Updated to fix TLS 1.0 issues. Server now supports TLSv1 and above. Powershell v2 Get-WebClient requires anything below TLSv1.2

2019-01-09 22:27:44 +00:00 · 2019-01-09 22:27:44 +00:00 · 6864205fbd
parent caab94ff82
commit 6864205fbd
3 changed files with 11 additions and 15 deletions
--- a/C2Server.py
+++ b/C2Server.py
@ -387,18 +387,9 @@ if __name__ == '__main__':

    if (os.path.isfile("%sposh.crt" % ROOTDIR)) and (os.path.isfile("%sposh.key" % ROOTDIR)):
      try:
-        if UseTLSv1:
-            httpd.socket = ssl.wrap_socket (httpd.socket, keyfile="%sposh.key" % ROOTDIR, certfile="%sposh.crt" % ROOTDIR, server_side=True, ssl_version=ssl.PROTOCOL_TLSv1)
-        else:
-          try:
-            httpd.socket = ssl.wrap_socket (httpd.socket, keyfile="%sposh.key" % ROOTDIR, certfile="%sposh.crt" % ROOTDIR, server_side=True, ssl_version=ssl.PROTOCOL_TLS)
-          except Exception as e:
-            httpd.socket = ssl.wrap_socket (httpd.socket, keyfile="%sposh.key" % ROOTDIR, certfile="%sposh.crt" % ROOTDIR, server_side=True, ssl_version=ssl.PROTOCOL_TLSv1)
+        httpd.socket = ssl.wrap_socket (httpd.socket, keyfile="%sposh.key" % ROOTDIR, certfile="%sposh.crt" % ROOTDIR, server_side=True, ssl_version=ssl.PROTOCOL_TLS)
      except Exception as e:
-        try:
-          httpd.socket = ssl.wrap_socket (httpd.socket, keyfile="%sposh.key" % ROOTDIR, certfile="%sposh.crt" % ROOTDIR, server_side=True, ssl_version=ssl.PROTOCOL_TLS)
-        except Exception as e:
-          httpd.socket = ssl.wrap_socket (httpd.socket, keyfile="%sposh.key" % ROOTDIR, certfile="%sposh.crt" % ROOTDIR, server_side=True, ssl_version=ssl.PROTOCOL_TLSv1)
+        httpd.socket = ssl.wrap_socket (httpd.socket, keyfile="%sposh.key" % ROOTDIR, certfile="%sposh.crt" % ROOTDIR, server_side=True, ssl_version=ssl.PROTOCOL_TLSv1)
    else:
      raise ValueError("Cannot find the certificate files")
    #logging.basicConfig(level=logging.WARNING) # DEBUG,INFO,WARNING,ERROR,CRITICAL
--- a/Config.py
+++ b/Config.py
@ -12,7 +12,7 @@ DefaultSleep = "5"
 KillDate = "08/06/2019"
 UserAgent = "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko"
 urlConfig = UrlConfig("%soldurls.txt" % POSHDIR) # Instantiate UrlConfig object - old urls using a list from a text file
-#urlConfig = UrlConfig(wordList="%swordlist.txt" % POSHDIR) # Instantiate UrlConfig object - wordlist random url generator 
+#urlConfig = UrlConfig(wordList="%swordlist.txt" % POSHDIR) # Instantiate UrlConfig object - wordlist random url generator
 QuickCommand = urlConfig.fetchQCUrl()
 DownloadURI = urlConfig.fetchConnUrl()
 Sounds = "No"
@ -51,7 +51,6 @@ HTTPResponses = [
 ]
 ServerHeader = "Apache"
 Insecure = "[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}"
-UseTLSv1 = False

 # DO NOT CHANGE #
 FilesDirectory = "%sFiles/" % POSHDIR
--- a/Install.sh
+++ b/Install.sh
@ -8,7 +8,7 @@ echo """ __________            .__.     _________  ________
    |    |  (  <_> )___ \|   Y  \ \     \____/       \\
    |____|   \____/____  >___|  /  \______  /\_______ \\
                       \/     \/          \/         \/
-    ================= www.PoshC2.co.uk ================"""  
+    ================= www.PoshC2.co.uk ================"""
 echo ""
 echo ""
 echo "[+] Installing PoshC2"
@ -36,6 +36,12 @@ echo ""
 echo "[+] Installing requirements using apt"
 apt-get install -y screen python-setuptools python-dev build-essential python-pip mingw-w64-tools mingw-w64 mingw-w64-x86-64-dev mingw-w64-i686-dev mingw-w64-common espeak graphviz mono-devel

+# Setting the minimum protocol to TLS1.0 to allow the python server to support TLSv1.0+
+echo ""
+echo "[+] Updating TLS protocol minimum version in /etc/ssl/openssl.cnf"
+echo "[+] Backup file generated - /etc/ssl/openssl.cnf.bak"
+sed -i.bak 's/MinProtocol = TLSv1.2/MinProtocol = TLSv1.0/g' /etc/ssl/openssl.cnf
+
 # Check if PIP is installed, if not install it
 if [! which pip > /dev/null]; then
 	echo "[+] Installing pip as this was not found"
@ -60,7 +66,7 @@ echo """ __________            .__.     _________  ________
    |    |  (  <_> )___ \|   Y  \ \     \____/       \\
    |____|   \____/____  >___|  /  \______  /\_______ \\
                       \/     \/          \/         \/
-    ================= www.PoshC2.co.uk ================"""  
+    ================= www.PoshC2.co.uk ================"""
 echo ""
 echo "EDIT the config file: '/opt/PoshC2_Python/Config.py'"
 echo ""