Skip to content

Instantly share code, notes, and snippets.

Filippo Valsorda FiloSottile

View GitHub Profile
FiloSottile / gist:d3839775bda8e6649372a6e5efea7c38
Created May 4, 2016
Hosts in the Alexa Top 30k vulnerable to CVE-2016-2107 as of 2016-05-04Z00:00.
View gist:d3839775bda8e6649372a6e5efea7c38
View aesni_cbc_hmac_sha1_cipher.c
// clang -L/usr/local/opt/openssl/lib -I/usr/local/opt/openssl/include -lssl -lcrypto -O0 -g aesni_cbc_hmac_sha1_cipher.c && ./a.out
#include <stdio.h>
#include <string.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/aes.h>
#include <openssl/sha.h>
#include <openssl/rand.h>
View 20160503.txt
OpenSSL Security Advisory [3rd May 2016]
Memory corruption in the ASN.1 encoder (CVE-2016-2108)
Severity: High
This issue affected versions of OpenSSL prior to April 2015. The bug
causing the vulnerability was fixed on April 18th 2015, and released
#! /bin/sh
GOOS=linux go build -o $2 "$1"
GOOS=linux go build -ldflags="-s -w" -o $2.-sw "$1"
upx -f --brute -o $2.upx $2
upx -f --brute -o $2.-sw.upx $2.-sw
GOOS=linux gotip build -o $2.tip "$1"
GOOS=linux gotip build -ldflags="-s -w" -o $2.tip.-sw "$1"
upx -f --brute -o $2.tip.upx $2.tip
View gist:d308789cc7a8f1de8f36a127ecfbff19
$ pip freeze
View gist:9326dbcd7dfe73431961
$ tail -n +210868 whosthere/log.jsonl | while read line; do echo "$line" | jq -r .ClientVersion | xxd -r -p; echo; done | sort | uniq -c | sort -n
1 SSH-2.0-dropbear_2015.67
1 SSH-2.0-nsssh2_5.0.0029 NetSarang Computer, Inc.
1 SSH-2.0-OpenSSH_3.9p1
1 SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7
1 SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7.1
1 SSH-2.0-OpenSSH_5.4p1 FreeBSD-20100308
1 SSH-2.0-OpenSSH_5.8
1 SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1
1 SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.1
View TestHMACTotalTiming.go
func TestHMACTotalTiming(t *testing.T) {
sumData := make(plotter.XYs, 256)
constData := make(plotter.XYs, 256)
naiveData := make(plotter.XYs, 256)
data := []byte("0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789")
sumBuf := make([]byte, 0, 100)
for n := 0; n < 256; n++ {
var res1, res2 []byte
ns := testing.Benchmark(func(b *testing.B) {
View cipher_suites_test.go
// Copyright 2010 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package tls
import (
View python-rsa verify BB'06.ipynb
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
View 0001-crypto-tls-support-SSLv2-compatibility-handshakes.patch
From 6ec6e3f7b176547783b2c464d54bc1a1f7d884f7 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <>
Date: Mon, 7 Dec 2015 15:44:34 +0000
Subject: [PATCH] crypto/tls: support SSLv2 compatibility handshakes
src/crypto/tls/conn.go | 103 ++++++++++++++++++++++++++++++++++++-
src/crypto/tls/handshake_server.go | 7 ++-
2 files changed, 107 insertions(+), 3 deletions(-)
You can’t perform that action at this time.