Skip to content

jaads/Efail-malleability-gadget-exploit

Repository files navigation

Efail-malleability-gadget-exploit

This project provides code to exploit the malleability CFB (CVE-2017-17688) and CBC gadgets (CVE-2017-17689) published by Efail and made available for penetration testing.

The documentation with all side notes and a detailed introduction can be fount in HTML here or as PDF here. Also a summary in form as a presentation can be found here.

The files opgp_modification.py and smime_modification.py are the execution points for the desired exploits. The project includes encrypted test messages for both, OpenPGP and S/MIME. However, any other message can be loaded into the program.

Adjustments

  • Ciphertexts: The path in get_*_msg() needs to be changed in order to load another ciphertext. Furthermore, the initialization needs to be adopted. For the latter I recommend using this or that decoder depending on the encryption standard.
  • Emailserver: In addition, configurations regarding smtplib need to be made. Therefore you need to specify your email server, address and password in config.txt. An example file is given.

Note

The exploits currently lack on an implementation to defeat integrity protection in OpenPGP messages. This is might be not necessary but depends on the targeting email client.

About

Exploiting Efail vulnerability in e.g. in Thunderbird

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages