Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2013-0169 PoC — 多个TLS/DTLS实现加密问题漏洞

Source
https://github.com/wearohat/lucky13
Associated Vulnerability
Title:多个TLS/DTLS实现加密问题漏洞 (CVE-2013-0169)
Description:The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Description
Exploit for cve-2013-0169
Readme
# LUCKY13 Exploit

This repository contains a proof-of-concept (POC) exploit for the LUCKY13 vulnerability (CVE-2013-0169), which is a timing attack against certain implementations of the CBC (Cipher Block Chaining) mode of operation in cryptographic systems. The exploit aims to decrypt a target token by leveraging the timing differences in responses based on padding validation.

## Prerequisites

Before running the exploit, ensure you have the following:

- Python 3.x installed on your machine.
- The `requests` library. 

## How It Works

The exploit works by:

    Creating a Payload: It generates a payload that includes a prefix of known bytes and a guess for the byte being tested.
    Timing the Response: It sends the payload as a cookie to the target server and measures the time taken for the server to respond. A valid padding will typically result in a shorter response time.
    Decrypting the Token: By iterating through all possible byte values (0-255) and recording the response times, the script identifies the byte that results in the shortest response time, indicating a valid padding.
    Building the Known Bytes: The script builds the decrypted token byte by byte, starting from the last byte and working backwards
File Snapshot

 [4.0K]  /data/pocs/b6c2d7bbd4a5183a0123897fe2134ac4a1f1bd4a
├── [2.7K]  exploit.py
└── [1.2K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →