> For the complete documentation index, see [llms.txt](https://johnermac.gitbook.io/johnermac/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://johnermac.gitbook.io/johnermac/post-exploitation/data-exfiltration/https/openssl.md).

# OpenSSL

### Basic Usage

**Generating cryptographic keys:**&#x20;

OpenSSL can generate different types of cryptographic keys, such as RSA, DSA, and ECDSA. The `genrsa` command is used to generate an RSA private key. For example:

```
openssl genrsa -out private.key 2048
```

**Creating a digital certificate:**&#x20;

OpenSSL can be used to generate self-signed certificates or certificate signing requests (CSRs). The `req` command is used for this purpose. For example, to generate a self-signed certificate:

```
openssl req -new -key private.key -out certificate.crt
```

**Encrypting and decrypting files:**&#x20;

OpenSSL provides symmetric and asymmetric encryption capabilities. The `enc` command is used for file encryption and decryption. For example, to encrypt a file using AES-256:

```
openssl enc -aes-256-cbc -salt -in plaintext.txt -out encrypted.bin
```

**Generating a hash of a file:**&#x20;

OpenSSL can generate message digests or hash values of files using various algorithms such as MD5, SHA-1, and SHA-256. The `dgst` command is used for this purpose. For example:

```
openssl dgst -sha256 file.txt
```

**Creating and verifying digital signatures:**

OpenSSL can create digital signatures using private keys and verify them using corresponding public keys. The `dgst` and `rsautl` commands are used for this purpose. For example, to sign a file using an RSA private key:

```csharp
openssl dgst -sha256 -sign private.key -out signature.bin file.txt
```

To verify the signature:

```vbnet
openssl dgst -sha256 -verify public.key -signature signature.bin file.txt
```

**Establishing secure connections (TLS/SSL):**&#x20;

OpenSSL provides utilities for testing and establishing secure connections over networks. The `s_client` command is used to connect to an SSL/TLS server. For example:

```arduino
openssl s_client -connect example.com:443
```

## How to extract files using OpenSSL

<figure><img src="/files/2suVE6eDFr1MsAyLPBoR" alt=""><figcaption><p>Set a Listener</p></figcaption></figure>

<figure><img src="/files/MHwzJiL4QsrA17iTWJNN" alt=""><figcaption><p>Send the file with openssl</p></figcaption></figure>

<figure><img src="/files/fbjbo9Ps32N0Rohm2Y4D" alt=""><figcaption><p>We cant extract the file via netcat</p></figcaption></figure>

`Well, we can extract but we can't read it`

<figure><img src="/files/HCiIZPAJp2NV4VsHYTzT" alt=""><figcaption><p>Generate a private key</p></figcaption></figure>

<figure><img src="/files/8tH05uVTeZy1KI3WgZga" alt=""><figcaption><p>Open a listener with the private key</p></figcaption></figure>

<figure><img src="/files/Ui7Ap8saQvsM3d0VvtH0" alt=""><figcaption><p>Now we can send the file</p></figcaption></figure>

#### As we can see in the example above, not only the "server" must contain the certificates but also the  "client". In order to receive the file correctly.

<figure><img src="/files/XIXD7TfKJ3wXsUBqbv9O" alt=""><figcaption><p>Shadow extracted</p></figcaption></figure>

<figure><img src="/files/frRgs2IC54UsZj2aDpJK" alt=""><figcaption><p>Wireshark Results</p></figcaption></figure>
