-keybrute Simple python3 framework to parellelise ssh key brute forcing I wrote a simple python3 native script to perform ssh key brute forcing against legacy targets (such as Debian machines affected by CVE-2008-0166) with multithreading It includes a bunch of ssh algorithm compatibilitiy flags to force modern ssh clients to connect using legacy methods and can be easily

Debian OpenSSL Predictable PRNG Exploitation. This is an integrated repo included the exploitation, usage example, data package and explanation, more.

Debian OpenSSL Predictable PRNG Exploitation This is an integrated repository included the exploitation, usage example, data package and explanation, more Exploitations OpenSSL 098c-1 < 098g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH wwwexploit-dbcom/exploits/5622/ (Perl) wwwexploit-dbcom/exploits/5720/ (Python) wwwe

Debian OpenSSL Predictable PRNG Links Original URL: metasploitcom/users/hdm/tools/debian-openssl/ (Mirror) Exploit: wwwexploit-dbcom/exploits/5622/ (Perl) wwwexploit-dbcom/exploits/5720/ (Python) wwwexploit-dbcom/exploits/5632/ (Ruby) Recommend Tool: Crowbar (able to brute force SSH keys) Testing Method: ssh-vulnkey & dowkdpl CV

Tool to reproduce the DSA-1571 (CVE-2008-0166) Use only for testing purposes Generate example keys and CSRs # if on 64bit machine, first simulate PIDMAX from a 32bit system: echo 32768 > /proc/sys/kernel/pid_max docker run --rm -v $(pwd):/io -it hoefling/dsa-1571 gencsr gencsr will generate keys of 512, 1024 and 2048 bits size, r

Search for BTC coins on earlier versions of Bitcoin Core with critical vulnerability OpenSSL 0.9.8 CVE-2008-0166

Search for BTC coins on earlier versions of Bitcoin Core with critical vulnerability OpenSSL 098 CVE-2008-0166 In this article, we will create a tool that will generate Bitcoin Addresses (P2PKH) using the CVE-2008-0166 vulnerability This is a research project to find BTC coins on earlier versions of the Bitcoin Core software client Random number generator 

CryptoDeepTools Crypto Deep Tools a set of scripts for detailed cryptanalysis of the Blockchain network in cryptocurrency Bitcoin 01BlockchainGoogleDrive Parsing Blockchain in Google Drive Tutorial: youtube/ECAPypsmMQs Tutorial: cryptodeepru/blockchain-google-drive 02BreakECDSAcryptography Analyze the data from the file "RawTXjson" Scrip

Debian OpenSSL Predictable PRNG (CVE-2008-0166)

Debian OpenSSL Predictable PRNG Links Original URL: metasploitcom/users/hdm/tools/debian-openssl/ (Mirror) Exploit: wwwexploit-dbcom/exploits/5622/ (Perl) wwwexploit-dbcom/exploits/5720/ (Python) wwwexploit-dbcom/exploits/5632/ (Ruby) Recommend Tool: Crowbar (able to brute force SSH keys) Testing Method: ssh-vulnkey & dowkdpl CV

CryptoDeepTools Crypto Deep Tools a set of scripts for detailed cryptanalysis of the Blockchain network in cryptocurrency Bitcoin 01BlockchainGoogleDrive Parsing Blockchain in Google Drive Tutorial: youtube/ECAPypsmMQs Tutorial: cryptodeepru/blockchain-google-drive 02BreakECDSAcryptography Analyze the data from the file "RawTXjson" Scrip

CryptoDeepTools Crypto Deep Tools a set of scripts for detailed cryptanalysis of the Blockchain network in cryptocurrency Bitcoin 01BlockchainGoogleDrive Parsing Blockchain in Google Drive Tutorial: youtube/ECAPypsmMQs Tutorial: cryptodeepru/blockchain-google-drive 02BreakECDSAcryptography Analyze the data from the file "RawTXjson" Scrip

Crypto Deep Tools a set of scripts for detailed cryptanalysis of the Blockchain network in cryptocurrency Bitcoin

CryptoDeepTools Crypto Deep Tools a set of scripts for detailed cryptanalysis of the Blockchain network in cryptocurrency Bitcoin 01BlockchainGoogleDrive Parsing Blockchain in Google Drive Tutorial: youtube/ECAPypsmMQs Tutorial: cryptodeeptechru/blockchain-google-drive 02BreakECDSAcryptography Analyze the data from the file "RawTXjson" S

Spotting and sharing weak cryptographic key materials

snake-oil-crypto Snake-oil crypto is a term coined by Phil Zimmermann in 1991 original PGP user guide that designates bad security products that are hardly distinguishable from good ones: like [] automotive seat belts that look good and feel good, but snap open in the slowest crash test The main aim of this project is therefore to provide slow speed crash tests for crypto

Debian OpenSSL Predictable PRNG Exploitation. This is an integrated repo included the exploitation, usage example, data package and explanation, more.

Debian OpenSSL Predictable PRNG Exploitation This is an integrated repository included the exploitation, usage example, data package and explanation, more Exploitations OpenSSL 098c-1 < 098g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH wwwexploit-dbcom/exploits/5622/ (Perl) wwwexploit-dbcom/exploits/5720/ (Python) wwwe

CryptoDeepTools Crypto Deep Tools a set of scripts for detailed cryptanalysis of the Blockchain network in cryptocurrency Bitcoin 01BlockchainGoogleDrive Parsing Blockchain in Google Drive Tutorial: youtube/ECAPypsmMQs Tutorial: cryptodeeptechru/blockchain-google-drive 02BreakECDSAcryptography Analyze the data from the file "RawTXjson" S

Paranoid's library contains implementations of checks for well known weaknesses on cryptographic artifacts.

Project Paranoid Overview Paranoid project checks for well known weaknesses on cryptographic artifacts such as public keys, digital signatures and general pseudorandom numbers This library contains implementations and optimizations of existing work found in the literature The existing work showed that the generation of these artifacts was flawed in some cases The following

AutoRoot in Bash for KLIM machine in Hackmyvm.eu

WriteUp of KLIM (medium) of hackmyvmeu/ This is an autoroot written in bash Is required to have installed: Stegbrute curl wget ssh xterm Process: Download image BruteForce password and data extraction Extract password from extracted data RCE + LPE SCP download RSA Public Key CVE-2008-0166 SSH