Winrm Using Certificate[PFX]
Notes to connect to a system through Winrm using a certificate [pfx]
From Windows
First, import the certificate and then use Powershell script to get a session over winrm
.
param (
[string]$ComputerName = $(throw "-ComputerName is required."),
[string]$CertificateSubject = $(throw "-CertificateSubject is required.")
)
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store(
[System.Security.Cryptography.X509Certificates.StoreName]::My,
[System.Security.Cryptography.X509Certificates.StoreLocation]::CurrentUser)
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)
foreach($cert in $store.Certificates) {
if ($cert.Subject -eq $CertificateSubject) {
$sessionCert = $cert
break
}
}
if (!$sessionCert) {
throw "An X509 certificate matching subject `"$CertificateSubject`" could not be found."
}
$opt = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck
$session = New-PSSession -ComputerName $ComputerName -UseSSL -CertificateThumbprint $sessionCert.Thumbprint -SessionOption $opt
Enter-PSSession $session
For this we need a valid certificate, ComputerName
and CertificateSubject
. We can simply use IP
as ComputerName
and for CertificateSubject
, we dump data from the certificate using certutil
.
Command => certutil -dump .\0xEr3bus.pfx
Looking at the output we see Issuer: CN=Erebus
, This is the CertificateSubject
Now run the command ==>
.\
session.ps1 -ComputerName 10.10.xx.xx -CertificateSubject "CN=Erebus"
For Linux
Reference => Link
openssl pkcs12 -in 0xEr3bus.pfx -nocerts -out private.pem
openssl pkcs12 -in 0xEr3bus.pfx -clcerts -nokeys -out cert.crt
openssl rsa -in private.pem -out private2.pem
evil-winrm -i 10.xx.xx.xx -u <UserName> -k $PWD/private2.pem -c $PWD/cert.crt -p ''
Last updated