Re: Certificate store

From: David Howe (David.Howe@ansgroup.co.uk)
Date: Tue Apr 08 2008 - 05:19:45 EDT

• Next message: shakti@pcssaudi.com: "Tool or Scirpt for DHCP Pool Exhaust Attack"
• Previous message: Mark Owen: "Re: Microsoft RDP Priv. Escalation"
• In reply to: Pierre Cassimans: "Certificate store"
• Next in thread: David Howe: "Re: Certificate store"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Pierre Cassimans wrote:
> Hi,
>
> Some questions about the microsoft certificate store:
>
> - is there a way to extract (or export) certificates from a microsoft
> certificate store when the certificates are marked as "not
> exportable
> - is there a way to extract the certificates from within a linux environment?

 From a bit of research i did the other day, the private keys appear to
be stored at C:\Documents and Settings\<username>\Application
Data\Microsoft\Crypto\RSA for the user concerned. Further searches
seemed to indicate that they were secured with a user specific "master
key" derived from the machine's SID, the users name (or SID) and the
password used for that user's login.

I haven't researched this one any further, but I understand the same
mechanism is used for the EFS certificates (for obvious reasons) so
examination of http://www.lostpassword.com/efs.htm may yield some useful
clues.

David Howe
Senior SysCare Engineer

david.howe@ansgroup.co.uk
Office number: 0161 227 1010
Fax: 0161 227 1020

ANS group plc
Synergy House
Manchester Science Park
Manchester
M15 6SY
www.ansgroup.co.uk

The information contained in this communication from david.howe@ansgroup.co.uk is confidential and may be legally privileged.
It is intended solely for use by pen-test@securityfocus.com and others authorised to receive it.
If you are not pen-test@securityfocus.com you are hereby notified that any disclosure, copying, distribution or taking action
in reliance of the contents of this information is strictly prohibited and may be unlawful.

ANS group plc 2007 - Privacy Policy - Registered Office is Synergy House, Manchester Science Park, Manchester, M15 6SY. Reg No. 3176761. (Registered in England & Wales)

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

• Next message: shakti@pcssaudi.com: "Tool or Scirpt for DHCP Pool Exhaust Attack"
• Previous message: Mark Owen: "Re: Microsoft RDP Priv. Escalation"
• In reply to: Pierre Cassimans: "Certificate store"
• Next in thread: David Howe: "Re: Certificate store"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:30 EDT