Procházet zdrojové kódy

Missing fileb0x docs only.

master
Josh Mudge před 4 roky
rodič
revize
ca1e8b730a
  1. 188
      All/Sign Using OV Cert.md
  2. binární
      All/versioninfo.png
  3. binární
      All/windowsdev.png
  4. 6
      todo.txt

188
All/Sign Using OV Cert.md

@ -1,18 +1,93 @@
# Purpose
We're going to be looking at how to get a code-signing certificate, how to sign code with it and use that to create a setup file. This setup file will contain another signed file that will launch a basic web server. The setup file will create a firewall rule for the server so it won't need to prompt the user with a firewall settings prompt.
We're going to be looking at how to create a server setup file that doesn't trigger any prompts that aren't user friendly. This setup file will contain another signed file that will launch a basic web server. The setup file will create the server file and a firewall rule for the server file. We will be building two files (`setup.go` and `server.go`) separately .
# Obtaining a Code Signing Certificate
# The Server File
Purhcase a code-signing certificate: https://cheapsslsecurity.com/comodo/codesigningcertificate.html
Be aware that you will likely need to create a Dun & Bradstreet listing, depending on the company you order the certificate from: https://www.dandb.com/businessdirectory/products/ (this is free)
The validation process will take 1-3 business days if you have entered all of your business information correctly and give them your D-U-N-S (Dun & Bradstreet) number. After you receive an email containing a link to the certificate, follow these directions in the **exact same** browser as the one you used to request the certificate : https://cheapsslsecurity.com/downloads.aspx?ispdf=true&iscs=true&filenm=Comodo_Code_Signing_Collection_Guide.pdf
We're creating our web server file, building it and signing the application.
# Signing a File
## Creating the Server File
[Screenshot] Next, you will need to install Visual Studio with the "Universal Windows App Development Tools" workload. You can click on the list of sub-items and un-select everything except the Windows 10 SDK. You can download Visual Studio here: https://visualstudio.microsoft.com/thank-you-downloading-visual-studio/?sku=Community&rel=16
Create a file named `server.go` and add the following:
Open a "Developer Command Prompt for VS".
```
//go:generate goversioninfo
package main
import (
"flag"
"log"
"net/http"
)
func main() {
port := flag.String("p", "8100", "port to serve on")
directory := flag.String("d", ".", "the directory of static file to host")
flag.Parse()
http.Handle("/", http.FileServer(http.Dir(*directory)))
log.Printf("Serving %s on HTTP port: %s\n", *directory, *port)
log.Fatal(http.ListenAndServe(":"+*port, nil))
}
```
*Windows 10 will happily create server.go.txt if you don't turn off hidden file extensions and leave you wondering what's wrong with your Go install.*
First of all, you'll want to install Golang: https://golang.org/dl/
Then you'll want to install [goversioninfo](https://github.com/josephspurrier/goversioninfo) by running the following in a command prompt:
```
go get github.com/josephspurrier/goversioninfo/cmd/goversioninfo
```
This will allow us to set the name of the program, version, publisher name, etc.
```
# Add this to the top of your server go file.
//go:generate goversioninfo
# Then generate the configuration by running the following in a command prompt:
go generate
```
This will create a configuration file named `versioninfo.json` in the current directory. There are three things you will want to edit: 1. The version of the application, 2. The "publisher" or company name and 3. The product name.
![](versioninfo.png)
Near the top of the file, you will see `FileVersion` and `ProductVersion`.
You can set normal major, minor, patch and build versions for those values. The `FileVersion` is the version of the file and `ProductVersion` is the version of the application as a whole. You can most likely use the same version for both unless you're doing something unusual. You will set the same values again under `StringFileInfo`.
Next, you can set the "publisher name" by filling in the `CompanyName` value with the name of your organization.
Lastly, you can give your application a name, like "Go Web Server" under the `ProductName` value.
```
# Next, build your server app.
go build
```
You will want to sign your application, the next section will show you how.
## Signing the Setup File
### Getting a Code Signing Certificate
Be aware that you will likely need to create a Dun & Bradstreet listing to get an "organization" code-signing certificate: https://www.dandb.com/businessdirectory/products/ (this is free)
You can purchase a code-signing certificate here: https://cheapsslsecurity.com/comodo/codesigningcertificate.html The validation process will take 1-3 business days if your information is correct and you give them your D-U-N-S (Dun & Bradstreet) number. After you receive an email containing a link to the certificate, follow these directions in the **exact same** browser as the one you used to request the certificate : https://cheapsslsecurity.com/downloads.aspx?ispdf=true&iscs=true&filenm=Comodo_Code_Signing_Collection_Guide.pdf
### Signing the File
[Screenshot] Next, you will need to install Visual Studio. You can download Visual Studio here: https://visualstudio.microsoft.com/thank-you-downloading-visual-studio/?sku=Community&rel=16
In the install process, you will be greeted with this screen:
![](windowsdev.png)
Choose the "Universal Windows Platform Development" workload. After you have finished installing Visual Studio, open a "Developer Command Prompt for VS".
![](developerprompt.png)
@ -27,51 +102,89 @@ You should see something like this:
![](donesigning.png)
# Creating the Setup File
# The Setup File
I'm using a few different Go tools to allow us to create the web server, a firewall rule and put the server file inside our setup app.
Now we're going to create the setup file that will create the firewall rule we need and "create" the server file for us.
## Server
## Firewall Rule
First of all, you'll want to install Golang: https://golang.org/dl/
Then you'll want to install [goversioninfo](https://github.com/josephspurrier/goversioninfo) by running the following in a command prompt:
We are using Powershell to create the firewall rule, so we're going to install `go-powershell`.
```
go get github.com/josephspurrier/goversioninfo/cmd/goversioninfo
# Install go-powershell
go get github.com/aquasecurity/go-powershell
```
This will allow us to set the name of the program, version, etc. and most importantly, which manifest file to use.
[Configuration options / usage.]
## Firewall Rule
go-powershell
Create a file named `setup.go` and include the following:
```
import(
"os"
"fmt"
"log"
//go:generate goversioninfo -manifest=setup.exe.manifest
//Add a new firewall rule in Go.
package main
import (
"os"
"fmt"
"log"
"static" // Create fileb0x before this will work.
"io/ioutil"
ps "github.com/aquasecurity/go-powershell"
"github.com/aquasecurity/go-powershell/backend"
)
func main() {
dir, err := os.Getwd()
// Grab files from virtual filesystem
files, err := static.WalkDirs("", false)
if err != nil {
log.Fatal(err)
log.Println("ALL FILES", files)
}
```
```
var dirs string = "New-NetFirewallRule -DisplayName 'Name of Rule' -Direction Inbound -Program '" + dir + "\\server.exe'"
```
// here we'll read the file from the virtual file system
b, err := static.ReadFile("server.exe")
if err != nil {
log.Fatal(err)
}
// Copy file from virtual filesystem to real filesystem
err = ioutil.WriteFile("server.exe", b, 0644)
if err != nil {
fmt.Println("Error creating", "server.exe")
fmt.Println(err)
return
}
// choose a backend
back := &backend.Local{}
You should see something like this:
// start a local powershell process
shell, err := ps.New(back)
if err != nil {
panic(err)
}
defer shell.Exit()
![](addfirewallrule.png)
// Set 'dir' to the current working directory.
dir, err := os.Getwd()
if err != nil {
log.Fatal(err)
}
// Create the correct Poweshell rule with the working directory from 'dir'
var cmd string = "-WindowStyle Hidden New-NetFirewallRule -DisplayName 'Name of Rule' -Direction Inbound -Program '" + dir + "\\server.exe' -Action Allow > NULL"
// Run the command.
stdout, stderr, err := shell.Execute(cmd)
if err != nil {
panic(err)
fmt.Println(stderr)
}
fmt.Println(stdout)
}
```
Manifest file:
Then create another file called `setup.exe.manifest` containing:
```
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
@ -86,6 +199,13 @@ Manifest file:
</assembly>
```
## Put Server In Setup File
Rename `server.go` to `server.go_`
```
# Build the setup application.
go build -o setup.exe -ldflags "-s -w -H=windowsgui"
```
## Put Server File In Setup File
fileb0x

binární
All/versioninfo.png

Binární soubor nebyl zobrazen.

Za

Šířka:  |  Výška:  |  Velikost: 51 KiB

binární
All/windowsdev.png

Binární soubor nebyl zobrazen.

Za

Šířka:  |  Výška:  |  Velikost: 104 KiB

6
todo.txt

@ -0,0 +1,6 @@
1. goversioninfo / manifest
2. go-powershell
(setup.go & serve.go are in this repository, build them seperately.
3. fileb0x usage.
4. How it all goes together.
Načítá se…
Zrušit
Uložit