This topic contains 1 reply, has 2 voices, and was last updated by jonotoah 1 month ago.
- June 5, 2020 at 3:35 pm #260002
So, I recently bought a new router and installed it. But I still had my old one which wasn’t exactly secure, so O thought I’d plug it in my laptop and see of I could exploit it. After a quick nmap scan I found that for some reason port 21 (ftp) was open with anonymous login, so I logged on and found config files, text files and a server.crt and a server.key. What could someone do if they obtained the server.crt and server.key files.
What could someone do with .crt and .key files?
- June 5, 2020 at 3:39 pm #260004
Depends on what certificate this is. They could get access to a restricted application/service, they could decrypt some traffic in from a device to your router, and do a mitm without downgrading http (https->http)
You must be logged in to reply to this topic.