diff --git a/All/Sign Using OV Cert.md b/All/Sign Using OV Cert.md index 40aae04..9e7da28 100644 --- a/All/Sign Using OV Cert.md +++ b/All/Sign Using OV Cert.md @@ -1,18 +1,93 @@ # Purpose -We're going to be looking at how to get a code-signing certificate, how to sign code with it and use that to create a setup file. This setup file will contain another signed file that will launch a basic web server. The setup file will create a firewall rule for the server so it won't need to prompt the user with a firewall settings prompt. +We're going to be looking at how to create a server setup file that doesn't trigger any prompts that aren't user friendly. This setup file will contain another signed file that will launch a basic web server. The setup file will create the server file and a firewall rule for the server file. We will be building two files (`setup.go` and `server.go`) separately . -# Obtaining a Code Signing Certificate +# The Server File -Purhcase a code-signing certificate: https://cheapsslsecurity.com/comodo/codesigningcertificate.html -Be aware that you will likely need to create a Dun & Bradstreet listing, depending on the company you order the certificate from: https://www.dandb.com/businessdirectory/products/ (this is free) -The validation process will take 1-3 business days if you have entered all of your business information correctly and give them your D-U-N-S (Dun & Bradstreet) number. After you receive an email containing a link to the certificate, follow these directions in the **exact same** browser as the one you used to request the certificate : https://cheapsslsecurity.com/downloads.aspx?ispdf=true&iscs=true&filenm=Comodo_Code_Signing_Collection_Guide.pdf +We're creating our web server file, building it and signing the application. -# Signing a File +## Creating the Server File -[Screenshot] Next, you will need to install Visual Studio with the "Universal Windows App Development Tools" workload. You can click on the list of sub-items and un-select everything except the Windows 10 SDK. You can download Visual Studio here: https://visualstudio.microsoft.com/thank-you-downloading-visual-studio/?sku=Community&rel=16 +Create a file named `server.go` and add the following: -Open a "Developer Command Prompt for VS". +``` +//go:generate goversioninfo + +package main + +import ( + "flag" + "log" + "net/http" +) + +func main() { + + port := flag.String("p", "8100", "port to serve on") + directory := flag.String("d", ".", "the directory of static file to host") + flag.Parse() + + http.Handle("/", http.FileServer(http.Dir(*directory))) + + log.Printf("Serving %s on HTTP port: %s\n", *directory, *port) + log.Fatal(http.ListenAndServe(":"+*port, nil)) +} +``` + +*Windows 10 will happily create server.go.txt if you don't turn off hidden file extensions and leave you wondering what's wrong with your Go install.* + +First of all, you'll want to install Golang: https://golang.org/dl/ +Then you'll want to install [goversioninfo](https://github.com/josephspurrier/goversioninfo) by running the following in a command prompt: + +``` +go get github.com/josephspurrier/goversioninfo/cmd/goversioninfo +``` + +This will allow us to set the name of the program, version, publisher name, etc. + +``` +# Add this to the top of your server go file. +//go:generate goversioninfo +# Then generate the configuration by running the following in a command prompt: +go generate +``` + +This will create a configuration file named `versioninfo.json` in the current directory. There are three things you will want to edit: 1. The version of the application, 2. The "publisher" or company name and 3. The product name. + +![](versioninfo.png) + +Near the top of the file, you will see `FileVersion` and `ProductVersion`. +You can set normal major, minor, patch and build versions for those values. The `FileVersion` is the version of the file and `ProductVersion` is the version of the application as a whole. You can most likely use the same version for both unless you're doing something unusual. You will set the same values again under `StringFileInfo`. + +Next, you can set the "publisher name" by filling in the `CompanyName` value with the name of your organization. + +Lastly, you can give your application a name, like "Go Web Server" under the `ProductName` value. + +``` +# Next, build your server app. +go build +``` + +You will want to sign your application, the next section will show you how. + +## Signing the Setup File + +### Getting a Code Signing Certificate + +Be aware that you will likely need to create a Dun & Bradstreet listing to get an "organization" code-signing certificate: https://www.dandb.com/businessdirectory/products/ (this is free) + +You can purchase a code-signing certificate here: https://cheapsslsecurity.com/comodo/codesigningcertificate.html The validation process will take 1-3 business days if your information is correct and you give them your D-U-N-S (Dun & Bradstreet) number. After you receive an email containing a link to the certificate, follow these directions in the **exact same** browser as the one you used to request the certificate : https://cheapsslsecurity.com/downloads.aspx?ispdf=true&iscs=true&filenm=Comodo_Code_Signing_Collection_Guide.pdf + +### Signing the File + +[Screenshot] Next, you will need to install Visual Studio. You can download Visual Studio here: https://visualstudio.microsoft.com/thank-you-downloading-visual-studio/?sku=Community&rel=16 + +In the install process, you will be greeted with this screen: + +![](windowsdev.png) + + +Choose the "Universal Windows Platform Development" workload. After you have finished installing Visual Studio, open a "Developer Command Prompt for VS". ![](developerprompt.png) @@ -27,51 +102,89 @@ You should see something like this: ![](donesigning.png) -# Creating the Setup File +# The Setup File -I'm using a few different Go tools to allow us to create the web server, a firewall rule and put the server file inside our setup app. +Now we're going to create the setup file that will create the firewall rule we need and "create" the server file for us. -## Server +## Firewall Rule -First of all, you'll want to install Golang: https://golang.org/dl/ -Then you'll want to install [goversioninfo](https://github.com/josephspurrier/goversioninfo) by running the following in a command prompt: +We are using Powershell to create the firewall rule, so we're going to install `go-powershell`. ``` -go get github.com/josephspurrier/goversioninfo/cmd/goversioninfo +# Install go-powershell +go get github.com/aquasecurity/go-powershell ``` -This will allow us to set the name of the program, version, etc. and most importantly, which manifest file to use. - -[Configuration options / usage.] - -## Firewall Rule - -go-powershell +Create a file named `setup.go` and include the following: ``` -import( - "os" - "fmt" - "log" +//go:generate goversioninfo -manifest=setup.exe.manifest +//Add a new firewall rule in Go. + +package main + +import ( + "os" + "fmt" + "log" + "static" // Create fileb0x before this will work. + "io/ioutil" + ps "github.com/aquasecurity/go-powershell" + "github.com/aquasecurity/go-powershell/backend" ) + func main() { - dir, err := os.Getwd() + + // Grab files from virtual filesystem + files, err := static.WalkDirs("", false) if err != nil { log.Fatal(err) + log.Println("ALL FILES", files) } -``` -``` -var dirs string = "New-NetFirewallRule -DisplayName 'Name of Rule' -Direction Inbound -Program '" + dir + "\\server.exe'" -``` + // here we'll read the file from the virtual file system + b, err := static.ReadFile("server.exe") + if err != nil { + log.Fatal(err) + } + // Copy file from virtual filesystem to real filesystem + err = ioutil.WriteFile("server.exe", b, 0644) + if err != nil { + fmt.Println("Error creating", "server.exe") + fmt.Println(err) + return + } + // choose a backend + back := &backend.Local{} -You should see something like this: + // start a local powershell process + shell, err := ps.New(back) + if err != nil { + panic(err) + } + defer shell.Exit() -![](addfirewallrule.png) + // Set 'dir' to the current working directory. + dir, err := os.Getwd() + if err != nil { + log.Fatal(err) + } + + // Create the correct Poweshell rule with the working directory from 'dir' + var cmd string = "-WindowStyle Hidden New-NetFirewallRule -DisplayName 'Name of Rule' -Direction Inbound -Program '" + dir + "\\server.exe' -Action Allow > NULL" + // Run the command. + stdout, stderr, err := shell.Execute(cmd) + if err != nil { + panic(err) + fmt.Println(stderr) + } + fmt.Println(stdout) +} +``` -Manifest file: +Then create another file called `setup.exe.manifest` containing: ``` @@ -86,6 +199,13 @@ Manifest file: ``` -## Put Server In Setup File +Rename `server.go` to `server.go_` + +``` +# Build the setup application. +go build -o setup.exe -ldflags "-s -w -H=windowsgui" +``` + +## Put Server File In Setup File fileb0x diff --git a/All/versioninfo.png b/All/versioninfo.png new file mode 100644 index 0000000..2f2c0b8 Binary files /dev/null and b/All/versioninfo.png differ diff --git a/All/windowsdev.png b/All/windowsdev.png new file mode 100644 index 0000000..993fa21 Binary files /dev/null and b/All/windowsdev.png differ diff --git a/todo.txt b/todo.txt new file mode 100644 index 0000000..aa1f3d1 --- /dev/null +++ b/todo.txt @@ -0,0 +1,6 @@ +1. goversioninfo / manifest + +2. go-powershell +(setup.go & serve.go are in this repository, build them seperately. +3. fileb0x usage. +4. How it all goes together.