Land #6012, Use SSLVerifyMode and SSLCipher from the Exploit::Remote::Tcp

2015-10-02 15:27:47 -05:00 · 2015-10-02 15:27:47 -05:00 · 2445c1fa32
parent 5a7ac8c29a 40cb13609a
commit 2445c1fa32
2 changed files with 28 additions and 11 deletions
--- a/lib/msf/core/exploit/tcp.rb
+++ b/lib/msf/core/exploit/tcp.rb
@ -64,7 +64,7 @@ module Exploit::Remote::Tcp
    register_advanced_options(
      [
        OptBool.new('SSL',        [ false, 'Negotiate SSL for outgoing connections', false]),
-        OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL that should be used', 'TLS1', ['SSL2', 'SSL3', 'TLS1']]),
+        OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL/TLS to be used (TLS and SSL23 are auto-negotiate)', 'TLS1', ['SSL2', 'SSL3', 'SSL23', 'TLS', 'TLS1', 'TLS1.1', 'TLS1.2']]),
        OptEnum.new('SSLVerifyMode',  [ false, 'SSL verification method', 'PEER', %W{CLIENT_ONCE FAIL_IF_NO_PEER_CERT NONE PEER}]),
        OptString.new('SSLCipher',    [ false, 'String for SSL cipher - "DHE-RSA-AES256-SHA" or "ADH"']),
        Opt::Proxies,
@ -100,15 +100,17 @@ module Exploit::Remote::Tcp
    end

    nsock = Rex::Socket::Tcp.create(
-      'PeerHost'   =>  opts['RHOST'] || rhost,
-      'PeerPort'   => (opts['RPORT'] || rport).to_i,
-      'LocalHost'  =>  opts['CHOST'] || chost || "0.0.0.0",
-      'LocalPort'  => (opts['CPORT'] || cport || 0).to_i,
-      'SSL'        =>  dossl,
-      'SSLVersion' =>  opts['SSLVersion'] || ssl_version,
-      'Proxies'    => proxies,
-      'Timeout'    => (opts['ConnectTimeout'] || connect_timeout || 10).to_i,
-      'Context'    =>
+      'PeerHost'      =>  opts['RHOST'] || rhost,
+      'PeerPort'      => (opts['RPORT'] || rport).to_i,
+      'LocalHost'     =>  opts['CHOST'] || chost || "0.0.0.0",
+      'LocalPort'     => (opts['CPORT'] || cport || 0).to_i,
+      'SSL'           =>  dossl,
+      'SSLVersion'    =>  opts['SSLVersion'] || ssl_version,
+      'SSLVerifyMode' =>  opts['SSLVerifyMode'] || ssl_verify_mode,
+      'SSLCipher'     =>  opts['SSLCipher'] || ssl_cipher,
+      'Proxies'       => proxies,
+      'Timeout'       => (opts['ConnectTimeout'] || connect_timeout || 10).to_i,
+      'Context'       =>
        {
          'Msf'        => framework,
          'MsfExploit' => self,
@ -269,6 +271,20 @@ module Exploit::Remote::Tcp
    datastore['ConnectTimeout']
  end

+  #
+  # Returns the SSL certification verification mechanism
+  #
+  def ssl_verify_mode
+    datastore['SSLVerifyMode']
+  end
+
+  #
+  # Returns the SSL cipher to use for the context
+  #
+  def ssl_cipher
+    datastore['SSLCipher']
+  end
+
 protected

  attr_accessor :sock
--- a/lib/rex/socket/ssl_tcp.rb
+++ b/lib/rex/socket/ssl_tcp.rb
@ -64,7 +64,8 @@ begin
      case params.ssl_version
      when 'SSL2', :SSLv2
        version = :SSLv2
-      when 'SSL23', :SSLv23
+      # 'TLS' will be the new name for autonegotation with newer versions of OpenSSL
+      when 'SSL23', :SSLv23, 'TLS'
        version = :SSLv23
      when 'SSL3', :SSLv3
        version = :SSLv3