Land #6646, add SSL SNI and unify SSLVersion opts
commit
05f585157d
|
@ -44,7 +44,7 @@ module Auxiliary::HttpCrawler
|
||||||
OptString.new('BasicAuthPass', [false, 'The HTTP password to specify for basic authentication']),
|
OptString.new('BasicAuthPass', [false, 'The HTTP password to specify for basic authentication']),
|
||||||
OptString.new('HTTPAdditionalHeaders', [false, "A list of additional headers to send (separated by \\x01)"]),
|
OptString.new('HTTPAdditionalHeaders', [false, "A list of additional headers to send (separated by \\x01)"]),
|
||||||
OptString.new('HTTPCookie', [false, "A HTTP cookie header to send with each request"]),
|
OptString.new('HTTPCookie', [false, "A HTTP cookie header to send with each request"]),
|
||||||
OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL that should be used', 'Auto', ['Auto', 'SSL2', 'SSL23', 'SSL3', 'TLS1']]),
|
Opt::SSLVersion
|
||||||
], self.class
|
], self.class
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -50,7 +50,7 @@ module Exploit::Remote::HttpClient
|
||||||
OptString.new('USERNAME', [false, 'The HTTP username to specify for authentication', '']),
|
OptString.new('USERNAME', [false, 'The HTTP username to specify for authentication', '']),
|
||||||
OptString.new('PASSWORD', [false, 'The HTTP password to specify for authentication', '']),
|
OptString.new('PASSWORD', [false, 'The HTTP password to specify for authentication', '']),
|
||||||
OptBool.new('DigestAuthIIS', [false, 'Conform to IIS, should work for most servers. Only set to false for non-IIS servers', true]),
|
OptBool.new('DigestAuthIIS', [false, 'Conform to IIS, should work for most servers. Only set to false for non-IIS servers', true]),
|
||||||
OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL that should be used', 'Auto', ['Auto', 'SSL2', 'SSL3', 'TLS1']]),
|
Opt::SSLVersion,
|
||||||
OptBool.new('FingerprintCheck', [ false, 'Conduct a pre-exploit fingerprint verification', true]),
|
OptBool.new('FingerprintCheck', [ false, 'Conduct a pre-exploit fingerprint verification', true]),
|
||||||
OptString.new('DOMAIN', [ true, 'The domain to use for windows authentification', 'WORKSTATION']),
|
OptString.new('DOMAIN', [ true, 'The domain to use for windows authentification', 'WORKSTATION']),
|
||||||
OptInt.new('HttpClientTimeout', [false, 'HTTP connection and receive timeout'])
|
OptInt.new('HttpClientTimeout', [false, 'HTTP connection and receive timeout'])
|
||||||
|
|
|
@ -64,7 +64,7 @@ module Exploit::Remote::Tcp
|
||||||
register_advanced_options(
|
register_advanced_options(
|
||||||
[
|
[
|
||||||
OptBool.new('SSL', [ false, 'Negotiate SSL/TLS for outgoing connections', false]),
|
OptBool.new('SSL', [ false, 'Negotiate SSL/TLS for outgoing connections', false]),
|
||||||
OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL/TLS to be used (TLS and SSL23 are auto-negotiate)', 'TLS1', ['SSL2', 'SSL3', 'SSL23', 'TLS', 'TLS1', 'TLS1.1', 'TLS1.2']]),
|
Opt::SSLVersion,
|
||||||
OptEnum.new('SSLVerifyMode', [ false, 'SSL verification method', 'PEER', %W{CLIENT_ONCE FAIL_IF_NO_PEER_CERT NONE PEER}]),
|
OptEnum.new('SSLVerifyMode', [ false, 'SSL verification method', 'PEER', %W{CLIENT_ONCE FAIL_IF_NO_PEER_CERT NONE PEER}]),
|
||||||
OptString.new('SSLCipher', [ false, 'String for SSL cipher - "DHE-RSA-AES256-SHA" or "ADH"']),
|
OptString.new('SSLCipher', [ false, 'String for SSL cipher - "DHE-RSA-AES256-SHA" or "ADH"']),
|
||||||
Opt::Proxies,
|
Opt::Proxies,
|
||||||
|
|
|
@ -19,7 +19,6 @@ module Exploit::Remote::TcpServer
|
||||||
[
|
[
|
||||||
OptBool.new('SSL', [ false, 'Negotiate SSL for incoming connections', false]),
|
OptBool.new('SSL', [ false, 'Negotiate SSL for incoming connections', false]),
|
||||||
# SSLVersion is currently unsupported for TCP servers (only supported by clients at the moment)
|
# SSLVersion is currently unsupported for TCP servers (only supported by clients at the moment)
|
||||||
# OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL that should be used', 'TLS1', ['SSL2', 'SSL3', 'TLS1']]),
|
|
||||||
OptPath.new('SSLCert', [ false, 'Path to a custom SSL certificate (default is randomly generated)']),
|
OptPath.new('SSLCert', [ false, 'Path to a custom SSL certificate (default is randomly generated)']),
|
||||||
OptAddress.new('SRVHOST', [ true, "The local host to listen on. This must be an address on the local machine or 0.0.0.0", '0.0.0.0' ]),
|
OptAddress.new('SRVHOST', [ true, "The local host to listen on. This must be an address on the local machine or 0.0.0.0", '0.0.0.0' ]),
|
||||||
OptPort.new('SRVPORT', [ true, "The local port to listen on.", 8080 ]),
|
OptPort.new('SRVPORT', [ true, "The local port to listen on.", 8080 ]),
|
||||||
|
|
|
@ -51,6 +51,13 @@ module Msf
|
||||||
Msf::OptPort.new(__method__.to_s, [ required, desc, default ])
|
Msf::OptPort.new(__method__.to_s, [ required, desc, default ])
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# @return [OptEnum]
|
||||||
|
def self.SSLVersion
|
||||||
|
Msf::OptEnum.new('SSLVersion', [ false,
|
||||||
|
'Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate)', 'Auto',
|
||||||
|
['Auto', 'SSL2', 'SSL3', 'SSL23', 'TLS', 'TLS1', 'TLS1.1', 'TLS1.2']])
|
||||||
|
end
|
||||||
|
|
||||||
# These are unused but remain for historical reasons
|
# These are unused but remain for historical reasons
|
||||||
class << self
|
class << self
|
||||||
alias builtin_chost CHOST
|
alias builtin_chost CHOST
|
||||||
|
@ -69,6 +76,7 @@ module Msf
|
||||||
Proxies = Proxies()
|
Proxies = Proxies()
|
||||||
RHOST = RHOST()
|
RHOST = RHOST()
|
||||||
RPORT = RPORT()
|
RPORT = RPORT()
|
||||||
|
SSLVersion = SSLVersion()
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -65,7 +65,7 @@ begin
|
||||||
when 'SSL2', :SSLv2
|
when 'SSL2', :SSLv2
|
||||||
version = :SSLv2
|
version = :SSLv2
|
||||||
# 'TLS' will be the new name for autonegotation with newer versions of OpenSSL
|
# 'TLS' will be the new name for autonegotation with newer versions of OpenSSL
|
||||||
when 'SSL23', :SSLv23, 'TLS'
|
when 'SSL23', :SSLv23, 'TLS', 'Auto'
|
||||||
version = :SSLv23
|
version = :SSLv23
|
||||||
when 'SSL3', :SSLv3
|
when 'SSL3', :SSLv3
|
||||||
version = :SSLv3
|
version = :SSLv3
|
||||||
|
@ -124,6 +124,11 @@ begin
|
||||||
# Tie the context to a socket
|
# Tie the context to a socket
|
||||||
self.sslsock = OpenSSL::SSL::SSLSocket.new(self, self.sslctx)
|
self.sslsock = OpenSSL::SSL::SSLSocket.new(self, self.sslctx)
|
||||||
|
|
||||||
|
# If peerhost looks like a hostname, set the undocumented 'hostname'
|
||||||
|
# attribute on sslsock, which enables the Server Name Indication (SNI)
|
||||||
|
# extension
|
||||||
|
self.sslsock.hostname = self.peerhost if !Rex::Socket.dotted_ip?(self.peerhost)
|
||||||
|
|
||||||
# Force a negotiation timeout
|
# Force a negotiation timeout
|
||||||
begin
|
begin
|
||||||
Timeout.timeout(params.timeout) do
|
Timeout.timeout(params.timeout) do
|
||||||
|
|
|
@ -37,7 +37,6 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
'DefaultOptions' =>
|
'DefaultOptions' =>
|
||||||
{
|
{
|
||||||
'SSL' => true,
|
'SSL' => true,
|
||||||
'SSLVersion' => 'TLS1',
|
|
||||||
'RPORT' => 443
|
'RPORT' => 443
|
||||||
}
|
}
|
||||||
))
|
))
|
||||||
|
|
|
@ -32,7 +32,6 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
'License' => MSF_LICENSE,
|
'License' => MSF_LICENSE,
|
||||||
'DefaultOptions' =>
|
'DefaultOptions' =>
|
||||||
{
|
{
|
||||||
'SSLVersion' => 'TLS1',
|
|
||||||
'SSL' => true
|
'SSL' => true
|
||||||
}
|
}
|
||||||
))
|
))
|
||||||
|
|
|
