##Custom SSL Certificate for Windows RDP Service
Requirements
- Windows 8+ or Server 2012+
- Certificate with private key (*.p12)
- Intermediate CA certificate (*.cer)
- Administrative rights to modify the certificate store
##Custom SSL Certificate for Windows RDP Service
Requirements
<# | |
.SYNOPSIS | |
Script to install and configure a standalone RootCA for Lab-Environments | |
.DESCRIPTION | |
This Script sets up a standalone RootCA. It's main purpose is to save time when building Labs in the classes I teach. | |
###It's not meant for production!### | |
First, it creates a CAPolicy.inf file. Then it deletes all default CDP and AIA and configures new ones. | |
It turns on auditing and copys (It's a Lab!!!, so obviously no real offline RootCA...) the crt and crl to an edge webserver. | |
.NOTES | |
Author: Oliver Jäkel | oj@jaekel-edv.de | @JaekelEDV |
# List of apps to monitor execution. | |
$monitoredApp = @("nltest.exe","systeminfo.exe","adfind.exe","wmic.exe", "klist.exe") | |
# | |
## If we need Process Details use = $pn=$(Get-WmiObject win32_process -Filter ''ProcessID = %e'' | select ProcessName,PrcessID, CommandLine etc..) | |
<# | |
Sample Use: |
[ | |
{ | |
"name":"Test App 1", | |
"children":[ | |
{"name":"Configurations","progress":1}, | |
{"name":"UI","progress":1}, | |
{"name":"Backend","progress":0.25} | |
] | |
}, | |
{ |
CLSID,ClassName | |
{0000031A-0000-0000-C000-000000000046},CLSID | |
{0000002F-0000-0000-C000-000000000046},CLSID CLSID_RecordInfo | |
{00000100-0000-0010-8000-00AA006D2EA4},CLSID DAO.DBEngine.36 | |
{00000101-0000-0010-8000-00AA006D2EA4},CLSID DAO.PrivateDBEngine.36 | |
{00000103-0000-0010-8000-00AA006D2EA4},CLSID DAO.TableDef.36 | |
{00000104-0000-0010-8000-00AA006D2EA4},CLSID DAO.Field.36 | |
{00000105-0000-0010-8000-00AA006D2EA4},CLSID DAO.Index.36 | |
{00000106-0000-0010-8000-00AA006D2EA4},CLSID DAO.Group.36 | |
{00000107-0000-0010-8000-00AA006D2EA4},CLSID DAO.User.36 |
// Save the current URL path to restore after making | |
// malicious request with faked referer header value | |
var savedPath = window.location.pathname; | |
var savedSearch = window.location.search; | |
// Change URL/History to control the referer header value | |
// Swap out "/this-is-my-fake-referer-value" to be what you need | |
window.history.replaceState(null, '', '/this-is-my-fake-referer-value'); | |
// Send malicious request with faked referer header value |
def modular_sqrt(a, p): | |
def legendre_symbol(a, p): | |
""" Compute the Legendre symbol a|p using | |
Euler's criterion. p is a prime, a is | |
relatively prime to p (if p divides | |
a, then a|p = 0) | |
Returns 1 if a has a square root modulo | |
p, -1 otherwise. |
primes = [ 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, | |
31, 37, 41, 43, 47, 53, 59, 61, 67, 71, | |
73, 79, 83, 89, 97, 101, 103, 107, 109, 113, | |
127, 131, 137, 139, 149, 151, 157, 163, 167, 173, | |
179, 181, 191, 193, 197, 199, 211, 223, 227, 229, | |
233, 239, 241, 251, 257, 263, 269, 271, 277, 281, | |
283, 293, 307, 311, 313, 317, 331, 337, 347, 349, | |
353, 359, 367, 373, 379, 383, 389, 397, 401, 409, | |
419, 421, 431, 433, 439, 443, 449, 457, 461, 463, | |
467, 479, 487, 491, 499, 503, 509, 521, 523, 541, |
# We'll just store the cloned certificates in current user "Personal" store for now. | |
$CertStoreLocation = @{ CertStoreLocation = 'Cert:\CurrentUser\My' } | |
$MS_Root_Cert = Get-PfxCertificate -FilePath C:\Test\MSKernel32Root.cer | |
$Cloned_MS_Root_Cert = New-SelfSignedCertificate -CloneCert $MS_Root_Cert @CertStoreLocation | |
$MS_PCA_Cert = Get-PfxCertificate -FilePath C:\Test\MSKernel32PCA.cer | |
$Cloned_MS_PCA_Cert = New-SelfSignedCertificate -CloneCert $MS_PCA_Cert -Signer $Cloned_MS_Root_Cert @CertStoreLocation | |
$MS_Leaf_Cert = Get-PfxCertificate -FilePath C:\Test\MSKernel32Leaf.cer |
#!/usr/bin/python3 | |
from __future__ import division | |
from __future__ import print_function | |
import re | |
import codecs | |
import logging | |
import time | |
import argparse | |
import sys | |
from impacket import version |