Jump to content

Search the Community

Showing results for tags 'certificate'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

Found 7 results

  1. Does anyone know if it is possible to find the server certificate of an enterprise network? Or is there any other way to stop the mismatched thumbprint error coming up on Windows 10 devices with the WIFI Pineapple? I assume it isn't possible but just want to check. Thanks
  2. Hello, I often use the PineAP Enterprise feature but this time instead of using a self-signed certificat, I would like to use a valid certificat (signed by a valid CA). There is no option to import it from the GUI. How should I import it with SSH (folder, name, format, etc..) ? Thank you
  3. Hi, I'm a security architect and double up as the internal pen tester for my company. I showed my company why they shouldn't use just credentials to authenticate to the wireless network by setting up the pineapple and using PineAP to capture the creds in cleartext (using the GTC downgrade). I recommended they use a certificate on all laptops to connect to the wireless. My question is, how can I test to ensure this certificate setup is secure? Can I still capture the certificate to use myself and, if so, how? (I know I can create my own certificate to lure the users onto my rogue AP, but that won't get me onto my company's wireless network. Thank you in advance for any help! James.
  4. Discussion Thread for Root CA installer. (No Local Admin Rights necessary) current development via: https://github.com/jrsmile/bashbunny-payloads/tree/master/payloads/library/rooter (TESTED and Working) pull request waiting. small Howto create self-signed-root-ca: Create the Root Certificate (Done Once) Creating the root certificate is easy and can be done quickly. Once you do these steps, you’ll end up with a root SSL certificate that you’ll install on all of your desktops, and a private key you’ll use to sign the certificates that get installed on your various devices. Create the Root Key The first step is to create the private root key which only takes one step. In the example below, I’m creating a 2048 bit key: openssl genrsa -out rootCA.key 2048 The standard key sizes today are 1024, 2048, and to a much lesser extent, 4096. I go with 2048, which is what most people use now. 4096 is usually overkill (and 4096 key length is 5 times more computationally intensive than 2048), and people are transitioning away from 1024. Important note: Keep this private key very private. This is the basis of all trust for your certificates, and if someone gets a hold of it, they can generate certificates that your browser will accept. You can also create a key that is password protected by adding -des3: openssl genrsa -des3 -out rootCA.key 2048 You’ll be prompted to give a password, and from then on you’ll be challenged password every time you use the key. Of course, if you forget the password, you’ll have to do all of this all over again. The next step is to self-sign this certificate. openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem This will start an interactive script which will ask you for various bits of information. Fill it out as you see fit. You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:Oregon Locality Name (eg, city) []:Portland Organization Name (eg, company) [Internet Widgits Pty Ltd]:Overlords Organizational Unit Name (eg, section) []:IT Common Name (eg, YOUR name) []:Data Center Overlords Email Address []:none@none.com Once done, this will create an SSL certificate called rootCA.pem, signed by itself, valid for 1024 days, and it will act as our root certificate. The interesting thing about traditional certificate authorities is that root certificate is also self-signed. But before you can start your own certificate authority, remember the trick is getting those certs in every browser in the entire world.
  5. Hi, did someone know how i could decrypt a BLOB-Data from the Windows Registry? For Example there is a digital certificate stored which looks like it is encrypted. Now i want to decrypt it with java and native call the crypt32.dll (function: cryptUnprotectData()) with JNA. i tried it, but i get data invalid error. the function could have many arguments, but i did not found out which i have to use exactly. here is my little peace of code - maybe it helps.. byte[] byteArray = (byte[]) Advapi32Util.registryGetValue(WinReg.HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\02FAF3E291435468607857694DF5E45B68851868", "Blob"); byte[] protectedData = Crypt32Util.cryptProtectData(byteArray); String test = new String(protectedData); System.out.println(test); When i run this code i get: Data invalid - win32 exception. so i think something wrong with the input data. Maybe the data was not encrypted with dpapi? or i need to use some of the arguments (see here: http://msdn.microsoft.com/en-us/library/windows/desktop/aa380882%28v=vs.85%29.aspx)? Hope someone could help me :) thnx!
  6. Hi all, Is anyone familiar with invalidating PDF certificates / removing document security? I have a number of documents which require an installed certificate (which I have) and a password for said certificate. Is there a way to remove this from a PDF? I don't have the public key. I have tried invalidating the certificate using some perl script magic but the document permissions still prevent me from clearing and removing the invalid certificate.
  7. Earlier today I realized that my domain service uses plain old FTP to transfer data. So, after watching an old hak5 ep I called their office to see if they offer SSH shells or third party discounted VPN access. I was schocked when the lady on the other end said "Please hold. I'll look into it for you." She didn't know the difference btw SSH and VPN! I was advised to log in using IE when I told her that I'm a road warrior. She couldn't answer any of my questions regarding pub wifi security. I immediately demanded to talk to a tech in tier III who speaks ENGLISH. She placed the call on hold for five mins and transferred the call to Joe. Joe had no clue wtf I was talking about. He thought I was trying to setup a plain old webpage to share cupcake and purne juice recipes. He told me to think of my website as house in cyber space. Joe for some strange reason avoided using words like encryption. To pat Joe on the back I asked him how I can send strippers to my house in cyber space without all the jeahovah's witnesses in the neighborhood knocking down the front door. He scrathed his head and then recommended establishing a secure SSL connection to their corporate network, which according to him implements 128bit SSL. To make a long story short, Joe ended up recommending a premium 400$ per yr VPS service that implements SSL and recommended developing custom scripts to run on their server. According to Joe, its possible to host a proprietary script/application on their server that encrypts info on the fly off a SSL tunnel. Imagine hak5.org stored on an encrypted server that only allows certain key holders to view info. My question here is two fold. How secure is 128bit? Most cc companies use 1024bit authentication. Secondly, Whats the best way to encrypt info stored on a hosting service using a key - like Truecypt volumes?
×
×
  • Create New...