@ -31,7 +31,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
|
|
||||||
name = name.to_s.camelize(:lower)
|
name = name.to_s.camelize(:lower)
|
||||||
uri = api_path + name
|
uri = api_path + name
|
||||||
cli = Rex::Proto::Http::Client.new(api_host, api_port, {}, true, 'TLS1')
|
cli = Rex::Proto::Http::Client.new(api_host, api_port, {}, true, 'TLS')
|
||||||
cli.connect
|
cli.connect
|
||||||
req = cli.request_cgi({
|
req = cli.request_cgi({
|
||||||
'uri' => uri,
|
'uri' => uri,
|
||||||
|
@ -430,7 +430,6 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
{
|
{
|
||||||
'RPORT' => 443,
|
'RPORT' => 443,
|
||||||
'SSL' => true,
|
'SSL' => true,
|
||||||
'SSLVersion' => 'TLS1'
|
|
||||||
}
|
}
|
||||||
))
|
))
|
||||||
register_options(
|
register_options(
|
||||||
|
|
|
@ -30,7 +30,6 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
'DefaultOptions' =>
|
'DefaultOptions' =>
|
||||||
{
|
{
|
||||||
'SSL' => true,
|
'SSL' => true,
|
||||||
'SSLVersion' => 'TLS1'
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -26,7 +26,6 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
'DefaultOptions' =>
|
'DefaultOptions' =>
|
||||||
{
|
{
|
||||||
'SSL' => true,
|
'SSL' => true,
|
||||||
'SSLVersion' => 'TLS1',
|
|
||||||
'RPORT' => 443
|
'RPORT' => 443
|
||||||
}
|
}
|
||||||
))
|
))
|
||||||
|
|
|
@ -30,7 +30,6 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
{
|
{
|
||||||
'SSL' => true,
|
'SSL' => true,
|
||||||
'RPORT' => 443,
|
'RPORT' => 443,
|
||||||
'SSLVersion' => 'SSL3'
|
|
||||||
},
|
},
|
||||||
'References' =>
|
'References' =>
|
||||||
[
|
[
|
||||||
|
@ -43,7 +42,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
|
|
||||||
register_options(
|
register_options(
|
||||||
[
|
[
|
||||||
OptEnum.new('SSLVersion', [true, 'Specify the version of SSL that should be used', 'SSL3', ['SSL2', 'SSL3', 'TLS1']])
|
Opt::SSLVersion
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -26,7 +26,6 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
{
|
{
|
||||||
'RPORT' => 443,
|
'RPORT' => 443,
|
||||||
'SSL' => true,
|
'SSL' => true,
|
||||||
'SSLVersion' => 'TLS1'
|
|
||||||
}
|
}
|
||||||
))
|
))
|
||||||
end
|
end
|
||||||
|
|
|
@ -25,7 +25,6 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
'DefaultOptions' =>
|
'DefaultOptions' =>
|
||||||
{
|
{
|
||||||
'SSL' => true,
|
'SSL' => true,
|
||||||
'SSLVersion' => 'TLS1'
|
|
||||||
}
|
}
|
||||||
))
|
))
|
||||||
register_options(
|
register_options(
|
||||||
|
|
|
@ -47,7 +47,6 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||||
'DefaultOptions' => {
|
'DefaultOptions' => {
|
||||||
'RPORT' => 443,
|
'RPORT' => 443,
|
||||||
'SSL' => true,
|
'SSL' => true,
|
||||||
'SSLVersion' => 'TLS1'
|
|
||||||
},
|
},
|
||||||
'Platform' => ['unix'],
|
'Platform' => ['unix'],
|
||||||
'Arch' => ARCH_CMD,
|
'Arch' => ARCH_CMD,
|
||||||
|
|
|
@ -35,7 +35,6 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||||
'DefaultOptions' =>
|
'DefaultOptions' =>
|
||||||
{
|
{
|
||||||
'SSL' => true,
|
'SSL' => true,
|
||||||
'SSLVersion' => 'SSL3',
|
|
||||||
'PrependMigrate' => true
|
'PrependMigrate' => true
|
||||||
},
|
},
|
||||||
'Payload' =>
|
'Payload' =>
|
||||||
|
|
|
@ -37,7 +37,6 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||||
{
|
{
|
||||||
'EXITFUNC' => 'seh',
|
'EXITFUNC' => 'seh',
|
||||||
'SSL' => true,
|
'SSL' => true,
|
||||||
'SSLVersion' => 'SSL3'
|
|
||||||
},
|
},
|
||||||
'Payload' =>
|
'Payload' =>
|
||||||
{
|
{
|
||||||
|
|
|
@ -38,7 +38,6 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||||
'DefaultOptions' =>
|
'DefaultOptions' =>
|
||||||
{
|
{
|
||||||
'SSL' => true,
|
'SSL' => true,
|
||||||
'SSLVersion' => 'TLS1'
|
|
||||||
},
|
},
|
||||||
'Payload' =>
|
'Payload' =>
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue