PANW CHKP FTNT ForcePoint
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
Tuesday, October 23, 2018
Monitoring the Event calendar
Here's a few links to important events calendar for security vendors
PANW CHKP FTNT ForcePoint
NSE ( network security expert) and Route/Switching Engineer
PANW CHKP FTNT ForcePoint
NSE ( network security expert) and Route/Switching Engineer
Friday, October 19, 2018
Fortimail API access
In this post we will explore a simple API login and request for the fortinet fortimail
1st we need to enable the rest-api function;
config system global
set rest-api enable
end
By using curl we can test the API access
curl -k -c mycookies.txt -d '{ "name":"admin, "password":"apiadminpassword" } ' -X POST -H "Content-Type: application/json" -v https://10.10.1.10/api/v1/AdminLogin/
curl -k -b mycookies.txt -v https://10.10.1.10/api/v1/SysStatusSysinfo/
Here's the request from my postman collection
https://www.getpostman.com/
And the headers for Content-Type
{
"name": "FMLapi",
"request": {
"url": "https://10.10.10.10/api/v1/AdminLogin/",
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/json",
"description": ""
}
],
"body": {
"mode": "raw",
"raw": "{ \"name\" : \"socpuppetsfml\" , \"password\" : \"myadminpassword\" }"
},
"description": ""
},
"response": []
}
]
}
for more information, use the fortinet FortiMail API reference
https://docs.fortinet.com/uploaded/files/3416/FortiMail%20REST%20API%20Reference.pdf
FTNT
https://en.wikipedia.org/wiki/Fortinet
NSE ( network security expert) and Route/Switching Engineer
1st we need to enable the rest-api function;
config system global
set rest-api enable
end
By using curl we can test the API access
curl -k -c mycookies.txt -d '{ "name":"admin, "password":"apiadminpassword" } ' -X POST -H "Content-Type: application/json" -v https://10.10.1.10/api/v1/AdminLogin/
curl -k -b mycookies.txt -v https://10.10.1.10/api/v1/SysStatusSysinfo/
Here's the request from my postman collection
https://www.getpostman.com/
{
"name": "FMLapi",
"request": {
"url": "https://10.10.10.10/api/v1/AdminLogin/",
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/json",
"description": ""
}
],
"body": {
"mode": "raw",
"raw": "{ \"name\" : \"socpuppetsfml\" , \"password\" : \"myadminpassword\" }"
},
"description": ""
},
"response": []
}
]
}
for more information, use the fortinet FortiMail API reference
https://docs.fortinet.com/uploaded/files/3416/FortiMail%20REST%20API%20Reference.pdf
FTNT
https://en.wikipedia.org/wiki/Fortinet
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
how to send dhcp options using dhclient
I was testing some suspect dhcp-relay and figure I will show you a simple dhclient conf file for sending dhcp-options
NSE ( network security expert) and Route/Switching Engineer
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
Tuesday, October 16, 2018
Fortigate to StrongSwan cfg
conn %default
ikelifetime=480m
keylife=60m
rekeymargin=3m
keyingtries=5
keyexchange=ikev1
authby=secret
conn fortisOS
left=x.x.x.x
leftsubnet=192.168.2.0/24
leftid=x.x.x.x
leftfirewall=yes
right=y.y.y.y
rightsubnet=192.168.1.0/24
rightid=y.y.y.y
auto=add
ike=aes128-sha1-modp2048
esp=aes128-sha1 # PHASE2 IPSEC--SA must match FortiOS FGT
# make sure the ipsec secrets files matches the PSK on the FGT
cat ipsec.secrets
# PSK on FGT fortiOS
y.y.y.y : PSK MinesecuredPSK
======================FGT VPN route-based===================
config vpn ipsec phase1-interface
edit "STRGSWAN"
set interface "wan1"
set dhgrp 5 14
set proposal aes128-sha1
set remote-gw x.x.x.x
set psksecret MinesecuredPSK
set keepalive 30
next
end
config vpn ipsec phase2-interface
edit "STRGSWAN-P2-1"
set auto-negotiate enable
set keepalive enable
set pfs disable
set phase1name "STRGSWAN"
set proposal aes128-sha1
set replay disable
set dst-subnet 192.168.2.0 255.255.255.0
set keylifeseconds 3600
set src-subnet 192.168.1.0 255.255.255.0
next
end
config vpn ipsec phase1-interface
edit "STRGSWAN"
set interface "wan1"
set dhgrp 5 14
set proposal aes128-sha1
set remote-gw x.x.x.x
set psksecret MinesecuredPSK
set keepalive 30
next
end
config vpn ipsec phase2-interface
edit "STRGSWAN-P2-1"
set auto-negotiate enable
set keepalive enable
set pfs disable
set phase1name "STRGSWAN"
set proposal aes128-sha1
set replay disable
set dst-subnet 192.168.2.0 255.255.255.0
set keylifeseconds 3600
set src-subnet 192.168.1.0 255.255.255.0
next
end
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
Wednesday, October 3, 2018
HOWTO quickly identify if a certificate is a selfSigned Cert
In this blog I will show you a simple means by using openssl to look at a self signed certificate for identification purpose.
A SelfSign basically means that the issuer/subject line are the same.
example #1 my privateCA root for SOCPUPPETS
example#2 my sub-CA which was signed by the above root-CA
notice the issuer is the above rootCA that we mention earlier?
Now let's take a public CA, Here's Let'sEncrypt rootCA
Keep in mind ALL rootCAs certificates are "Self-Signed" . Yeap no higher level signs the root CA certificates These root CAs pays money to have them install into OSes or Browsers certificate store for trust { authenticity }
CA-Chain can be validate for a quick check
NSE ( network security expert) and Route/Switching Engineer
A SelfSign basically means that the issuer/subject line are the same.
example #1 my privateCA root for SOCPUPPETS
example#2 my sub-CA which was signed by the above root-CA
notice the issuer is the above rootCA that we mention earlier?
Now let's take a public CA, Here's Let'sEncrypt rootCA
Keep in mind ALL rootCAs certificates are "Self-Signed" . Yeap no higher level signs the root CA certificates These root CAs pays money to have them install into OSes or Browsers certificate store for trust { authenticity }
CA-Chain can be validate for a quick check
Socpuppets root Certificate rsaEncryption
-----BEGIN CERTIFICATE-----
MIIGJDCCBAygAwIBAgIJAP49tGDTJnq1MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
VQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxDzANBgNVBAcMBkF1c3RpbjETMBEGA1UE
CgwKU09DUFVQUEVUUzEhMB8GA1UECwwYU09DUFVQUEVUUyBDQSBSU0EgQ0hBSU4x
MRQwEgYDVQQDDAtyb290X2NhX3JzYTEgMB4GCSqGSIb3DQEJARYRY2FAc29jcHVw
cGV0cy5jb20wHhcNMTcwNjIxMTYyNzEzWhcNMzcwNjE2MTYyNzEzWjCBnjELMAkG
A1UEBhMCVVMxDjAMBgNVBAgMBVRleGFzMQ8wDQYDVQQHDAZBdXN0aW4xEzARBgNV
BAoMClNPQ1BVUFBFVFMxITAfBgNVBAsMGFNPQ1BVUFBFVFMgQ0EgUlNBIENIQUlO
MTEUMBIGA1UEAwwLcm9vdF9jYV9yc2ExIDAeBgkqhkiG9w0BCQEWEWNhQHNvY3B1
cHBldHMuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6J2xiaGv
MfdziaA7K559XEEfhIh26GIjKKr92U8DvX/7e20hZ2/TSylyGhn4lboyAWToNvYY
rB2oSZUmayqYzWlEtU+lEQmn8uqgYfXjCbHbdniMO9haNrPII6NOzwiPkb6CqTUE
HNGodcjE8jIZl1HrCjIJ1mmYM3kpHS929MdhJhv62iuQ46lOIEWJWdKpFTqFGjJl
U5V0LU182RQKF6Ko9/VjeFXRk+Tyi4ckm6t7WTIG3uTRBTSubpO4ncgo+6lZwRff
TLpNMocpFL7mk7fmc1TUYi1Dy1h032JSmuC244v8mNU/zoW34TykxsBQB3ke2eo3
SX4hFJ5H9Npks5PzL+OhptaX5V4r0/Fwg1qeqBr7e5BQV/xMELVX6p3EvtMwhR58
DALcSVFloAvg1ypLDvJij2dc+J9wHyViLjTzZwuYH5w8YIhu1h/4reiKjSctiPQ5
gIkUBFEtikJK18MXygMttqzevtLjslmGqtAqttAfsPRdizmO3SlIOimCmaZ/fm37
SnP3ho2B5q3+6BftdcaDLSSwR+hR1tq30pVviXxjzotR0t1I/KEBF2QqmfoNPyld
gVy7VBVYokII2BtpB3Vtfi+9Kp93zM4kRT9UZ7hhCuHqK8Qo2LMVbAUKbYKoKE+e
eCpB8373GZOWCB9+TIqCUlM6l5H6wMg1qIsCAwEAAaNjMGEwHQYDVR0OBBYEFIm9
VSGV8MBKu3+vY36jyI2Va3gOMB8GA1UdIwQYMBaAFIm9VSGV8MBKu3+vY36jyI2V
a3gOMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
CwUAA4ICAQDjcQMJBeEXMiJYr5xc82+/F+LnmLlZxhvU2CsGfFEG9lL1PzPD4Mm5
9HLght5RE+5dBelUlwK2utVQxfOTYW7re2+t2tGtMrihEWW3C87GZl2xo0B4mpdt
LZgm8+9E6dat2GJhb2ENgytCFk6ab1AgwPKwPezJ3oY1q+F3Hb0X0GnX/D6C2d/x
G1uHXFYiVTbzcFxHb9PHwGtLu2i2UwhmNMemIkPR9MFB2fQxpPyRa2TkLnSJALbO
+nv1OQDemXqOiw5z7CACkY9S9/SO3v4FEcsYJUHlt9/HrlO5au9sHYVIBL1Ckoqq
NgnoLa/eN1K8b3svj7q3dbhTp5HqGIi054ZVF7F9niZQBmiZf1BLs0Oj5X8qa5xR
Ed/RPsu0ZAU+DgVswr1qyXF4X4++h0bQJj5m2jCpRaFukpCv1DP1wVLTE97zFzwX
5U5iYcFEqhc5RLf1bsQnfQ//DtuYFncsO9K4kYkUqdc5MNBZblDKkkCCKaGYNTat
40DERZK3r1dqHR/O23COCx9vxVKcB/IETBZIpa1v3mptNLBdvv2taHoJoqyMJ+1w
oS8Btc+XiclSSa4EuFFuNwMgpKvDw1+/ZW+agTPFrt3Uv89R4KMRoc+NHdyM420Q
f/kawIOA8NoL8lUWQzRHJsBnCYkPiTM5DkvDlZA6ipmNMK53xxeRZQ==
-----END CERTIFICATE-----
Socpuppets root Certificate dsaEncryption
-----BEGIN CERTIFICATE-----
MIIIYTCCCCCgAwIBAgIJAMe/RLN+hn+qMAkGByqGSM44BAMwgZ4xCzAJBgNVBAYT
AlVTMQ4wDAYDVQQIDAVUZXhhczEPMA0GA1UEBwwGQXVzdGluMRMwEQYDVQQKDApT
T0NQVVBQRVRTMSEwHwYDVQQLDBhTT0NQVVBQRVRTIENBIERTQSBDSEFJTjIxFDAS
BgNVBAMMC3Jvb3RfY2FfZHNhMSAwHgYJKoZIhvcNAQkBFhFjYUBzb2NwdXBwZXRz
LmNvbTAeFw0xNzA2MjExNTU4MTJaFw0zNzA2MTYxNTU4MTJaMIGeMQswCQYDVQQG
EwJVUzEOMAwGA1UECAwFVGV4YXMxDzANBgNVBAcMBkF1c3RpbjETMBEGA1UECgwK
U09DUFVQUEVUUzEhMB8GA1UECwwYU09DUFVQUEVUUyBDQSBEU0EgQ0hBSU4yMRQw
EgYDVQQDDAtyb290X2NhX2RzYTEgMB4GCSqGSIb3DQEJARYRY2FAc29jcHVwcGV0
cy5jb20wggY6MIIELQYHKoZIzjgEATCCBCACggIBAMjBXG6IIUqo6QfVNKfRtSt0
C49cC5IEGlpJ6alDxeqON465tIN7RVkv0ohsACzIiRKPLJtVPu3fGgYfG+hrlPrO
yhkMf/DnYFTiWxmVVTv+JtxJj4XwQQrSO+mLLjWAYNFHZWJjVYmTp2euMYL4JR5/
ddW/2LKsi3Lg6r51dfcljWLMaB5nNB3UeMsest0nCn3mm0Rre4WY8ea90BYgrafs
rT8xkNnUVr24ogf55NBoGid3pY0PDvwUUAkA0RtcJdbf6tbEkDtNrJViySffo9B7
T++0Fg+nC7wlmfuP/9Yag8QYKWjGWH7pSKqNeU3BM2sQXlLXkapV1UkZMggIiS+5
Ov9lDRl6rT3ADAi1Gik2O3If4FE5dcX75ZXGLHyNaUFqyaEb1QqtsnP6m07ZrOxA
u3bXm/3NpFbUeaOlBRj88nPM00bZ8dE+D9cp9ZLzSeJoav00GfQv7bX5CjR62tLi
H7e6LPog7fJqZLb0qTHVlxwKo7D6Qq7IBiEAXVN6HKPhJLUn6EwU0sGcxmE4BMpz
fqOiPV3H3OB73KMV8eN8XLrzaKACliICVBwE7GAixgEH/uvGUSoX8eSYyYDlrpVA
ShjR4nsLj50EU06jY+yg7AsipMp7TI2srt6tVO3MFW+AW8hOhL7sopr4mvMw+rr1
t8uRhZ/t4N46FuBDeHMxAhUAuxahYdi2pjDrwOZqHPLXjr2mXv8CggIAdR8kaxKa
idvuGvyenRD8iwH4KYiI5/nHbeS5Ewq7Z0Lvm9yJ8NM2yP4VaJjG0NJdO3/46HQp
/yDFHmIE5pQYj72eWKGPxPt2Q7cnEurQpz9ckpnaF0mZY/an4c3ZI0qmEQ+1UlDM
w3pMGFGp2EZucgbVzg4HJgPsPE0wwHiu9ZsWsjrBAd8gB7jk1VkgSu4G4Hf11pvn
7St1V72xmRn81iVqoJxWHxrD6A+U+J+Tg/OAfctrNZXDbxMMryxIzHPZqJUFLu4u
iggY8K9/8uTrMXPuHVTqp7pZ1Cc5lsj3Ilv16LnPpY8eEmO3WFsTtb+O1RfiqDsU
G19hPtXXxrwLOGKsflu/jI2zzLIjfb7+EXL10XWhjXs+gTKpL6RQGYoW2CliRQDu
qo2kDA321f7PZ7ju/7u4kSZF4fdSKPTzZEzv1T1zxYCRkKAe0gpBZ6gELb6HTPo7
2di+FgY8079YTN5ULsZz7F8Nrus369Mrxt+68Taehd5XXRZERABDuS0C+VthyRTu
b5gt7W5H9zVKFv62NkNyVXh7cYjeZt/jr9aGKcyrHChrMX4v0OvEhyhSXvZTt/lB
yXxtq4ZKDlPcEp2efGMgFO0+SaHorIlchHoyK8Tzmd9hRWSoDwD1EppwLpygpe3K
ifvHFJ+ttPrbsYjLpsNifETUz91odXNfF74DggIFAAKCAgA57FU2FJTFQQzRBH29
9hEreOHNLenErwemty6GpkunLbrRBniDe4rl8UGp9C78FPwe4VB6Lay7HhBpWwwB
suflK1BTAomouVa4qwL//lkkakj6Go1XhDqhW1yh8f2OPb4ENQk5poRAlu4Wvkvd
Oaz5KOlFWiwEWjiTGeBZ/NwA2v/6BomIn6EppYBnEkrzQvtw8l/4x4xpDDpU8kHt
