----- Original Message -----
From: "killer" <killer@???>
To: <hackmeeting@???>
Sent: Saturday, November 28, 2009 2:37 PM
Subject: Re: [Hackmeeting] maledetto php buggato (openssl)
Ha ragione megabug, se codi come quoti è ovvio che non ti funziona nulla
e se commenti il codice come dai retta alle mail private, nessun'altro e'
in grado di leggere il tuo codice
nel suo codice mancano delle cose :
1 la private key che uso e' cifrata, nel suo codice non viene decifrata,
come fa a funzionare ?
manca questo:
openssl_pkey_get_private
(PHP 4 >= 4.2.0, PHP 5)
openssl_pkey_get_private - Get a private key
Description
resource openssl_pkey_get_private ( mixed $key [, string $passphrase =
"" ] )
openssl_get_privatekey() parses key and prepares it for use by other
functions.
da solo l'errore sulla lungezza della stringa
strano che parlate pero non date su che os lo provate e in che condizioni
posta lo script che usi, o parli per sentito dire ?
nel mio nn c'e' perche ho gia la "resource"
questo non da ne warning ne nulla:
<?
/* if(empty($appl['APPL'])){
header("Location:
http://".$_SERVER['SERVER_NAME']);
exit;
} */
error_reporting(E_ALL | E_NOTICE);
date_default_timezone_set('Europe/Rome');
$POST = array();
$POST['algo'] = "OPENSSL_ALGO_MD5";
$POST['keys'] = 512;
$POST['pv0'] = $POST['pv1'] = '1234567890987654321234567';
$POST['dat'] = 'TEST';
$POST['natio'] = 'IT';
$POST['countr'] = 'ITALY';
$POST['prv'] = 'BAGANZOLA (PR)';
$POST['unit'] = 'localunit';
$POST['mail'] = 'prove@???';
$POST['yars'] = '5';
$POST['fp'] = '2';
$table['user'] = 'table';
if(in_array($POST['algo'], array("OPENSSL_ALGO_SHA1",
"OPENSSL_ALGO_MD5",
"OPENSSL_ALGO_MD4",
"OPENSSL_ALGO_MD2",
"OPENSSL_ALGO_DSS1"))){
$algo = $POST['algo'];
}else{
$algo = "OPENSSL_ALGO_MD5";
}
if(in_array($POST['keys'],
array("512","1024","1536","2048","3072","4096","4608","6656","8192"))){
$key = (int) $POST['keys'];
}else{
$key = (int) 4096;
}
if($POST['pv0']===$POST['pv1']){
$pass = $POST['pv0'];
}else{
echo "{\"pass\": \"false\"}";
}
// echo dirname(__FILE__);
define('OPEN_SSL_CONF_PATH', dirname(__FILE__).'./openssl.cnf');
$ssl_configargs = array(
"config" => OPEN_SSL_CONF_PATH,
"digest_alg" => $algo,
"private_key_bits" => $key,
"basicConstraints" => "critical,CA:true",
"keyUsage" => "cRLSign, keyCertSign",
"nsCertType" => "sslCA, emailCA",
'x509_extensions' => 'v3_ca',
'req_extensions' => 'v3_req',
'name_opt' => $POST['dat']
);
$dn = array("countryName" => $POST['natio'],
"stateOrProvinceName" => $POST['countr'],
"localityName" => $POST['prv'],
"organizationName" => $POST['dat'],
"organizationalUnitName" => $POST['unit'],
"commonName" => $POST['dat'] ,
"emailAddress" => $POST['mail']);
// $ssl_configargs
$numberofdays = $POST['yars'] * 365;
$pkey = openssl_pkey_new($ssl_configargs);
var_dump($pkey);
$csr = openssl_csr_new( $dn, $privkey,$ssl_configargs);
openssl_pkey_export($privkey, $pkeyout,$pass,$ssl_configargs);
var_dump($csr);
$sscert = openssl_csr_sign( $csr, null, $privkey, $numberofdays,
$ssl_configargs);
var_dump($sscert);
openssl_csr_export( $csr, $csrout );
openssl_x509_export( $sscert, $certout );
$detail = openssl_x509_parse ($certout);
$res = openssl_get_publickey($certout);
$source = 'vbebvuweb vgh 8g2h528ghv 24gh v745hv g87vh4g28 vh2847';
// herror here !!!!!!! uncomment source
$source .= 'vbebvuweb vgh 8g2h528ghv 24gh v745hv g87vh4g28 vh2847';
$source .= 'vbebvuweb vgh 8g2h528ghv 24gh v745hv g87vh4g28 vh2847';
openssl_public_encrypt($source,$crypttext,$res);
echo $crypttext;
openssl_private_decrypt($crypttext,$plain, $privkey);
echo "<br>";
echo $plain;
echo "<br>";
$f = true;
if($plain!==$source){
echo '{"certificate":"false"}';
$f = false;
}
echo date('s');
echo $sql1 = "INSERT INTO ".$table['user']."certificate SET cr_root='S',
cr_fp='".$POST["fp"]."',
cr_s_c='".$detail["subject"]["C"]."',
cr_s_st='".$detail["subject"]["ST"]."',
cr_s_l='".$detail["subject"]["L"]."',
cr_s_o='".$detail["subject"]["O"]."',
cr_s_ou='".$detail["subject"]["OU"]."',
cr_s_cn='".$detail["subject"]["CN"]."',
cr_s_mail='".$detail["subject"]["emailAddress"]."',
cr_i_c='".$detail["issuer"]["C"]."',
cr_i_st='".$detail["issuer"]["ST"]."',
cr_i_l='".$detail["issuer"]["L"]."',
cr_i_o='".$detail["issuer"]["O"]."',
cr_i_ou='".$detail["issuer"]["OU"]."',
cr_i_cn='".$detail["issuer"]["CN"]."',
cr_i_mail='".$detail["issuer"]["emailAddress"]."',
cr_hash='".$detail["hash"]."',
cr_ver='".$detail["version"]."',
cr_serial='".$detail["serialNumber"]."',
cr_start='".date('Y-m-d H:i:s',$detail["validFrom_time_t"])."',
cr_end='".date('Y-m-d H:i:s',$detail["validTo_time_t"])."',
cr_subjectkeyi='".$detail["extensions"]["subjectKeyIdentifier"]."',
cr_authoritykeyi='".$detail["extensions"]["authorityKeyIdentifier"]."',
cr_basicc='".$detail["extensions"]["basicConstraints"]."',
cr_critical='S',
cr_pws='S',
cr_keysiz='".$key."',
cr_cer='".addslashes($certout)."',
cr_csr='".addslashes($csrout)."',
cr_key='".addslashes($pkeyout)."'
";
$result1 = true;
// $result1 = $db->sql_query($sql1);
if($result1==true AND $f==true){
echo '{"certificate":"true"}';
}
// var_dump($detail);
file_put_contents('certificate.cer',$certout);
file_put_contents('certificate.csr',$csrout);
file_put_contents('certificate.key',$pkeyout);
?>
_______________________________________________
Hackmeeting mailing list
Hackmeeting@???
https://www.autistici.org/mailman/listinfo/hackmeeting
