Archive

Author Archive

Network Issue with Kioptrix: Level 1 VM

January 18, 2020 Leave a comment

Playing with the Kioptrix: Level 1 vulnerable Linux VM I kept having an issue where even though I set the Network Adapter to use my custom LAN segment it would change back to Bridged during boot up.

Before:

After:

What I ended up doing to fix the issue is the following:

  1. Power off the VM & remove the Network Adapter.
  2. Remove the VM from VMware workstation.
  3. Browse to the location of the VM’s VMX file & open it in your favorite text editor.
  4. Remove all entries that start with “ethernet0” & save your changes.

Note – In my case I still had quite a few even though I had removed the NIC from within VMware workstation. Here are the settings I removed. Also note that they may not all be right next to each other in the VMX file.

ethernet0.allowGuestConnectionControl = “FALSE”

ethernet0.features = “1”

ethernet0.wakeOnPcktRcv = “FALSE”

ethernet0.networkName = “Bridged”

ethernet0.addressType = “generated”

ethernet0.pciSlotNumber = “32”

ethernet0.generatedAddressOffset = “0”

ethernet0.connectionType = “bridged”

ethernet0.pvnID = “52 2d e6 a1 6b d2 75 7c-36 41 8a 52 fc c8 48 5c”

  1. After saving the file, import the VM back into VMware workstation & power it on.

Replace Tenable Nessus Essentials Self-Signed Certificate

November 29, 2019 Leave a comment

After installing Tenable Nessus Essentials & browsing to the web interface, you get warning about the certificate. The message can vary depending on the name used in the browser to connect (localhost, hostname, etc.)

Your connection is not private. Attackers might be trying to steal your information. NET::ERR_CERT_AUTHORITY_INVALID

This server could not prove that it is.

This is due to it using the built-in self-signed certificate that is generated when Tenable Nessus Essentials is installed.

Windows does not have enough information to verify this certificate

Once logged into the web interface, there isn’t anywhere to replace the certificate being used. I found the link below on how to use a certificate from a certificate authority, but the details are…lacking.
https://docs.tenable.com/nessus/Content/CustomSSLCertificates.htm

So below is what I did to replace the self-signed certificate with one from an internal certificate authority. It’s no one-stop script or function to run but it does the trick. Form follow function people. All the code can be found on my GitHub page. Some code is based off other sources & is credited on the GitHub page.
https://github.com/PonchoHobono/Scripts/blob/master/PowerShell/Certificates/GenerateNessusCertificate.ps1

All the standard disclaimers apply, if you break something that’s on you. Use at your own risk.

  1. Create a DNS entry as needed for the FQDN you are going to use. In my case, I use nessus.laptoplab.net.
  2. Some environment specific variables you will need to change. $CN is the FQDN that will be used to access the web interface. $TemplateName is the name of the template in your CA. $Password is a temporary password used for exporting the certificates.
  3. # Variables to update as needed 
    [string]$CN = "nessus.laptoplab.net"
    [string]$TemplateName = "LabSSLWebCertificateCustom"
    [string]$Password = "P@ssw0rd" 
    
  4. Set some more variables. These you can modify if needed.
  5. # Other Variables
    [string[]]$SAN = "DNS=$CN"
    [string]$Date = Get-Date -Format yyyyMMddhhmmss
    [string]$FriendlyName = """Nessus $Date"""
    [int]$keyLength = 2048
    [string]$NessusCAPath = "C:\ProgramData\Tenable\Nessus\nessus\CA"
    $SecurePassword = ConvertTo-SecureString $Password -AsPlainText -Force
    
    # CA
    $rootDSE = [System.DirectoryServices.DirectoryEntry]'LDAP://RootDSE'
    $searchBase = [System.DirectoryServices.DirectoryEntry]"LDAP://$($rootDSE.configurationNamingContext)"
    $CAs = [System.DirectoryServices.DirectorySearcher]::new($searchBase,'objectClass=pKIEnrollmentService').FindAll()
    If ($CAs.Count -eq 1){
        $CAName = "$($CAs[0].Properties.dnshostname)\$($CAs[0].Properties.cn)"
    } Else {
        $CAName = ""
    }
    If (!$CAName -eq "") {
        $CAName = "$CAName"
    }  
    
