Legacy PFX Certificate

06/02/2023

shuciran

First we need to extract the key and the certificate from the pfx file:

  
# Extracting the public certificate:
openssl pkcs12 -in legacyy_dev_auth.pfx -clcerts -nokeys -out publicCert.pem
# Extracting the private key:
openssl pkcs12 -in legacyy_dev_auth.pfx -nocerts -out priv-key.pem -nodes

Finally you can login with this files using evil-winrm

(-S) is used if there is only winrm/ssl open port (tcp-5986):

  
evil-winrm -i 10.10.11.152 -c publicCert.pem -k priv-key.pem -S

Examples: Timelapse

References: How to Extract Certificate and Private Key from PFX

IBM PFX Explanation

12 Active Directory, Authentication

Reverse Shells
Finding GUID with ipainstaller
Plist Files
Signing IPA with Sideloadly (Non-jailbroken)
Signing IPA with TrollStore (Non-jailbroken)

exploitation wireless file transfer hackthebox active directory scr windows privesc mobile linux enumeration linux privesc

Legacy PFX Certificate

Login via PFX File:

Kerberoasting

Creds.xml

WinRM Certificate (password-less) based authentication