TP-Link POC #1
Comments
|
Thank you for asking! Yes, we will try adding other exploits hopefully this weekend. Sorry for the delay. |
|
Thank you for the quick response! |
|
closed this too soon perhaps... |
|
Thanks for your comments. Yes, the issue was closed so that I forgot. Sorry for any inconvenience. Let me see if I can work something out this holiday. |
|
@theweefies TP-Link attacks are available now. I will try adding others soon. Have fun! |
|
Thanks a ton! Been playing around with it today! Question for you; i was able to pull the ssh-rsa pubkey using the fetch python script you made, but i am having some issues with the ssh rsa cracking process. I've done a ton of research and had significant issues trying to get ssh-keygen to convert the key in the format returned by the fetch script into a PEM file to get the modulus to feed into msieve. ssh-keygen keeps complaining that the key returned by the fetch script is actually a private key (its in the same format and length as the one in the image you posted), and openssl also fails when trying to convert as well. Most of the guides online provide the process for creating a key pair to test to crack and most of them start by generating pem files and don't have to deal with the openssh conversion to pem format. Any tips here? Would you mind sharing the line-by-line process you used for the private key recovery, including converting the openssh format the fetch script outputs into a format that we can work with? Thanks for any help! |
|
@theweefies I just added a script to read out the modulus n from that .pub file. Then you can consult Attack Step 2 in this solution to factor n and get p and q. More details are also there. |
Is there a planned release for the TP-Link and other remaining manufacturer write-ups/PoCs? Really enjoyed seeing your work at BlackHat and have been looking forward to seeing the other PoCs. Thanks!
The text was updated successfully, but these errors were encountered: