exfiltred .rnd file exploitation
Context
During a CTF, as www-data, I managed to exfiltrate an .rnd file used by phpseclib on a PHP app (I exfiltrated the entire app). Since SSHD is configured with PubkeyAuthentication yes and PasswordAuthentication no, my guess is that i) I should use the admin's ssh key to log with ssh ii) because he might have used the same keys as the ones used in the app. My goal is to re-generate the admin's pair.
Problem
Wherever I put the file (but it seems to be expected in ~/)
openssl.cnf
# minimalist openssl.cnf file for use with phpseclib
HOME = .
RANDFILE = $ENV::HOME/.rnd
[ v3_ca ]
no matter if I use php phpseclib/phpseclib/Crypt/RSA.php or openssl genrsa -rand .rnd -out key.pem 1024, I end up with different pairs each time, none of which are better candidate than the others.
Since the .rnd is a seed, I naively though that Same(.rnd) => Same(keys pair) but this does not seem to be the case. Either I do not use it properly or the keys are not solely determined by the seed.
Questions
Is it possible to exploit a .rnd in any way? Even is the relation .rnd <> pair is not deterministic, does it narrow the space of possible pairs in an exploitable way?
