Email or username:

Password:

Forgot your password?
Top-level
waldi

@q3k There is one string that stands out: ssh-rsa-cert-v01@openssh.com

Would they allow some hard coded key to sign certificates and just allow them through?

2 comments
Ross Burton

@waldi @q3k That's a SSH key type (cvsweb.openbsd.org/src/usr.bin) but it's definitely doing *something* with keys. I wonder if the crazy foo=bar assignment is used to identify a key with hidden attributes.

waldi

@q3k Yeah. Can’t quote it right now, but it seems they use broken certificates that contain encrypted stuff in the rsa public key, which is then directly executed with system().

Go Up