  6. Stop the Tenable Nessus service
  7. Stop-Service -Name 'Tenable  
    
  8. Create a variable of the contents for the INF file to be used by certutil.
  9. # INF Template
    $file = @"
    [NewRequest]
    FriendlyName = $FriendlyName
    Subject = "CN=$CN,c=$Country,s=$State,l=$City,o=$Organisation,ou=$Department"
    MachineKeySet = TRUE
    KeyLength = $KeyLength
    KeySpec=1
    Exportable = TRUE
    RequestType = PKCS10
    ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0"
    [RequestAttributes]
    CertificateTemplate = "$TemplateName"
    "@
    
    # SAN Certificate
    If (($SAN).count -eq 1) {
        $SAN = @($SAN -split ',')
    }
    $file += 
    @'
    
    [Extensions]
    ; If your client operating system is Windows Server 2008, Windows Server 2008 R2, Windows Vista, or Windows 7
    ; SANs can be included in the Extensions section by using the following text format. Note 2.5.29.17 is the OID for a SAN extension.
    
    2.5.29.17 = "{text}"
    
    '@
    ForEach ($an in $SAN) {
        $file += "_continue_ = `"$($an)&`"`n"
    } 
    
  10. Prepare a few files.
  11. $inf = Join-Path -Path $env:TEMP -ChildPath "$CN.inf"
    $req = Join-Path -Path $env:TEMP -ChildPath "$CN.req"
    $cer = Join-Path -Path $env:TEMP -ChildPath "$CN.cer" 
    
  12. Populate the INF file.
  13. Set-Content -Path $inf -Value $file 
    
  14. Create a CSR.
  15. Invoke-Expression -Command "certreq -new `"$inf`" `"$req`""
    
  16. Get the private key info for the CSR.
  17. # Private Key
    $CertificateRequest = Get-ChildItem -Path Cert:\LocalMachine\REQUEST | Where-Object {$_.Subject -like "CN=$CN*"} | sort NotBefore | Select-Object -Last 1
    Export-PfxCertificate -Cert $CertificateRequest -Password $SecurePassword -FilePath "$env:TEMP\$CN.pfx"
    
    # Convert PFX to PEM
    Set OPENSSL_CONF=C:\Program Files\OpenSSL-Win64\bin\openssl.cfg
    Set-Location -Path 'C:\Program Files\OpenSSL-Win64\bin'
    Invoke-Expression -Command ".\openssl.exe pkcs12 -in $env:TEMP\$CN.pfx -nocerts -out $env:TEMP\$CN.pem -passin pass:$Password -passout pass:$Password"
    Invoke-Expression -Command ".\openssl.exe rsa -in $env:TEMP\$CN.pem -out $env:TEMP\$CN.key -passin pass:$Password -passout pass:$Password" 2>&1
    Set-Location -Path C:\Temp
    
  18. Submit the CSR to the CA.
  19. Invoke-Expression -Command "certreq -submit -config `"$CAName`" `"$req`" `"$cer`""
    
  20. Retrieve the certificate.
  21. Invoke-Expression -Command "certreq -accept `"$cer`""
    
  22. Export the certificate.
  23. # Export certificate
    $IssuedCertificate = Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object {$_.Subject -like "CN=$CN*"} | sort NotBefore | Select-Object -Last 1
    Export-Certificate -Cert $IssuedCertificate -FilePath "$env:TEMP\$CN`_Issued.cer"
    # Convert to Base64
    certutil -encode "$env:TEMP\$CN`_Issued.cer" "$env:TEMP\$CN`_Issued_Base64.cer"
    
  24. Get the CA’s certificate. This step can vary depending on the PKI infrastructure.
  25. # Get CA Certificate
    # https://www.powershellgallery.com/packages/CertificatePS/1.2/Content/Copy-CertificateToRemote.ps1
    [int]$iteration = 1
    $Chain.Build($IssuedCertificate) | Out-Null
    $ChainElements = $Chain.ChainElements | Select-Object -ExpandProperty Certificate -Skip 1
    ForEach ($ChainElement in $ChainElements) {
        $Iteration++
        $CertificatePath = Join-Path $env:TEMP "$("{0:00}" -f $Iteration).$($ChainElement.Thumbprint).cer"
        $ChainElement | Export-Certificate -FilePath $CertificatePath | Out-Null
        # Convert to Base64
        $Output = certutil -encode "$CertificatePath" "$env:TEMP\$("{0:00}" -f $Iteration).$($ChainElement.Thumbprint)`_Base64.cer"
    } 
    
  26. Copy some of the certificate files to the Nessus Tenable directory. This one can vary as well to get the CA cert copied over. But if you’re reading this, you’re probably able to deduce how to get it copied & named correctly based on this example.
  27. # Update Nessus certificate files
    $Date = Get-Date -Format yyyyMMddhhmmss
    Rename-Item -Path $NessusCAPath\cacert.pem -NewName $NessusCAPath\cacert`_$Date.pem
    Copy-Item -Path $CertificatePath.Replace('.cer','_Base64.cer') -Destination $NessusCAPath\cacert.pem 
    Rename-Item -Path $NessusCAPath\servercert.pem -NewName $NessusCAPath\servercert`_$Date.pem
    Copy-Item -Path $env:TEMP\$CN`_Issued_Base64.cer -Destination $NessusCAPath\servercert.pem -Force
    Rename-Item -Path $NessusCAPath\serverkey.pem -NewName $NessusCAPath\serverkey`_$Date.pem
    Copy-Item -Path $env:TEMP\$CN`.key -Destination $NessusCAPath\serverkey.pem -Force
    
  28. Start the Tenable Nessus service.
  29. Start-Service -Name 'Tenable Nessus'
    
  30. Do a little cleanup. You can of course skip this step if you like & just move all the files generated to a secure location for backup.
  31. $Cleanup = Get-ChildItem -Path $env:TEMP | Where-Object {$_.Name -like "$CN*"}
    Remove-Item -Path $Cleanup.FullName 
    

Now the moment of truth. Browse to the FQDN you configured for the Nessus Tenable web interface. You should not get any certificate warning.

Connection is secure. Your information is provate when it is sent to this site.

My GitHub Site

July 20, 2019 1 comment

I’m going to try & start using my GitHub site. I only created it back in 2016 so now seems like a good time to start.

https://github.com/PonchoHobono

Categories: Computers Tags:

Reset a Linux password from a live CD

January 10, 2019 Leave a comment

Usually any Linux live CD will work. In my case since the installed version of Linux is Mint, I’m just booting to the Mint installation DVD which will by default launch a live session.

  1. Boot to live CD.
  2. Open terminal.
  3. Find the drive with OS installed. (It’s usually /dev/sda1)

sudo fdisk –l

  1. Create a temporary directory. It’s only virtual since the live CD runs in memory.

sudo mkdir /mnt/sda1

  1. Mount the OS drive to the virtual directory.

sudo mount /dev/sda1 /mnt/sda1

  1. Change the terminal root to the mounted drive.

sudo chroot /mnt/sda1

  1. Change the password.

passwd john

  1. Type the new password twice.
  2. Exit chroot.

exit

  1. Unmount the drive.

sudo umount /mnt/sda1

  1. Remove Live CD & reboot.
Categories: Computers Tags: , ,

Error running apt-get update

December 7, 2018 Leave a comment

Description – When running apt-get update you get an error regarding the Google repository.
E: Repository ‘http://dl.google.com/linux/chrome/deb stable Release’ changed its ‘Origin’ value from ‘Google, Inc.’ to ‘Google LLC’
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.

Solution – Run the following command.
sudo apt update
When prompted, press Y.
Now run apt-get update & apt-get upgrade.

Categories: Computers Tags:

Encoding & Decoding Base64 using PowerShell

November 4, 2018 Leave a comment

# Encode string using Base64

$Text = "This was encoded using Base64"

$Bytes = [System.Text.Encoding]::Unicode.GetBytes($Text)

$Encoded = [Convert]::ToBase64String($Bytes)

$Encoded

# Decode Base64 to string

$Base64 = "VABoAGkAcwAgAHcAYQBzACAAZQBuAGMAbwBkAGUAZAAgAHUAcwBpAG4AZwAgAEIAYQBzAGUANgA0AA=="

$Decoded = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($Base64))

$Decoded

Splunk Certified User

August 28, 2018 Leave a comment

A guy from one of the Facebook groups I’m in challenged everyone to take the free Splunk Fundamentals 1 course & take the certification test. Accepted & done! I must say, for a free course it was pretty good. Picked up a lot of good information. However, it looks like they are ending this course but a new track will be starting soon.

Categories: Computers Tags: , ,
%d bloggers like this: