From 99f35574156e8312a5fbae5b19412ee32b3fe705 Mon Sep 17 00:00:00 2001 From: Swissky <12152583+swisskyrepo@users.noreply.github.com> Date: Fri, 6 Sep 2024 21:59:41 +0200 Subject: [PATCH] Randomness mt_rand + Analytics --- .github/overrides/main.html | 1 + CICD/Github-Actions.md | 1 + Insecure Randomness/README.md | 20 ++++++++++++++++++-- mkdocs.yml | 4 ++-- 4 files changed, 22 insertions(+), 4 deletions(-) diff --git a/.github/overrides/main.html b/.github/overrides/main.html index e34e021..e0c9368 100644 --- a/.github/overrides/main.html +++ b/.github/overrides/main.html @@ -14,6 +14,7 @@
+ {% endblock %} diff --git a/CICD/Github-Actions.md b/CICD/Github-Actions.md index 84a717b..beae4a6 100644 --- a/CICD/Github-Actions.md +++ b/CICD/Github-Actions.md @@ -104,6 +104,7 @@ A self-hosted runner for GitHub Actions is a machine that you manage and maintai Scan a public GitHub Organization for Self-Hosted Runners +* [AdnaneKhan/Gato-X](https://github.com/AdnaneKhan/Gato-X) - Fork of Gato - Gato (Github Attack TOolkit) - Extreme Edition * [praetorian-inc/gato](https://github.com/praetorian-inc/gato) - GitHub Actions Pipeline Enumeration and Attack Tool ```ps1 gato -s enumerate -t targetOrg -oJ target_org_gato.json diff --git a/Insecure Randomness/README.md b/Insecure Randomness/README.md index a12f14c..7c62ccb 100644 --- a/Insecure Randomness/README.md +++ b/Insecure Randomness/README.md @@ -6,6 +6,7 @@ * [GUID Versions](#guid-versions) * [Mongo ObjectId](#mongo-objectid) * [Uniqid](#uniqid) +* [mt_rand](#mt_rand) * [Other](#other) * [References](#references) @@ -133,6 +134,20 @@ for token in tokens: ``` +## mt_rand + +Breaking mt_rand() with two output values and no bruteforce. + +* [ambionics/mt_rand-reverse](https://github.com/ambionics/mt_rand-reverse) - Script to recover mt_rand()'s seed with only two outputs and without any bruteforce. + +```ps1 +./display_mt_rand.php 12345678 123 +712530069 674417379 + +./reverse_mt_rand.py 712530069 674417379 123 1 +``` + + ## Other Other bad ideas that are sometimes shipped into production. @@ -149,11 +164,12 @@ Generic identification and sandwitch attack: ``` -### References +## References * [In GUID We Trust - Daniel Thatcher - October 11, 2022](https://www.intruder.io/research/in-guid-we-trust) * [IDOR through MongoDB Object IDs Prediction - Amey Anekar - August 25, 2020](https://techkranti.com/idor-through-mongodb-object-ids-prediction/) * [[FR] Secret basé sur le temps non sécurisé et attaque par sandwich - Analyse de mes recherches et publication de l’outil “Reset Tolkien” - Tom CHAMBARETAUD / @AethliosIK - 2 apr 2024](https://www.aeth.cc/public/Article-Reset-Tolkien/secret-time-based-article-fr.html) * [[EN] Unsecure time-based secret and Sandwich Attack - Analysis of my research and release of the “Reset Tolkien” tool - Tom CHAMBARETAUD / @AethliosIK - 2 apr 2024](https://www.aeth.cc/public/Article-Reset-Tolkien/secret-time-based-article-en.html) * [Secret non sécurisé basé sur le temps et attaques par sandwich - Tom CHAMBARETAUD aka Aethlios](#) -* [Exploiting Weak Pseudo-Random Number Generation in PHP’s rand and srand Functions - Jacob Moore - Oct 18, 2023](https://medium.com/@moorejacob2017/exploiting-weak-pseudo-random-number-generation-in-phps-rand-and-srand-functions-445229b83e01) \ No newline at end of file +* [Exploiting Weak Pseudo-Random Number Generation in PHP’s rand and srand Functions - Jacob Moore - Oct 18, 2023](https://medium.com/@moorejacob2017/exploiting-weak-pseudo-random-number-generation-in-phps-rand-and-srand-functions-445229b83e01) +* [Breaking PHP's mt_rand() with 2 values and no bruteforce - Charles Fol - 06 January, 2020](https://www.ambionics.io/blog/php-mt-rand-prediction) \ No newline at end of file diff --git a/mkdocs.yml b/mkdocs.yml index c2797a8..55fdbee 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -44,8 +44,8 @@ theme: # - navigation.path extra_css: - - custom.css - + - custom.css + markdown_extensions: - tables - attr_list