sha1collisiondetection
pocorgtfo
sha1collisiondetection | pocorgtfo | |
---|---|---|
7 | 7 | |
1,291 | 1,223 | |
- | - | |
0.0 | 5.8 | |
17 days ago | 3 months ago | |
C | TeX | |
GNU General Public License v3.0 or later | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
sha1collisiondetection
- ScrapScript: In-Development Language with Some Cool Features (Not Mine)
-
Is it ever possible for 2 commits to have the same hash?
It's far more likely that somebody would try to artificially create a collision. There is code in git to try to detect this https://github.com/cr-marcstevens/sha1collisiondetection
-
C compiler in .NET
First milestone is to be able to compile this code https://github.com/cr-marcstevens/sha1collisiondetection/ using Cesium.
-
Hash collisions and exploitations – Instant MD5 collision
For sha1, people made a system where you can detect the patterns that lead to a collision, and (for example) replace it with a different hash only for inputs that would be a problem. https://github.com/cr-marcstevens/sha1collisiondetection i think git does this to eek more life out of sha1.
I imagine you could take a similar counter-cryptnalysis approach to md5. (I am out of my depth here, so there could be reasons this doesnt work for md5 im unaware of)
- Library and command line tool to detect SHA-1 collisions (2017)
-
Apart from using exec.Command, is there a better way to check version of any external system app in /usr/local/bin like fzf or nodejs using go?
I'm saying that Git is on my side of opinion, that's why Git added collision detection (hardened SHA1) and added support for more stronger hashes and Git's goal is transition out of SHA1. The same is with fossil, that added hardened SHA1 since 2017 and by default uses SHA3 for new repositories.
- SHA-1 'Fully and Practically Broken' by New Collision
pocorgtfo
-
MIPS Firmware Reverse Engineering - anyone having any success using Ghidra for this?
Your best bet here is to get the base address nailed down (assuming it’s a flat/monolithic image). There are a handful of utilities floating around (binbloom, basefind2) that use various pointer heuristics to try to guess the base address. There’s also a nice trick detailed in PoC||GTFO that you can use pretty reliably.
- Image displays its own MD5 hash
- Gitlab servers are being exploited in DDoS attacks in excess of 1 Tbps
-
smh dumb antivirus software
execute the pdf: https://github.com/angea/pocorgtfo
-
SHA-1 'Fully and Practically Broken' by New Collision
1) People systematically underestimate how easy it is to create collisions that still do something "interesting", like being polyglots. See PoC||GTFO, specifically anything by Ange Albertini, for examples; grep https://github.com/angea/pocorgtfo/blob/master/README.md for "MD5".
1bis) You can use an existing collision to create new collisions. People seem to think you need to generate all the work again from scratch.
1cis) The files do not need to be gigantic.
2) You can do the collision in advance, and publish the malicious version later. What it accomplishes is that the concept of "this Git hash unambiguously specifies a revision" no longer works, and one of them can be malicious.
3) The standard should be "obviously safe beyond a reasonable doubt", not "not obviously unsafe to a non-expert". By the latter standard, pretty much any random encryption construction is fine.
-
Show HN: Redbean: single-file distributable web server
If you want to learn more how these things work I'd highly suggest going through the PoC||GTFO archive (https://github.com/angea/pocorgtfo/blob/master/README.md) and check out entries by Ange Albertini or entries named like "This ZIP is also a PDF".
What are some alternatives?
smhasher - Hash function quality and speed tests
gitlab-workhorse
collisions - Hash collisions and exploitations
polyshell - A Bash/Batch/PowerShell polyglot!
OrangeC - OrangeC Compiler And Tool Chain
exiftool - ExifTool meta information reader/writer
RedBean - ORM layer that creates models, config and database on the fly
Judge0 API - 🔥 The most advanced open-source online code execution system in the world.
Metasploit - Metasploit Framework
BLAKE3 - the official Rust and C implementations of the BLAKE3 cryptographic hash function
CVE-2021-4034 - CVE-2021-4034: Local Privilege Escalation in polkit's pkexec proof of concept
binbloom - Raw binary firmware analysis software