adminze

Dec 022019
 

In regards of the recent CVE-2019-1388 LPE vulnerability and easy exploit / exploitation I was wondering how to find certificates that can be used (“clickable”). Turns out that it is very easy in Linux using osslsigncode:

[root:~/Downloads]

# osslsigncode verify hhupd.exe
Current PE checksum : 000BCBED
Calculated PE checksum: 000BCBED

Message digest algorithm : MD5
Current message digest : 7AD8E8E98F6D6D75965FD684BD6CBF06
Calculated message digest : 7AD8E8E98F6D6D75965FD684BD6CBF06

Signature verification: ok

Number of signers: 1
Signer #0:
Subject: /L=Internet/O=VeriSign, Inc./OU=VeriSign Commercial Software Publishers CA/OU=www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)98/OU=Digital ID Class 3 – Microsoft Software Validation v2/C=US/ST=Washington/L=Redmond/CN=Microsoft Corporation/OU=Microsoft Corporation
Issuer : /L=Internet/O=VeriSign, Inc./OU=VeriSign Commercial Software Publishers CA
Serial : 550D88F53F6416D70C7300D845921634

Number of certificates: 3
Cert #0:
Subject: /L=Internet/O=VeriSign, Inc./OU=VeriSign Commercial Software Publishers CA
Issuer : /L=Internet/O=VeriSign, Inc./OU=VeriSign Commercial Software Publishers CA
Serial : 03C78F37DB9228DF3CBB1AAD82FA6710
——————
Cert #1:
Subject: /O=VeriSign, Inc./OU=VeriSign Trust Network/OU=www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)98/CN=VeriSign Time Stamping Service CA SW1
Issuer : /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign Time Stamping Service Root/OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
Serial : FCA4A59F2C0FC0B90398331B7B54541D
——————
Cert #2:
Subject: /L=Internet/O=VeriSign, Inc./OU=VeriSign Commercial Software Publishers CA/OU=www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)98/OU=Digital ID Class 3 – Microsoft Software Validation v2/C=US/ST=Washington/L=Redmond/CN=Microsoft Corporation/OU=Microsoft Corporation
Issuer : /L=Internet/O=VeriSign, Inc./OU=VeriSign Commercial Software Publishers CA
Serial : 550D88F53F6416D70C7300D845921634

Succeeded

[root:~/Downloads]

#