icon

Certificates

Last modified: 2024-12-18

An electronic document used to prove the validity of a public key.

Connect to Remote Server with SSL/TLS

You need to have two files - certificate and private key.

nc --ssl-cert cert.pem --ssl-key private-key.pem <target-ip> <target-port>
# or
ncat --ssl-cert cert.pem --ssl-key private-key.pem <target-ip> <target-port>

RSA Attack

  • Retrieve Private Key

    • RsaCtfTool

      RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data.


PFX (PKCS#12) -> PEM -> RSA

  1. Crack Password of PFX

    crackpkcs12 is useful to crack password.

    crackpkcs12 -d wordlist.txt example.pfx
    
  2. Extract a Private Key

    • For Encrypted Key

      openssl pkcs12 -in example.pfx -nocerts -out key.pem
      
    • For No Encrypted Key

      openssl pkcs12 -in example.pfx -nocerts -out key.pem -nodes
      
  3. Extract a Public Key (Cert)

    openssl pkcs12 -in example.pfx -nokeys -out cert.pem
    
  4. Create RSA Key

    Using the private key generated.

    openssl rsa -in key.pem -out rsa.key
    

RSA Asymmetrick Encrypt/Decrypt

  • Encryption

    1. Generate a Private Key

      openssl genrsa -aes256 -out private.key 8912
      
    2. Generate a Public Key using the Private Key

      openssl rsa -in private.key -pubout public.key
      
    3. Encrypt using the Public Key

      openssl rsautl -encrypt -pubin -inkey public.key -in plain.txt -out encrypted.txt
      
  • Decryption

    1. Decrypt a Private Key

      openssl rsautl -decrypt -inkey private.key -in encrypted.txt -out plain.txt