As usual, I will start with some requirements for this program and some definitions in order to make things easier for you guys to understand. Furthermore, I will be providing as many details as I can and a few references for those interested on reading more about this topic. Also, I will provide a quick overview of how I built a TCP Client and Server from my post TCP Client-Server with .NET Classes (not a line-by-line explanation of the scripts). This will make it easier for you to understand how the SSL portion gets integrated with the scripts.
Requirements:
- At least Windows 7
- At least PowerShell V2
- PowerShell ISE
- Basic understanding of the Public Key Infrastructure (PKI)
- Basic understanding of TCP Client-Server communications and .NET classes. I recommend to read these first two posts:
SslStream .NET Class
Provides a stream used for client-server communication that uses the Secure Socket Layer (SSL) security protocol to authenticate the server and optionally the client. This stream will be used to send and receive data. This class is part of the System.Net.Security namespace.
Constructor | Description |
---|---|
SslStream(Stream, Boolean, RemoteCertificateValidationCallBack) | Initializes a new instance of the SslStream class using the specified Stream, stream closure behavior, and certificate validation delegate. |
Method
| Description |
---|---|
AuthenticateAsServer(X509Certificate, Boolean, SslProcotols, Boolean) | Called by Servers to authenticate the server and optionally the client in a client-server connection using the specified certificates, requirements and security protocols. |
AuthenticateAsClient(String) | Called by clients to authenticate the server and optionally the client in a client-server connection. |
Properties | Description |
---|---|
IsSigned | Gets a Boolean value that indicates whether the data sent using the stream is signed. |
IsEncrypted | Gets a Boolean value that indicates whether this SslStream uses data encryption. (Verifies if the data is being encrypted) |
SSL Authentication - handshake
- Client sends a ClientHello message to the server
- Server responds with a ServerHello message defining the SSL options
- Server sends a Certificate message with its own certificate (Public Key)
- Server finishes its part of the negotiation with a ServerHelloDone message
- Client sends a ClientKeyExchange message which contains information of the session key encrypted with the server's public key.
- Client sends ChangeCipherSpec message to the server to let it know that it will start using the new session keys for hashing and encrypting messages.
- Client sends a ClientFinished message to let the server check the newly activated options
- Server receives the ChangedCipherSpec message and switches its record layer security state to symmetric encryption using the session keys.
- Server sends ServerFinished to the client
- All messages sent from the client to the server and vice-versa will be encrypted using the session key.
TCP Client-Server Overview
Server | Client |
---|---|
|
|
TCP Client-Server + SSL Overview
Server | Client |
---|---|
|
|
Adding SSL functionalities to the TCP Server
1 2 3 4 5 6 7 8 9 | $SslStream = New-Object System.Net.Security.SslStream($TcpNetworkStream, $false) $Base64Cert = 'MIIKNQIBAzCCCfEGCSqGSIb3DQEHAaCCCeIEggneMII...' $SslFakeCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2([System.Convert]::FromBase64String($Base64Cert),'') $SslStream.AuthenticateAsServer($SslFakeCert, $false, [System.Security.Authentication.SslProtocols]::tls12, $false) Write-Verbose "[**] SSLStream Encrypted: $($SslStream.IsEncrypted)" Write-Verbose "[**] SSLStream Signed: $($SslStream.IsSigned)" |
- First of all, these lines of code go in between Line#3 & Line #5 of the Second Code Snippet in the Simple TCP Server code section ( PowerShell Post: TCP Client-Server with .NET Classes)
- Line #1: Initializes a new instance of the SslStream class using the specified network stream and stream closure behavior. Parameters:
- InnerStream: A Stream Object used by the SslStream for sending and receiving data. In this case it will be the $TCPNetworkStream holding the Network Stream of the $TCPClient Object.
- LeaveInnerStreamOpen: A Boolean value that indicates the closure behavior of the Stream object used by the SslStream for sending and receiving data. This parameter indicates if the inner stream is left open.
- Line #3: Defines the variable $Base64Cert which will hold the contents of the X509 Certificate (This is the content of the file that was generated by the Function New-X509 Certificate in my recent PowerShell Post: Generate self-signed X509 Certificates). The content is already base64 encoded.
- Line #5: Uses the X509Certificate2 Constructor from the X509Certificate2 Class in order to initialize a new instance of the X509Certificate2 Class with the specified X509 Certificate (In this case, it will be the variable $Base64Cert which holds the content of the certificate). As you can see, it first converts the Base64 content to a byte array before using the constructor.
- Line #6: Uses the method AuthenticateAsServer() from the SslStream Class to authenticate the server. Parameters:
- Server Certificate: The X509 Certificate used to authenticate the server ($SslFakeCert).
- ClientCertificateRequired: A Boolean value ($True or $False) that specifies whether the client is asked for a certificate for authentication. Note that this is only a request. If no certificate is provided, the server still accepts the connection request.
- EnabledSslProcotols: The SslProtocols value that represents the protocol used for authentication. Make sure you set this one to TLS12 to avoid errors caused by the recent MS16-065 TLS/SSL Protocol Update.
- CheckCertificateRevocation: A Boolean value that specifies whether the certificate revocation list is checked during authentication.
- Line #8: Uses property IsEncrypted from the SslStream Class to indicate whether this SslStream uses data encryption. (Verifies if the data is being encrypted)
- Line #9: Uses property IsSigned from the SslStream Class to indicate whether the data sent using the stream is signed.
Make sure you replace $TCPNetworkStream with $SslStream after Line #9 on the rest of the code.
Adding SSL functionalities to the TCP Client
1 2 3 4 5 | $SslStream = New-object System.Net.Security.SslStream ($TcpNetworkStream, $false, { param($Sender, $Cert, $Chain, $Policy) return $true}) $SslStream.AuthenticateAsClient("Wardog",$null,[System.Security.Authentication.SslProtocols]::Tls12, $null) Write-Verbose "[**] SSLStream Encrypted: $($SslStream.IsEncrypted)" Write-Verbose "[**] SSLStream Signed: $($SslStream.IsSigned)" |
- First of all, these lines of code go right before the while loop in the Simple TCP Client code section ( PowerShell Post: TCP Client-Server with .NET Classes)
- Line #1: Initializes a new instance of the SslStream class using the specified network stream, stream closure behavior and the certificate validation delegate.
- InnerStream: A Stream Object used by the SslStream for sending and receiving data. In this case it will be the $TCPNetworkStream holding the Network Stream of the $TCPClient Object.
- LeaveInnerStreamOpen: A Boolean value that indicates the closure behavior of the Stream object used by the SslStream for sending and receiving data. This parameter indicates if the inner stream is left open.
- UserCertificateValidationCallBack: A RemoteCertificateValidationCallBack delegate responsible for validating the certificate by the remote party. It bypasses this validation by defining fake parameters (Sender, Cert, Chain and Policy) and returning $True.
- Line #3: It uses the method AuthenticateAsClient() from the SslStream Class to authenticate and reach the server. It uses the name on the Server's Certificate to call for it (same as when you browse the Internet. and call for google.com)
- TargetHost: The name of the server that shares this SslStream.
- ClientCertificates: The X509CertificateCollection that contains client certificates. In this case just leave it $null to by pass that parameter.
- EnabledSslProtocols: The SslProtocols value that represents the protocol used for authentication. Make sure you set this one to TLS12 to avoid errors caused by the recent MS16-065 TLS/SSL Protocol Update.
- CheckCertificateRevocation: A Boolean value that specifies whether the certificate revocation list is checked during authentication. Since we are using a fake certificate just set it to $false or $null.
- The reason why we set all those parameters for the client is to avoid errors/exceptions such as "A Call to SSPI Failed".
- Line #8: Uses property IsEncrypted from the SslStream Class to indicate whether this SslStream uses data encryption. (Verifies if the data is being encrypted)
- Line #9: Uses property IsSigned from the SslStream Class to indicate whether the data sent using the stream is signed.
Make sure you replace $TCPNetworkStream with $SslStream after Line #9 on the rest of the code.
Testing Encryption Capabilities
- Test was run on two Windows 10 Computers
- Computers were up to date and had the MS16-065 TLS/SSL Protocol Update installed.
- Make sure you have your WireShark set up to look for TLS on whatever port you are using. Check this config:
Figure 1. Wireshark Config |
Figure 2. Successful Test! |
Figure 3: Packet capture |
I hope this post was helpful for those that did not know how to apply encryption to a TCP Client-Server communication. Remember you can merge the two scripts and set switches to run it either as a client or server. I just wanted to show you how each script works separate to make it easier to understand. I will be adding more capabilities to these scripts so stay tuned.
Feedback is always appreciated !
