Stealing Certificates with Apostille

At Def Con 26, @singe and @_cablethief gave a talk on enterprise wireless attacks. When it’s video is released you should check it out.

During that talk, they quickly touched on a tool written by Rogan Dawes another @Sensepost-er’s tool called “Apostille”. It is esentially a certificate stealing (cloning? faking? doppelganger-ing?) tool. However, that over simplifies what it does.

Copying a certificate’s common name, email, or other fields that are inputted during creation is a relatively easy way to copy certificates, and they can look relatively good at first glance. However, this simple copy leads to many tell-tail signs that it’s fake. For instance lets say I create a certificate like so:

root@apostille-post:~# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mycert.pem -out mycert.pemGenerating a 2048 bit RSA private key.................................................................................................................+++...+++writing new private key to 'mycert.pem'-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [AU]:USState or Province Name (full name) [Some-State]:CaliforniaLocality Name (eg, city) []:Mountain ViewOrganization Name (eg, company) [Internet Widgits Pty Ltd]:Google LLCOrganizational Unit Name (eg, section) []:Common Name (e.g. server FQDN or YOUR name) []:*.google.comEmail Address []:

If I host it out, here are the results side by side with Google.com:

The Vaild From, the Issued By, and most of the other certificate information helps this certificate to stand out as fraudulent. Also, doing this by hand is a PITA.

Enter Apostille.

It’s pretty straight forward to get it going, but you do need both Java’s JDK and Maven to compile it first:

root@apostille-post:~# apt install -y maven default-jdk git

(I’m doing this on a fresh box so it needed git as well)

Step 2, git clone the repo, and compile with Maven:

root@apostille-post:~# git clone https://github.com/sensepost/apostilleCloning into 'apostille'...remote: Counting objects: 48, done.remote: Total 48 (delta 0), reused 0 (delta 0), pack-reused 48Unpacking objects: 100% (48/48), done.root@apostille-post:~# cd apostille/root@apostille-post:~/apostille# mvn package

Step 3, Clone your first certificate:
java -jar target/apostille-1.0-SNAPSHOT.jar google.com:443 tempkeystore.jks ASDqwe123 ASDqwe123

  • google.com:443 is the endpoint that will serve a certificate chain back, this isn’t regulated to only HTTPS, but any TLS endpoint.
  • tempkeystore.jks is the Java Keystore file that we will putting the certificate chain into.
  • ASDqwe123 is the kspassword and then the keypassword (Keystore and certificate password) – I just made them the same as this is an example and I won’t be using the keystore for anything but to export the certificates later.

In order to get the certificates out of the keystore and into a PEM format that I can use for testing, I used the following:

Source: https://www.calazan.com/how-to-convert-a-java-keystore-jks-to-pem-format/

root@apostille-post:~/apostille# keytool -importkeystore -srckeystore tempkeystore.jks -destkeystore myapp.p12 -srcalias *.google.com -srcstoretype jks -deststoretype pkcs12Importing keystore tempkeystore.jks to myapp.p12...Enter destination keystore password: ASDqwe123Re-enter new password: ASDqwe123Enter source keystore password: ASDqwe123

(The passwords will not show up, but I put them in there so you can see what I’m inputting. Again I chose a simple password because I’m converting it one more time)

Then finally to a PEM like so:

root@apostille-post:~/apostille# openssl pkcs12 -in myapp.p12 -out myapp.pemEnter Import Password: ASDqwe123Enter PEM pass phrase: WugWZ3!F3hD#8P!fVerifying - Enter PEM pass phrase: WugWZ3!F3hD#8P!f

To test out how it looks I’ll reference AKB’s Quick Web Servers list

root@apostille-post:~/apostille# openssl s_server -cert myapp.pem -accept 443 -WWWEnter pass phrase for myapp.pem: WugWZ3!F3hD#8P!fUsing default temp DH parametersACCEPT

And the result is:

A much more believable certificate, even to the discerning eye.

Again, thanks to @RoganDawes for this amazing tool.



*** This is a Security Bloggers Network syndicated blog from Malicious Link authored by Malicious Link. Read the original post at: http://feedproxy.google.com/~r/Room362com/~3/ka5e3sUZa9I/