Skip to content
/ sops-predictor Public

bypasses sops encryption to find the length of a sops encrypted value and fully bypasses encrypted bools.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bethdevopsbunny/sops-predictor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
cmd
cmd
 
 
sopsdata
sopsdata
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

sops-predictor

Edit: hey i did a little blogpost about this https://blog.bethdevopsbunny.com/Predicting+Sops

sops doesnt hide the length of the encrypted fields very well, I noticed this and found that mozilla are aware of this bug, but that doesnt mean i cant have fun with it!

for all data types it can return you the legnth of the encrypted value.

for boolean however, as it can only be true or false having the length of the value allows you to assume its encrypted value as true has 4 characters and false has 5.

after re-reading the bug linked above, it shows that

here is the age encrypted file in sopsdata/secrets.enc.yml being predicted. image

About

bypasses sops encryption to find the length of a sops encrypted value and fully bypasses encrypted bools.

Topics

cybersecurity sops

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 2

clean string evaluation Latest
Oct 22, 2022
+ 1 release

Packages

No packages published

Languages