Skip to content

Instantly share code, notes, and snippets.

View CBonnell's full-sized avatar

Corey Bonnell CBonnell

  • Pittsburgh, PA
  • 13:59 (UTC -05:00)
View GitHub Profile
@CBonnell
CBonnell / csr-attr.py
Last active November 30, 2023 14:50
Generate a CSR Attributes with AcpNodeName in SAN
from pyasn1_alt_modules import rfc2986, rfc2985, rfc5280, rfc8994, rfc7030
from pyasn1.codec.der.encoder import encode
import base64
gn = rfc5280.GeneralName()
acp_name = gn['otherName']
acp_name['type-id'] = rfc8994.id_on_AcpNodeName
acp_name['value'] = rfc8994.AcpNodeName('fd89b714f3db00000200000064000000+area51.research@acp.example.com')
@CBonnell
CBonnell / gutmann_testkeys.py
Last active March 7, 2022 14:11
Converts the private keys listed in https://datatracker.ietf.org/doc/draft-gutmann-testkeys/ to OpenSSL-consumable format
import base64
import lark
import binascii
from cryptography.hazmat.primitives.asymmetric import ec, rsa, dsa
from cryptography.hazmat.primitives import serialization
from pyasn1.codec.der.encoder import encode
from pyasn1.type import univ
from pyasn1.type.namedtype import NamedTypes, NamedType
Fetch errors:
HTTPConnectionPool(host='crl.comodo.net', port=80): Max retries exceeded with url: /AAACertificateServices.crl (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object
at 0x0000025BA14EE0D0>: Failed to establish a new connection: [Errno 11001] getaddrinfo failed'))
403 Client Error: Forbidden for url: http://crl.tuntrust.tn/tntrustrootca.crl
HTTPConnectionPool(host='atospki', port=80): Max retries exceeded with url: /crl/Atos_TrustedRoot_CA_2011.crl (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x000001B43D5D87C0>: Failed to establish a new connection: [Errno 11001] getaddrinfo failed'))
@CBonnell
CBonnell / shellcode_modulus.txt
Last active December 5, 2021 00:03
Vanity RSA key with Windows bind shellcode in modulus
_ _ _, __, _, _ _ _, _ _,
| | / \ |_) |\ | | |\ | / _
|/\| |~| | \ | \| | | \| \ /
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
This key is extremely weak and should not be used for anything
Vanity RSA-3072 key with Windows bind shellcode in modulus. DER encoding of the CSR below detected by ClamAV as a trojan: https://www.virustotal.com/gui/file/b757330297ddccd7ec1fdac846dc7a69b1e75541b53ba8b8a508b0370c7b23da/detection
-----BEGIN CERTIFICATE REQUEST-----
We can make this file beautiful and searchable if this error is corrected: It looks like row 6 should actually have 1 column, instead of 2 in line 5.
CRL URI: intermediate cert subject (ASN.1 version)
http://g.symcb.com/crls/gtglobal.crl: /C=DE/O=CertCenter AG/OU=Domain Validated SSL/CN=AlwaysOnSSL CA - G2 (0)
http://g.symcb.com/crls/gtglobal.crl: /CN=Apple IST CA 2 - G1/OU=Certification Authority/O=Apple Inc./C=US (0)
http://s.symcb.com/pca3-g5.crl: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G2 (0)
http://s.symcb.com/pca3-g5.crl: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G2 (0)
http://g.symcb.com/crls/gtglobal.crl: /C=US/O=DigiCert, Inc./OU=www.digicert.com/CN=DigiCert TLS ICA GeoTrust Global (0)
http://s.symcb.com/pca3-g5.crl: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Transition RSA Root (0)
http://crl.geotrust.com/crls/gtglobal.crl: /C=JP/O=NTT DOCOMO, INC./OU=GeoRoot Certification Authority/CN=DKHS Device CA (0)
http://g.symcb.com/crls/gtglobal.crl: /C=JP/O=NTT DOCOMO, INC./OU=GeoRoot Certification Authority/CN=DKHS Device CA - G2 (0)
http://crl.geotrust.com/crls/gtglobal.crl: /C=US/O=GeoTrust Inc
@CBonnell
CBonnell / jurisST.txt
Last active August 20, 2019 02:25
EV certificates, C=US with non-existent ST and jurisST RDN values
(tags.raw:"ev" and parsed.subject.jurisdiction_country:US and parsed.subject.jurisdiction_province:* and not parsed.subject.jurisdiction_province:"Alabama" and not parsed.subject.jurisdiction_province:"AL" and not parsed.subject.jurisdiction_province:"Alaska" and not parsed.subject.jurisdiction_province:"AK" and not parsed.subject.jurisdiction_province:"Arizona" and not parsed.subject.jurisdiction_province:"AZ" and not parsed.subject.jurisdiction_province:"Arkansas" and not parsed.subject.jurisdiction_province:"AR" and not parsed.subject.jurisdiction_province:"California" and not parsed.subject.jurisdiction_province:"CA" and not parsed.subject.jurisdiction_province:"Colorado" and not parsed.subject.jurisdiction_province:"CO" and not parsed.subject.jurisdiction_province:"Connecticut" and not parsed.subject.jurisdiction_province:"CT" and not parsed.subject.jurisdiction_province:"Delaware" and not parsed.subject.jurisdiction_province:"DE" and not parsed.subject.jurisdiction_province:"Florida" and not parsed.subj
@CBonnell
CBonnell / gist:1f01ccd93667c37800b67e518340c606
Last active February 23, 2019 14:10
DarkMatter-issued certificates, notBefore >= 2016-09-30
QuoVadis
"crt.sh URL(s)", notBefore, "serial number", "highest set bit", "issuer CN"
"https://crt.sh/?id=85497938 (precert)", 2017-02-06, 5B:FC:72:86:43:23:99:6B, 63, "DarkMatter High Assurance CA"
"https://crt.sh/?id=85497941 (precert)", 2017-02-06, 04:9E:3C:E1:F1:4B:C1:A1, 59, "DarkMatter High Assurance CA"
"https://crt.sh/?id=85497942 (precert)", 2017-02-06, 3E:1D:03:8A:F2:73:F3:E9, 62, "DarkMatter High Assurance CA"
"https://crt.sh/?id=85498180 (precert)", 2017-02-06, 9A:45:0C:14:16:BB:B4, 56, "DarkMatter High Assurance CA"
"https://crt.sh/?id=85498184 (precert)", 2017-02-06, 79:76:12:FE:31:58:53:99, 63, "DarkMatter High Assurance CA"
"https://crt.sh/?id=85498186 (precert)", 2017-02-06, 42:2A:F0:A8:25:EC:14:34, 63, "DarkMatter High Assurance CA"
"https://crt.sh/?id=85283194 (precert); https://crt.sh/?id=266919536 (final)", 2017-02-06, 2F:90:D6:AA:A7:2B:D1:9D, 62, "DarkMatter High Assurance CA"
"https://crt.sh/?id=85667726 (precert); https://crt.sh/?id=269941290 (final)", 2017-02-07, 1A:CD:66:B2:4B:2B:07:8