SSL Impersonation in 5 minutes or less!
Upcoming SlideShare
Loading in...5
×
 

SSL Impersonation in 5 minutes or less!

on

  • 5,155 views

SSL certificate impersonation… for shits and giggles! ...

SSL certificate impersonation… for shits and giggles!

A quick 5 minute talk about SSL impersonation and why self-signed certs aren't a valid solution for your enterprise!

BruCON 2011 Lightning Talk

Statistics

Views

Total Views
5,155
Views on SlideShare
2,783
Embed Views
2,372

Actions

Likes
1
Downloads
38
Comments
0

15 Embeds 2,372

http://blog.c22.cc 2301
http://www.securitybloggersnetwork.com 29
http://www.slideshare.net 14
http://us-w1.rockmelt.com 6
http://feeds.feedburner.com 5
http://www.linkedin.com 4
http://translate.googleusercontent.com 3
http://translate.googleusercontent.com 3
https://twitter.com 1
http://podcast.isvoc.com 1
http://127.0.0.1:8795 1
http://66.163.168.225 1
http://webcache.googleusercontent.com 1
http://twitter.com 1
https://blog.c22.cc 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

SSL Impersonation in 5 minutes or less! SSL Impersonation in 5 minutes or less! Presentation Transcript

  •  
  •  
  • Who, What, Why
    • Who
      • Enterprises
      • Home Users
      • You!
    • What
      • Self-Signed Certs
    • Why
      • Because signing your own certs is bad m’kay!
  • Why use self-signed certs?
    • Easy
      • One-Click and you’re done
    • Fast
      • No need to wait on a CA
    • Default?
      • Default cert…
      • Ah just leave it
    • It’s ONLY a test server!
  • Self-signed cert in action
  •  
  • Self-signed cert in action
    • Enter Metasploit… the tool of champions
    • msf > use auxiliary/gather/impersonate_ssl
    • msf auxiliary(impersonate_ssl) > set RHOST prodsap.company.com
    • RHOST => prodsap.company.com
    • msf auxiliary(impersonate_ssl) > run
    • [*] Connecting to prodsap.company.com:443
    • [*] Copying certificate /O=company.com/OU=Domain Control Validated/CN=prodsap.company.com from prodsap.company.com:443
    • [*] Beginning export of certificate files
    • [+] Created required files from remote server prodsap.company.com:443
    • [+] Files stored in ~/.msf/loot (.key|.crt|.pem)
    • [*] Auxiliary module execution completed
  • Self-signed cert in action
    • Enter Metasploit… the tool of champions
    • msf > use auxiliary/gather/impersonate_ssl
    • msf auxiliary(impersonate_ssl) > set RHOST prodsap.company.com
    • RHOST => prodsap.company.com
    • msf auxiliary(impersonate_ssl) > run
    • [*] Connecting to prodsap.company.com:443
    • [*] Copying certificate /O=company.com/OU=Domain Control Validated/CN=prodsap.company.com from prodsap.company.com:443
    • [*] Beginning export of certificate files
    • [+] Created required files from remote server prodsap.company.com:443
    • [+] Files stored in ~/.msf/loot (.key|.crt|.pem)
    • [*] Auxiliary module execution completed
  • Result (0) As near as darn a clone of the original Fingerprints + Serial Number differ
  • Result (1) All CN data is 100% cloned… Average users don’t care!
  • But we DO pay attention! Techies might notice… maybe! So give them a REASON why…
  • But we DO pay attention! OH, our self signed cert expired yesterday. I’ll sort that later ;)
  • # WIMMING
  • What else can it do!
    • Self-signed certs for anything you like!
      • I’ll take a google.com please!
    • Sign your own cert
      • with that CA signing keyyou stole from Diginotar
      • … or an internal corp CA you accidentally hacked ;)
    • It makes coffee too!
  • So what… this is weak sauce!
    • It’s not new!
    • It’s not special!
    • I can do this in OpenSSL too!
    • Yes, yes, and yes…
      • But this MSF module does it all for you
      • … in 15 seconds
      • … click, click, boom!
  • Final Points
    • Not in MSF SVN… yet!
    • Working on some small bugs
      • Windows 7 doesn’t like the cert?!!*&%
    • Part of a bigger project to MITM SAP
      • I like SAP…
      • Easy to pick on!
    • Available through SVN
      • chrisjohnriley-metasploit-modules.googlecode.com/svn/trunk/
      • Linked on http://c22.cc as well
  •