References
https://msdn.microsoft.com/en-us/library/system.net.security.sslstream(v=vs.110).aspx - SslStream Class
https://support.microsoft.com/en-us/kb/3155464 - MS16-065 TLS/SSL Protocol Update
buy kingpen cartridges online
ReplyDeletedr zodiacs Moonrock Cartridges
buy heavy hitters cartridges online
buy kingpen cartridges online
buy plug play vape cartridge
buy rove vape cartridge
buy heavy hitters cartridges online
buy kurvana cartridges online
ReplyDeletebuy rove vape cartridges online
buy plug and play vape cartridges
buy kurvana cartridges online
cali gold extracts vape for sale
dr Zodiaks Moonrock cartridges
buy supreme carts online
==>Contact 24/7<==
ReplyDelete**Telegram > @leadsupplier
**ICQ > 752822040
**Skype > Peeterhacks
**Wickr me > peeterhacks
**SSN FULLZ WITH HIGH CREDIT SCORES AVAILABLE**
>For tax filling/return
>SSN dob DL all info included
>For SBA & PUA filling
>Fresh spammed & Fresh database
**TOOLS & TUTORIALS AVAILABLE FOR HACKING SPAMMING CARDING CASHOUTS CLONING**
FRESHLY SPAMMED
VALID INFO WITH VALID DL EXPIRIES
*SSN Fullz All info included*
NAME+SSN+DOB+DL+DL-STATE+ADDRESS
Employee & Bank details included
CC & CVV'S ONLY USA AVAILABLE
SSN+DOB
SSN+DOB+DL
High credit fullz 700+
(bulk order negotiable)
*Payment in all crypto currencies will be accepted
->You can buy few for testing
->Invalid info found, will be replaced
->Serious buyers contact me for long term business & excellent profit
->Genuine & Verified stuff
TOOLS & TUTORIALS Available For:
(Carding, spamming, hacking, scripting, scam page, Cash outs, dumps cash outs)
=>Ethical Hacking Tools & Tutorials
=>Kali linux
=>Facebook & Google hacking
=>Bitcoin Hacking
=>Bitcoin Flasher
=>SQL Injector
=>Bitcoin flasher
=>Viruses
=>Keylogger & Keystroke Logger
=>Logins Premium (Netflix, coinbase, FedEx, PayPal, Amazon, Banks etc)
=>Bulk SMS Sender
=>Bitcoin Cracker
=>SMTP Linux Root
=>DUMPS track 1 and 2 with & without pin
=>Smtp's, Safe Socks, rdp's, VPN, Viruses
=>Cpanel
=>PHP mailer
=>Server I.P's & Proxies
=>HQ Emails Combo (Gmail, yahoo, Hotmail, MSN, AOL, etc)
->Serious buyers are always welcome
->Big discount in bulk order
->Discounted Offers will give time to time
->Hope we do a great business together
==>Contact 24/7<==
**Telegram > @leadsupplier
**ICQ > 752822040
**Skype > Peeterhacks
**Wickr me > peeterhacks
==>Contact 24/7<==
ReplyDelete**Telegram > @leadsupplier
**ICQ > 752822040
**Skype > Peeterhacks
**Wickr me > peeterhacks
**SSN FULLZ WITH HIGH CREDIT SCORES AVAILABLE**
>For tax filling/return
>SSN dob DL all info included
>For SBA & PUA filling
>Fresh spammed & Fresh database
**TOOLS & TUTORIALS AVAILABLE FOR HACKING SPAMMING CARDING CASHOUTS CLONING**
FRESHLY SPAMMED
VALID INFO WITH VALID DL EXPIRIES
*SSN Fullz All info included*
NAME+SSN+DOB+DL+DL-STATE+ADDRESS
Employee & Bank details included
CC & CVV'S ONLY USA AVAILABLE
SSN+DOB
SSN+DOB+DL
High credit fullz 700+
(bulk order negotiable)
*Payment in all crypto currencies will be accepted
->You can buy few for testing
->Invalid info found, will be replaced
->Serious buyers contact me for long term business & excellent profit
->Genuine & Verified stuff
TOOLS & TUTORIALS Available For:
(Carding, spamming, hacking, scripting, scam page, Cash outs, dumps cash outs)
=>Ethical Hacking Tools & Tutorials
=>Kali linux
=>Facebook & Google hacking
=>Bitcoin Hacking
=>Bitcoin Flasher
=>SQL Injector
=>Bitcoin flasher
=>Viruses
=>Keylogger & Keystroke Logger
=>Logins Premium (Netflix, coinbase, FedEx, PayPal, Amazon, Banks etc)
=>Bulk SMS Sender
=>Bitcoin Cracker
=>SMTP Linux Root
=>DUMPS track 1 and 2 with & without pin
=>Smtp's, Safe Socks, rdp's, VPN, Viruses
=>Cpanel
=>PHP mailer
=>Server I.P's & Proxies
=>HQ Emails Combo (Gmail, yahoo, Hotmail, MSN, AOL, etc)
->Serious buyers are always welcome
->Big discount in bulk order
->Discounted Offers will give time to time
->Hope we do a great business together
==>Contact 24/7<==
**Telegram > @leadsupplier
**ICQ > 752822040
**Skype > Peeterhacks
**Wickr me > peeterhacks
가평콜걸
ReplyDelete금산콜걸
가평콜걸
아산콜걸
당진콜걸
부여콜걸
양평콜걸
양평콜걸