Tonight I’m messing around with post/windows/manage/inject_ca. Specifically trying to get it to work. Seems like a handy little item to have for SSL based MITM attacks. Create a root CA, use an exploit to add it to the root of a target, then lay low and wait for web logins. Doubly useful for those HSTS secured sites…
I didn’t realize that certificates are just stored as binary blobs in the registry. Neat.
Also, XP SP3 just straight up doesn’t understand SHA512. At all. I had to apply a hotfix to get it up and running.