Contents

Stealing Certificates with Apostille

Contents

At Def Con 26, @singe and @_cablethief gave a talk on enterprise wireless attacks. When it’s video is released you should check it out.

During that talk, they quickly touched on a tool written by Rogan Dawes another @Sensepost-er’s tool called “Apostille”. It is esentially a certificate stealing (cloning? faking? doppelganger-ing?) tool. However, that over simplifies what it does.

Copying a certificate’s common name, email, or other fields that are inputted during creation is a relatively easy way to copy certificates, and they can look relatively good at first glance. However, this simple copy leads to many tell-tail signs that it’s fake. For instance lets say I create a certificate like so:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
root@apostille-post:~# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mycert.pem -out mycert.pem
Generating a 2048 bit RSA private key
.................................................................................................................+++
...+++
writing new private key to 'mycert.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:Mountain View
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Google LLC
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:*.google.com
Email Address []:

If I host it out, here are the results side by side with Google.com:

/images/2018/stealing-certs-01.png

The Vaild From, the Issued By, and most of the other certificate information helps this certificate to stand out as fraudulent. Also, doing this by hand is a PITA.

Enter Apostille.

It’s pretty straight forward to get it going, but you do need both Java’s JDK and Maven to compile it first:

1
root@apostille-post:~# apt install -y maven default-jdk git

(I’m doing this on a fresh box so it needed git as well)

Step 2, git clone the repo, and compile with Maven:

1
2
3
4
5
6
7
root@apostille-post:~# git clone https://github.com/sensepost/apostille
Cloning into 'apostille'...
remote: Counting objects: 48, done.
remote: Total 48 (delta 0), reused 0 (delta 0), pack-reused 48
Unpacking objects: 100% (48/48), done.
root@apostille-post:~# cd apostille/
root@apostille-post:~/apostille# mvn package

Step 3, Clone your first certificate: java -jar target/apostille-1.0-SNAPSHOT.jar google.com:443 tempkeystore.jks ASDqwe123 ASDqwe123

  • google.com:443 is the endpoint that will serve a certificate chain back, this isn’t regulated to only HTTPS, but any TLS endpoint.
  • tempkeystore.jks is the Java Keystore file that we will putting the certificate chain into.
  • ASDqwe123 is the kspassword and then the keypassword (Keystore and certificate password) - I just made them the same as this is an example and I won’t be using the keystore for anything but to export the certificates later.

In order to get the certificates out of the keystore and into a PEM format that I can use for testing, I used the following:

Source: https://www.calazan.com/how-to-convert-a-java-keystore-jks-to-pem-format/

1
2
3
4
root@apostille-post:~/apostille# keytool -importkeystore -srckeystore tempkeystore.jks -destkeystore myapp.p12 -srcalias *.google.com -srcstoretype jks -deststoretype pkcs12
Importing keystore tempkeystore.jks to myapp.p12...Enter destination keystore password: ASDqwe123
Re-enter new password: ASDqwe123
Enter source keystore password: ASDqwe123

(The passwords will not show up, but I put them in there so you can see what I’m inputting. Again I chose a simple password because I’m converting it one more time)

Then finally to a PEM like so:

1
2
3
4
root@apostille-post:~/apostille# openssl pkcs12 -in myapp.p12 -out myapp.pem
Enter Import Password: ASDqwe123
Enter PEM pass phrase: WugWZ3!F3hD#8P!f
Verifying - Enter PEM pass phrase: WugWZ3!F3hD#8P!f

To test out how it looks I’ll reference AKB’s Quick Web Servers list

1
2
3
4
root@apostille-post:~/apostille# openssl s_server -cert myapp.pem -accept 443 -WWW
Enter pass phrase for myapp.pem: WugWZ3!F3hD#8P!f
Using default temp DH parameters
ACCEPT

And the result is:

/images/2018/stealing-certs-02.png

/images/2018/stealing-certs-03.png

/images/2018/stealing-certs-04.png

A much more believable certificate, even to the discerning eye.

Again, thanks to @RoganDawes for this amazing tool.