Created
December 10, 2020 22:05
-
-
Save TechByTom/b238414b28c370ee2ff4346fb9f894a7 to your computer and use it in GitHub Desktop.
Cobalt Strike Cobalt Strike certificate grabber
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ $# -eq 0 ] | |
| then | |
| echo "Usage: getCSCert.sh yourdomainhere.com" | |
| exit 1 | |
| fi | |
| MyDomain="`echo "$1" | tr '[:upper:]' '[:lower:]'`" | |
| sudo service nginx stop | |
| read -p "Add this server to your public port 80 security group, then press any key to continue..." | |
| sudo certbot certonly --standalone --preferred-challenges http -d $MyDomain | |
| newCerts="`sudo find /etc/letsencrypt/archive/$MyDomain/ -cmin -2`" | |
| if test -z "$newCerts" | |
| then | |
| echo "Failed to get a cert, did you expose port 80 on this sytem to the world? Let's Encrypt needs to verify we own this domain!" >&2 | |
| read -p "Remove this server from the public port 80 security group, then press any key to continue..." | |
| # sudo service nginx start | |
| # echo "nginx restarted" | |
| exit 1 | |
| else | |
| echo "Certbot created new $MyDomain certs for us! Converting to Cobalt Strike certificate store format..." | |
| fi | |
| sudo mkdir -p /pentest/exploitation/cobaltstrike/certs/ | |
| sudo cp -r /etc/letsencrypt/archive/$MyDomain/ /pentest/exploitation/cobaltstrike/certs/$MyDomain/ | |
| sudo openssl pkcs12 -export -in /pentest/exploitation/cobaltstrike/certs/$MyDomain/fullchain1.pem -inkey /pentest/exploitation/cobaltstrike/certs/$MyDomain/privkey1.pem -out /pentest/exploitation/cobaltstrike/certs/$MyDomain/$MyDomain.p12 -name /pentest/exploitation/cobaltstrike/certs/$MyDomain/$MyDomain -passout pass:$MyDomain | |
| sudo keytool -importkeystore -deststorepass $MyDomain -destkeypass $MyDomain -destkeystore /pentest/exploitation/cobaltstrike/certs/$MyDomain/$MyDomain.store -srckeystore /pentest/exploitation/cobaltstrike/certs/$MyDomain/$MyDomain.p12 -srcstoretype PKCS12 -srcstorepass $MyDomain | |
| status=$? | |
| [ $status -eq 0 ] && echo "Successfully created a Cobalt Strike keystore at /pentest/exploitation/cobaltstrike/certs/$MyDomain/$MyDomain.store" || echo "Failed to create /pentest/exploitation/cobaltstrike/certs/$MyDomain/$MyDomain.store" | |
| read -p "Remove this server from the public port 80 security group, then press any key to continue..." | |
| #sudo service nginx start | |
| echo "nginx restarted" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment