0
 
 
Who, What, Why <ul><li>Who </li></ul><ul><ul><li>Enterprises </li></ul></ul><ul><ul><li>Home Users </li></ul></ul><ul><ul>...
Why use self-signed certs? <ul><li>Easy </li></ul><ul><ul><li>One-Click and you’re done </li></ul></ul><ul><li>Fast </li><...
Self-signed cert in action
 
Self-signed cert in action <ul><li>Enter Metasploit… the tool of champions </li></ul><ul><li>msf >  use auxiliary/gather/i...
Self-signed cert in action <ul><li>Enter Metasploit… the tool of champions </li></ul><ul><li>msf >  use auxiliary/gather/i...
Result   (0) As near as darn a clone of the original Fingerprints + Serial Number differ
Result   (1) All CN data is 100% cloned… Average users don’t care!
But we DO pay attention! Techies might notice… maybe! So give them a REASON why…
But we DO pay attention! OH, our self signed cert expired yesterday. I’ll sort that later ;)
# WIMMING
What else can it do! <ul><li>Self-signed certs for anything you like! </li></ul><ul><ul><li>I’ll take a google.com please!...
So what… this is weak sauce! <ul><li>It’s not new! </li></ul><ul><li>It’s not special! </li></ul><ul><li>I can do this in ...
Final Points <ul><li>Not in MSF SVN… yet! </li></ul><ul><li>Working on some small bugs </li></ul><ul><ul><li>Windows 7 doe...
 
Upcoming SlideShare
Loading in...5
×

SSL Impersonation in 5 minutes or less!

4,935

Published on

SSL certificate impersonation… for shits and giggles!

A quick 5 minute talk about SSL impersonation and why self-signed certs aren't a valid solution for your enterprise!

BruCON 2011 Lightning Talk

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
4,935
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
39
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "SSL Impersonation in 5 minutes or less!"

  1. 3. Who, What, Why <ul><li>Who </li></ul><ul><ul><li>Enterprises </li></ul></ul><ul><ul><li>Home Users </li></ul></ul><ul><ul><li>You! </li></ul></ul><ul><li>What </li></ul><ul><ul><li>Self-Signed Certs </li></ul></ul><ul><li>Why </li></ul><ul><ul><li>Because signing your own certs is bad m’kay! </li></ul></ul>
  2. 4. Why use self-signed certs? <ul><li>Easy </li></ul><ul><ul><li>One-Click and you’re done </li></ul></ul><ul><li>Fast </li></ul><ul><ul><li>No need to wait on a CA </li></ul></ul><ul><li>Default? </li></ul><ul><ul><li>Default cert… </li></ul></ul><ul><ul><li>Ah just leave it </li></ul></ul><ul><li>It’s ONLY a test server! </li></ul>
  3. 5. Self-signed cert in action
  4. 7. Self-signed cert in action <ul><li>Enter Metasploit… the tool of champions </li></ul><ul><li>msf > use auxiliary/gather/impersonate_ssl </li></ul><ul><li>msf auxiliary(impersonate_ssl) > set RHOST prodsap.company.com </li></ul><ul><li>RHOST => prodsap.company.com </li></ul><ul><li>msf auxiliary(impersonate_ssl) > run </li></ul><ul><li>[*] Connecting to prodsap.company.com:443 </li></ul><ul><li>[*] Copying certificate /O=company.com/OU=Domain Control Validated/CN=prodsap.company.com from prodsap.company.com:443 </li></ul><ul><li>[*] Beginning export of certificate files </li></ul><ul><li>[+] Created required files from remote server prodsap.company.com:443 </li></ul><ul><li>[+] Files stored in ~/.msf/loot (.key|.crt|.pem) </li></ul><ul><li>[*] Auxiliary module execution completed </li></ul>
  5. 8. Self-signed cert in action <ul><li>Enter Metasploit… the tool of champions </li></ul><ul><li>msf > use auxiliary/gather/impersonate_ssl </li></ul><ul><li>msf auxiliary(impersonate_ssl) > set RHOST prodsap.company.com </li></ul><ul><li>RHOST => prodsap.company.com </li></ul><ul><li>msf auxiliary(impersonate_ssl) > run </li></ul><ul><li>[*] Connecting to prodsap.company.com:443 </li></ul><ul><li>[*] Copying certificate /O=company.com/OU=Domain Control Validated/CN=prodsap.company.com from prodsap.company.com:443 </li></ul><ul><li>[*] Beginning export of certificate files </li></ul><ul><li>[+] Created required files from remote server prodsap.company.com:443 </li></ul><ul><li>[+] Files stored in ~/.msf/loot (.key|.crt|.pem) </li></ul><ul><li>[*] Auxiliary module execution completed </li></ul>
  6. 9. Result (0) As near as darn a clone of the original Fingerprints + Serial Number differ
  7. 10. Result (1) All CN data is 100% cloned… Average users don’t care!
  8. 11. But we DO pay attention! Techies might notice… maybe! So give them a REASON why…
  9. 12. But we DO pay attention! OH, our self signed cert expired yesterday. I’ll sort that later ;)
  10. 13. # WIMMING
  11. 14. What else can it do! <ul><li>Self-signed certs for anything you like! </li></ul><ul><ul><li>I’ll take a google.com please! </li></ul></ul><ul><li>Sign your own cert </li></ul><ul><ul><li>with that CA signing keyyou stole from Diginotar </li></ul></ul><ul><ul><li>… or an internal corp CA you accidentally hacked ;) </li></ul></ul><ul><li>It makes coffee too! </li></ul>
  12. 15. So what… this is weak sauce! <ul><li>It’s not new! </li></ul><ul><li>It’s not special! </li></ul><ul><li>I can do this in OpenSSL too! </li></ul><ul><li>Yes, yes, and yes… </li></ul><ul><ul><li>But this MSF module does it all for you </li></ul></ul><ul><ul><li>… in 15 seconds </li></ul></ul><ul><ul><li>… click, click, boom! </li></ul></ul>
  13. 16. Final Points <ul><li>Not in MSF SVN… yet! </li></ul><ul><li>Working on some small bugs </li></ul><ul><ul><li>Windows 7 doesn’t like the cert?!!*&% </li></ul></ul><ul><li>Part of a bigger project to MITM SAP </li></ul><ul><ul><li>I like SAP… </li></ul></ul><ul><ul><li>Easy to pick on! </li></ul></ul><ul><li>Available through SVN </li></ul><ul><ul><li>chrisjohnriley-metasploit-modules.googlecode.com/svn/trunk/ </li></ul></ul><ul><ul><li>Linked on http://c22.cc as well </li></ul></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×