I hereby claim:
- I am cocaman on github.
- I am cocaman (https://keybase.io/cocaman) on keybase.
- I have a public key ASCtrVSEH9GNbpkZn8hlqvRKTJ2pcGplfyl_NweKWWG2-Qo
To claim this, I am signing this object:
#!/usr/bin/env python3 | |
import requests | |
import sys | |
import argparse | |
import pyzipper | |
import io | |
__author__ = "Corsin Camichel" | |
__copyright__ = "Copyright 2020, Corsin Camichel" | |
__license__ = "Creative Commons Attribution-ShareAlike 4.0 International License." |
I hereby claim:
To claim this, I am signing this object:
<sinj> | |
<mm>https://www.bankline.natwest.com*</mm> | |
<sm>https://www.bankline.natwest.com/CWSLogon/logon.do*</sm> | |
<nh>ccsarewkpsmofyibdhqcgvnltzxj.net</nh> | |
<srv>195.133.144.126:443</srv> | |
</sinj> | |
<sinj> | |
<mm>https://www.bankline.rbs.com*</mm> | |
<sm>https://www.bankline.rbs.com/CWSLogon/logon.do*</sm> | |
<nh>cdsarpwtfdxysnmgejvzbicolqku.net</nh> |
I wasn't first to get the key. Nor was I second, third, or even fourth. I'm probably not even the | |
10th to get it (ok, looks like I was the 7th.) But I'm happy that I was able to prove to myself | |
that I too could do it. | |
First, I have to admit I was a skeptic. Like the handful of other dissenters, I had initially | |
believed that it would be highly improbable under normal conditions to obtain the private key | |
through exploiting Heartbleed. So this was my motivation for participating in Cloudflare's | |
challenge. I had extracted a lot of other things with Heartbleed, but I hadn't actually set out to | |
extract private keys. So I wanted to see first-hand if it was possible or not. |
# This is supposedly what CRIME by Juliano Rizzo and Thai Duong will do | |
# Algorithm by Thomas Pornin, coding by xorninja, improved by @kkotowicz | |
# http://security.blogoverflow.com/2012/09/how-can-you-protect-yourself-from-crime-beasts-successor/ | |
import string | |
import zlib | |
import sys | |
import random | |
charset = string.letters + string.digits + "%/+=" |