Monday, September 28, 2015

OpenSSL Conversion, Display and Encryption Commands for Pentesters

Every time I pull out OpenSSL to perform a particular task I end up having to refer to Google or random text files on my hard drive to remind myself of the correct syntax. Consequently, I'm doing a writeup here of all of the OpenSSL commands that I make use of in various penetration tests and CTF challenges that involve encryption, mainly as a personal reference, but also in case anyone else finds this useful.

The following commands are sorted by category, and may be added to in the future if I find more commands that I find useful.

Asymmetric keyfile conversion

Conversion of asymmetric keys between various different storage formats.

DER to PEM

Convert der certificate to pem format.

openssl x509 -inform der -outform pem -in certificate.crt -out certificate.pem


PEM to DER

Convert pem certificate to der format.

openssl x509 -inform pem -outform der -in certificate.pem -out certificate.crt

PEM Key and Certificate to PKCS12

Convert private key and certificate to pkcs12 format.

openssl pkcs12 -export -out keys.p12 -inkey private.pem -in certificate.pem

Displaying data from asymmetric keyfiles

Displaying of informational data from various forms of asymmetric key files.

PKCS12 Files


Print nodes from a pkcs12 file.

openssl pkcs12 -in keys.p12 -nodes


Public Keys

 Display a variety of data from a public key.

openssl rsa -inform pem -pubin -text -noout -in publickey.pem

Display the modulus from a public key.

openssl rsa -inform pem -pubin -modulus -noout -in publickey.pem


Private Keys


Display a variety of data from a private key.

openssl rsa -inform pem -text -noout -in privatekey.pem

Display the modulus from a private key.

openssl rsa -inform pem -modulus -noout -in privatekey.pem

Certificates

 Display a variety of data from a certificate.

openssl x509 -inform pem -text -noout -in certificate.pem

Display the modulus from a certificate.

openssl x509 -inform pem -modulus -noout -in certificate.pem

Different Key Formats for Private/Public Keys and Certificates

The Public/Private/Certificate commands immediately above all make use of the pem format in the file that they read.  This can be changed to 'der' or 'net' to use an alternate format.

Encryption and decryption using asymmetric cryptography

Encryption and decryption of data using asymmetric cryptography.

Decryption


Decryption using a private key.

openssl rsautl -decrypt -in encryptedfile -out decryptedfile -inkey ./privatekey.pem

Encryption

 Encryption using a public key.

openssl rsautl -encrypt -pubin -in plaintextfile -out encryptedfile -inkey ./publickey.pem

Encryption using a certificate.

openssl rsautl -encrypt -certin -in plaintextfile -out encryptedfile -inkey ./certificate.pem


Padding Modifiers


These examples all assume a default padding type of PKCS 1.5. The following options can be used to try different types of padding, or none at all.

-pkcs, -oaep, -ssl, -raw

Encryption and decryption using symmetric cryptography

Encryption and decryption of data using asymmetric cryptography.

Encryption


Encrypt a file using AES in CBC mode with a keyfile.

openssl enc -aes-256-cbc -in ./plaintext.txt -out ./encrypted.bin -pass file:./passwordfile.bin

Decryption


Decrypt a file using AES in CBC mode with a keyfile.

openssl enc -d -aes-256-cbc -in ./encrypted.bin -out ./plaintext.txt -pass file:./passwordfile.bin

Encryption modifiers and alternate algorithms

 The following switches can be used to modify the way the encryption process occurs.

-salt adds a salt to the file 
-base64 base64 encodes/decodes depending on encryption mode

There are also a wide variety of other encryption algorithms and cipher modes that can be used, which can be listed by the following.

openssl enc -h

Monday, March 16, 2015

Version 0.5 of SSL Testing Tool ssltest.pl

I recently received an email asking me whether ssltest.pl, something I initially wrote a few years ago and have recently completely ignored, supported TLS versions 1.1 and 1.2. Well, it didn't, but after having a look at the code it turns out that it was easy enough to add support for these versions of the protocol. Due to this, I've released a new version of the tool, with this, and a few other changes.

Here's the changes:
  • Added support for scanning versions 1.1. and 1.2 of TLS
  • Updated compliance checks for PCI DSS 3.0 (I'm about 90% sure this is accurate and reflective of the most paranoid interpretation of the rules and other guidance). Running the tool with --list -p will list the ciphers and show you which are I believe are approved and which are not - let me know if you think I've been overly strict.
  • Updated compliance checks for ISM 2014, including a new Yellow color for ciphers that meet the mandatory (MUST) ISM standards, but don't meet the SHOULD standards (as it turns out this is quite a few of them). The usual Green is used for ciphers that meet both. Use --list to list all supported ciphers that the tool can check for and show which ones are which.  The code has comments describing the things that are being checked for, if you're interested.
  • Updated cipher list for the newer versions of OpenSSL. The new list is quite a bit bigger than that of the previous version, but specific support depends on your underlying OpenSSL library.
  • Removal of by default peer certificate verification, and an option to turn this on if you wish (the tool is designed to check supported ciphers, not certificates)
  • Updated the help
Now, something to note if you are running this on recent Ubuntu systems is that some of the underlying libraries used to make the SSL/TLS connections, including libssl and Net::SSLeay, both disable SSLv2 support. Most likely due to its horrible insecurity. This means that SSLv2 cipher checks using these libraries will silently fail in ssltest.pl, resulting in false negatives.

Chris Mahns, from whom I ripped off borrowed the initial codebase and idea for ssltest.pl has posted some solutions to this on his blog. The following are for Ubuntu 13.04, but can be largely run with small modifications on Ubuntu 14.04, which is the platform I was using for testing.

Here's how you fix OpenSSL. On 14.04 you don't need to worry about the TLSv1.2 client bit, and the version of OpenSSL will be different, but otherwise the process is identical:

http://www.techstacks.com/howto/enable-sslv2-and-tlsv12-in-openssl-101c-on-ubuntu-1304.html

Here's what you do with Net::SSLeay. I modified the below slightly by making the source change in the Ubuntu package for Net::SSLeay (libnet-ssleay-perl) instead of the source from the libraries authors, then I rebuilt the .deb file and installed it. In essence, I used a combination of this process plus the Debian package rebuilding steps in the previous link. I did not need to reinstall IO::Socket::SSL, which was installed using the libio-socket-ssl-perl Ubuntu package.

http://www.techstacks.com/howto/enable-sslv2-methods-in-netssleay.html

Now, if you're running a amd64 version of Ubuntu, you may find that when you build these packages, it creates a dependency for libc6-amd64 instead of just libc6. This will create dependency problems when you try and install the package, because there is no amd64 version of libc6-amd64 (its a multiarch thing). I was too lazy to figure out the underlying cause for this, so to fix it I just modified the recreated .deb files to change this dependency back to libc6 using the following method.

https://thedarkmaster.wordpress.com/2008/05/24/how-to-create-manipulate-a-deb-file-of-a-compiled-application/

Grab the new ssltest.pl from here.