Powershell and HTTPS ? It Ain?t All Rainbows And Lollipops! (or is it?)
Back in PowerShell school everyone discusses how great Powershell is for Windows functions, and an obligatory part of everyone powershell class is to cover off “Invoke-WebRequest”, which allows you to perform curl-like functions. In fact, “curl” is aliased to “invoke-webrequest” in PowerShell.
In fact, this does work in most situations, for instance, let’s grab the ISC main page:
However, in a lot of cases a penetration tester is assessing network infrastructure – routers, firewalls, virtual infrastructure and so on. Let’s take a look at a typical HTTPS request to say, a firewall API:
The problem? Yup – it’s a self signed certificate, and PowerShell needs a “real” trusted certificate with a real CA, the whole 9 yards. There’s no “-trust-it-anyway-its-all-good” parameter in the Invoke-WebRequest command.
What to do? Luckily, Powershell is based on .Net (or dotnet, however you want to spell it), so there’s a way. What I ended up doing was:
First, set the Certificate Validation Callback value in .Net
Next, create a temporary object, which will server as the .Net Webclient:
Finally ,invoke the web request using the temporary object. Note that in this case the return value is in XML format, so I cast the variable.
The final result? In this case it’s an API key for a Palo Alto Firewall which we then use to make subsequent calls to the REST API.
Let’s use the key to do something useful – for instance, grab the current configuration:
Note that “in real life”, or in real code, you’d have some error checks along the way to ensure that your https calls are successful (for instance, by using the “try” command). In the Palo Alto API in particular, the API returns an additional value in the XML that gives us the status of the return – a really nice touch!
But really, that https call could be anything. For instance, to return the running config on a Cisco ASA Firewall, we just need to add credentials to our variable, then change the called parameters a bit:
Or to show the current version:
Looking at the first few lines of $asaver, it looks exactly like you’d expect:
Ah – look the sun is coming out – and is that a rainbow? Thanks Powershell! All we need is ah HTTPS unicorn now (stay tuned).
===============
Rob VandenBrink
Compugen
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago