top of page

Ken Walters Group

Public·169 members
Anatoly Seleznev
Anatoly Seleznev

New SHA1 Attack €? Linux, UNIX Engineers Blog Fix


So I have some of the ingredients that we can talk about. We have a topic, we have a tool, and all that we need is a vulnerable application. We found a couple that had been used in CTFs, and one that also included some other interesting crypto challenges called CryptOMG by SpiderLabs. They published the solutions to the first and second challenges on their blog. This is the solution to the fifth challenge which is a hash length extension attack, and of course we will use hash_extender to do so. Installing CryptOMG is covered in Appendix A.




New SHA1 attack – Linux, UNIX engineers blog



Note: This is a very long script that downloads additional scripts and changes or adds many configurations on Linux servers. This blog has the highlights of what the script is doing to provide a fast reference guide to this attack. Some of the things that the script is doing are not documented in this blog post. The hash of the script is available at the end of this article. It has also been uploaded to VirusTotal.


Over 80% websites in the internet are vulnerable to hacks and attacks. In our role as hosting support engineers for web hosts, we perform periodic security scans and updates in servers to protect them from hacks.


This blog post won't go into the technical details on how the attacker gets into the ESXi hosts to execute the actual ransomware. This could for example be done through an RCE vulnerability such as the one for SLP in ESXi or through Active Directory->vCenter Server->ESXi, but also in other ways. A future blog post will analyze this in more detail and provide more suggested protections.


About

Welcome to the group! You can connect with other members, ge...

Members

  • Ken Walters
  • ChatGPT Japanese
    ChatGPT Japanese
  • Jammie Ampongan
    Jammie Ampongan
  • Maurice Quinn
    Maurice Quinn
  • Max Power
    Max Power
bottom of page