Re: [Hackmeeting] maledetto php buggato (openssl)

Delete this message

Reply to this message
Author: Gufo Rosso
Date:  
To: hackmeeting
Subject: Re: [Hackmeeting] maledetto php buggato (openssl)

----- Original Message -----
From: "killer" <killer@???>
To: <hackmeeting@???>
Sent: Saturday, November 28, 2009 2:37 PM
Subject: Re: [Hackmeeting] maledetto php buggato (openssl)



Ha ragione megabug, se codi come quoti è ovvio che non ti funziona nulla

e se commenti il codice come dai retta alle mail private, nessun'altro e'
in grado di leggere il tuo codice


nel suo codice mancano delle cose :
1 la private key che uso e' cifrata, nel suo codice non viene decifrata,
come fa a funzionare ?
manca questo:
openssl_pkey_get_private
(PHP 4 >= 4.2.0, PHP 5)

openssl_pkey_get_private - Get a private key

Description
resource openssl_pkey_get_private ( mixed $key [, string $passphrase =
"" ] )
openssl_get_privatekey() parses key and prepares it for use by other
functions.



da solo l'errore sulla lungezza della stringa
strano che parlate pero non date su che os lo provate e in che condizioni
posta lo script che usi, o parli per sentito dire ?
nel mio nn c'e' perche ho gia la "resource"

questo non da ne warning ne nulla:


<?
/* if(empty($appl['APPL'])){
header("Location: http://".$_SERVER['SERVER_NAME']);
exit;
} */

error_reporting(E_ALL | E_NOTICE);
date_default_timezone_set('Europe/Rome');


$POST = array();

$POST['algo'] = "OPENSSL_ALGO_MD5";
$POST['keys'] = 512;
$POST['pv0'] = $POST['pv1'] = '1234567890987654321234567';
$POST['dat'] = 'TEST';


$POST['natio'] = 'IT';
$POST['countr'] = 'ITALY';
$POST['prv'] = 'BAGANZOLA (PR)';
$POST['unit'] = 'localunit';
$POST['mail'] = 'prove@???';
$POST['yars'] = '5';
$POST['fp'] = '2';

$table['user'] = 'table';


         if(in_array($POST['algo'], array("OPENSSL_ALGO_SHA1",
               "OPENSSL_ALGO_MD5",
               "OPENSSL_ALGO_MD4",
               "OPENSSL_ALGO_MD2",
               "OPENSSL_ALGO_DSS1"))){
               $algo = $POST['algo'];


         }else{


               $algo = "OPENSSL_ALGO_MD5";
         }


if(in_array($POST['keys'], 
array("512","1024","1536","2048","3072","4096","4608","6656","8192"))){
               $key = (int) $POST['keys'];
}else{
               $key = (int) 4096;
}



if($POST['pv0']===$POST['pv1']){
    $pass = $POST['pv0'];
}else{
    echo "{\"pass\": \"false\"}";
}



// echo dirname(__FILE__);

define('OPEN_SSL_CONF_PATH', dirname(__FILE__).'./openssl.cnf');



$ssl_configargs = array(
"config" => OPEN_SSL_CONF_PATH,
"digest_alg" => $algo,
"private_key_bits" => $key,
"basicConstraints" => "critical,CA:true",
"keyUsage" => "cRLSign, keyCertSign",
"nsCertType" => "sslCA, emailCA",
'x509_extensions' => 'v3_ca',
'req_extensions' => 'v3_req',
'name_opt' => $POST['dat']
);


$dn = array("countryName" => $POST['natio'],
"stateOrProvinceName" => $POST['countr'],
"localityName" => $POST['prv'],
"organizationName" => $POST['dat'],
"organizationalUnitName" => $POST['unit'],
"commonName" => $POST['dat'] ,
"emailAddress" => $POST['mail']);

// $ssl_configargs


$numberofdays = $POST['yars'] * 365;

$pkey = openssl_pkey_new($ssl_configargs);
var_dump($pkey);

$csr = openssl_csr_new( $dn, $privkey,$ssl_configargs);
openssl_pkey_export($privkey, $pkeyout,$pass,$ssl_configargs);
var_dump($csr);


$sscert = openssl_csr_sign( $csr, null, $privkey, $numberofdays,
$ssl_configargs);

var_dump($sscert);


openssl_csr_export( $csr, $csrout );
openssl_x509_export( $sscert, $certout );


$detail = openssl_x509_parse ($certout);
$res = openssl_get_publickey($certout);

$source = 'vbebvuweb vgh 8g2h528ghv 24gh v745hv g87vh4g28 vh2847';

// herror here !!!!!!! uncomment source

$source .= 'vbebvuweb vgh 8g2h528ghv 24gh v745hv g87vh4g28 vh2847';
$source .= 'vbebvuweb vgh 8g2h528ghv 24gh v745hv g87vh4g28 vh2847';

openssl_public_encrypt($source,$crypttext,$res);
echo $crypttext;
openssl_private_decrypt($crypttext,$plain, $privkey);


echo "<br>";
echo $plain;
echo "<br>";

$f = true;
if($plain!==$source){
echo '{"certificate":"false"}';
$f = false;
}

echo date('s');




echo $sql1 = "INSERT INTO ".$table['user']."certificate SET cr_root='S',
cr_fp='".$POST["fp"]."',
cr_s_c='".$detail["subject"]["C"]."',
cr_s_st='".$detail["subject"]["ST"]."',
cr_s_l='".$detail["subject"]["L"]."',
cr_s_o='".$detail["subject"]["O"]."',
cr_s_ou='".$detail["subject"]["OU"]."',
cr_s_cn='".$detail["subject"]["CN"]."',
cr_s_mail='".$detail["subject"]["emailAddress"]."',
cr_i_c='".$detail["issuer"]["C"]."',
cr_i_st='".$detail["issuer"]["ST"]."',
cr_i_l='".$detail["issuer"]["L"]."',
cr_i_o='".$detail["issuer"]["O"]."',
cr_i_ou='".$detail["issuer"]["OU"]."',
cr_i_cn='".$detail["issuer"]["CN"]."',
cr_i_mail='".$detail["issuer"]["emailAddress"]."',
cr_hash='".$detail["hash"]."',
cr_ver='".$detail["version"]."',
cr_serial='".$detail["serialNumber"]."',
cr_start='".date('Y-m-d H:i:s',$detail["validFrom_time_t"])."',
cr_end='".date('Y-m-d H:i:s',$detail["validTo_time_t"])."',
cr_subjectkeyi='".$detail["extensions"]["subjectKeyIdentifier"]."',
cr_authoritykeyi='".$detail["extensions"]["authorityKeyIdentifier"]."',
cr_basicc='".$detail["extensions"]["basicConstraints"]."',
cr_critical='S',
cr_pws='S',
cr_keysiz='".$key."',
cr_cer='".addslashes($certout)."',
cr_csr='".addslashes($csrout)."',
cr_key='".addslashes($pkeyout)."'
";

$result1 = true;
// $result1 = $db->sql_query($sql1);

if($result1==true AND $f==true){
    echo '{"certificate":"true"}';
}



// var_dump($detail);


file_put_contents('certificate.cer',$certout);

file_put_contents('certificate.csr',$csrout);



file_put_contents('certificate.key',$pkeyout);


?>



_______________________________________________
Hackmeeting mailing list
Hackmeeting@???
https://www.autistici.org/mailman/listinfo/hackmeeting