CompTIA PenTest+ - Remote Access Episode

Dan Thorburn

This is a question for Master Daniel Lowrie, in regards to the "Remote Access" episode of the CompTIA PentTest+ course.

At 22:10 in the episode you executed the following command on your Linux Mint VM:

ncat --exec /bin/bash -vnl 9999 --ssl

When I attempt to perform this on my Kali Linux VM, I get the following output and subsequent error:

Ncat: Version 7.70 ( https://nmap.org/ncat )
Ncat: Generating a temporary 1024-bit RSA key. Use --ssl-key and --ssl-cert to use a permanent one.
Ncat: SHA-1 fingerprint: 00B1 F002 9F1A D830 230A D7FF 269D C9A2 1870 34F4
Ncat: SSL_CTX_use_certificate(): error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small. QUITTING.

Can you please advise how to correct and proceed?

Thanks.

Dan

daniel-lowrie87

Hey @Dan-Thorburn

I have looked into your problem and it seems that there may be 2 possible answers for you.

Generate your own SSL cert. (PREFERRED method)

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

ncat --exec /bin/bash -vnl 9999 --ssl-key key.pem --ssl-cert cert.pem

Lower the default security level for ssl

With your text editor of choice, open...

/etc/ssl/openssl.cnf

Edit CypherString line

from...

CipherString = DEFAULT@SECLEVEL=2

to...

CipherString = DEFAULT@SECLEVEL=1

save and exit.

Option 2 isn't the best way to go, but I wanted to give you a fallback plan just in case Option 1 doesn't work.

Hope that helps,

Daniel Lowrie