X2w1CAu7l6djrZcXB4frZWk4bh7+AqNcs7F60FDz70ibXdeNukqfXmcMiNnbu6wI
WPsMl/ZFgHOmqvH1qKflMERRaKrMXG0Md57u7ulMZ0dK7x6AV2ft9BRxI/8Ko8SS
QaT5K9bW5Y7F7bedXhcVk0FjL6DImB2rWvC3DbFmuHqdXHdlTsQMoYfA2jii90d6
shRg5lI2jpd9P520h45W+F9E/w/tik8RIXmY0rgoO+BN3FCvI4wcTcx3Tet+InUh
5pch3ZSwaxu9s8hmHb1kt9pU4HYzQfGlfckxDqu02A95FcRKISYzDQ05BjJdGMkm
uxn3Achg8nk5HBnSuekpZfMS1XbICDqFle9vlFL0/fxSCQkC9tRrsFzfsbREtLfs
ucUmM91R1UqUVs/qMz2VIzcpJWqYRgpqWgzDPJpD2Gs8QI1MjiVbzI3YDvSfholo
hCk/Dqj1Efft3XlEZ5q9kJrxbaNjMGEwHQYDVR0OBBYEFBlkya8UF0Tt7TdcobUT
6DYESuHuMB8GA1UdIwQYMBaAFBlkya8UF0Tt7TdcobUT6DYESuHuMA8GA1UdEwEB
/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMAkGByqGSM44BAMDMAAwLQIUXg1LXn73
AFEHTFIpkItB+qHTYXcCFQCE/9KmQcTjwUvuO8QO2b0g2950AQ==
-----END CERTIFICATE-----
Socpuppets root Certificate ecDSA
-----BEGIN CERTIFICATE-----
MIICpjCCAk2gAwIBAgIJAJqR2TpuR92YMAkGByqGSM49BAEwgaYxCzAJBgNVBAYT
AlVTMQ4wDAYDVQQIDAVUZXhhczEPMA0GA1UEBwwGQXVzdGluMRMwEQYDVQQKDApT
T0NQVVBQRVRTMSUwIwYDVQQLDBxTT0NQVVBQRVRTIENBIFNFQ1AyNTYgQ0hBSU4z
MRgwFgYDVQQDDA9yb290X2NhX3NlY3AyNTYxIDAeBgkqhkiG9w0BCQEWEWNhQHNv
Y3B1cHBldHMuY29tMB4XDTE3MDYyMTE1NTk0M1oXDTM3MDYxNjE1NTk0M1owgaYx
CzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEPMA0GA1UEBwwGQXVzdGluMRMw
EQYDVQQKDApTT0NQVVBQRVRTMSUwIwYDVQQLDBxTT0NQVVBQRVRTIENBIFNFQ1Ay
NTYgQ0hBSU4zMRgwFgYDVQQDDA9yb290X2NhX3NlY3AyNTYxIDAeBgkqhkiG9w0B
CQEWEWNhQHNvY3B1cHBldHMuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
9umqojiPL9fmMK3JTOaFP1a+HX3XlSMW6nW3HT1LOq9h5PS8iRHNQub/Daew0Jh1
TsZab0gFHFFpaAnNO1gklqNjMGEwHQYDVR0OBBYEFGYQphmPyL0nPKPgCrLc20Dq
7TRlMB8GA1UdIwQYMBaAFGYQphmPyL0nPKPgCrLc20Dq7TRlMA8GA1UdEwEB/wQF
MAMBAf8wDgYDVR0PAQH/BAQDAgGGMAkGByqGSM49BAEDSAAwRQIgVd7TSsOUnbaV
6KFFk3dxvawOVtUw8KZLop38+6vn+v0CIQD5iWdlKkTwsyJL35XgTRnDgf6lkHry
0qzZykeoSv0NDg==
-----END CERTIFICATE-----
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
Subscribe to:
Posts (Atom)