Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Fix weak random seed
- Loading branch information
Showing
with
2 additions
and
2 deletions.
-
+2
−2
scoreserver.rb
|
|
@@ -1,7 +1,7 @@ |
|
|
#!/usr/bin/ruby |
|
|
require 'rubygems' |
|
|
require 'sinatra' |
|
|
require 'digest/sha1' |
|
|
require 'securerandom' |
|
|
|
|
|
SCORESERVER_VERSION = "0.0.2" |
|
|
|
|
|
@@ -11,7 +11,7 @@ |
|
|
# create default config.rb |
|
|
open('./config.rb', "w+") {|f| |
|
|
f.puts <<-"EOS" |
|
|
COOKIE_SECRET = "#{Digest::SHA1.hexdigest(Time.now.to_s)}" |
|
|
COOKIE_SECRET = "#{SecureRandom.hex(20)}" |
|
|
ADMIN_PASS_SHA1 = "08a567fa1a826eeb981c6762a40576f14d724849" #ctfadmin |
|
|
STYLE_SHEET = "/style.css" |
|
|
HTML_TITLE = "scoreserver.rb CTF" |
|
|
|
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session.
You signed out in another tab or window. Reload to refresh your session.
This comment has been minimized.
6e5cd6cFYI - The vuln here probably leads to RCE as well. I commented on the reddit thread about your blogpost, but with no blog comments I thought you might be interested to see it, so figured I'd just comment here. http://www.reddit.com/r/netsec/comments/22a49s/an_exercise_in_weak_random_seed_exploitation/