Injecting Certificates?

Tonight I’m messing around with post/windows/manage/inject_ca. Specifically trying to get it to work.  Seems like a handy little item to have for SSL based MITM attacks.  Create a root CA, use an exploit to add it to the root of a target, then lay low and wait for web logins.  Doubly useful for those HSTS secured sites…

I didn’t realize that certificates are just stored as binary blobs in the registry. Neat.

Also, XP SP3 just straight up doesn’t understand SHA512. At all. I had to apply a hotfix to get it up and running.

References:
https://labs.mwrinfosecurity.com/blog/masquerading-as-a-windows-system-binary-using-digital-signatures/
https://support.microsoft.com/en-us/help/968730/windows-server-2003-and-windows-xp-clients-cannot-obtain-certificates

Leave a Reply

Your email address will not be published. Required fields are marked *