From 4a9ef30e9e3c7da1ccf320b746e0ebba940243bd Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Mon, 28 Sep 2015 10:31:17 -0500 Subject: [PATCH 1/2] Use SSLVerifyMode and SSLCipher from the Exploit::Remote::Tcp mixin --- lib/msf/core/exploit/tcp.rb | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/lib/msf/core/exploit/tcp.rb b/lib/msf/core/exploit/tcp.rb index dcdb44bb33..e26e1cc5c5 100644 --- a/lib/msf/core/exploit/tcp.rb +++ b/lib/msf/core/exploit/tcp.rb @@ -100,15 +100,17 @@ module Exploit::Remote::Tcp end nsock = Rex::Socket::Tcp.create( - 'PeerHost' => opts['RHOST'] || rhost, - 'PeerPort' => (opts['RPORT'] || rport).to_i, - 'LocalHost' => opts['CHOST'] || chost || "0.0.0.0", - 'LocalPort' => (opts['CPORT'] || cport || 0).to_i, - 'SSL' => dossl, - 'SSLVersion' => opts['SSLVersion'] || ssl_version, - 'Proxies' => proxies, - 'Timeout' => (opts['ConnectTimeout'] || connect_timeout || 10).to_i, - 'Context' => + 'PeerHost' => opts['RHOST'] || rhost, + 'PeerPort' => (opts['RPORT'] || rport).to_i, + 'LocalHost' => opts['CHOST'] || chost || "0.0.0.0", + 'LocalPort' => (opts['CPORT'] || cport || 0).to_i, + 'SSL' => dossl, + 'SSLVersion' => opts['SSLVersion'] || ssl_version, + 'SSLVerifyMode' => opts['SSLVerifyMode'] || ssl_verify_mode, + 'SSLCipher' => opts['SSLCipher'] || ssl_cipher, + 'Proxies' => proxies, + 'Timeout' => (opts['ConnectTimeout'] || connect_timeout || 10).to_i, + 'Context' => { 'Msf' => framework, 'MsfExploit' => self, @@ -269,6 +271,20 @@ module Exploit::Remote::Tcp datastore['ConnectTimeout'] end + # + # Returns the SSL certification verification mechanism + # + def ssl_verify_mode + datastore['SSLVerifyMode'] + end + + # + # Returns the SSL cipher to use for the context + # + def ssl_cipher + datastore['SSLCipher'] + end + protected attr_accessor :sock From 40cb13609a0060ecf33c8ab2aaa22b3d4edb079c Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Fri, 2 Oct 2015 15:26:49 -0500 Subject: [PATCH 2/2] update SSLVersion to support all options for rex TCP sockets, add 'TLS' alias --- lib/msf/core/exploit/tcp.rb | 2 +- lib/rex/socket/ssl_tcp.rb | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/msf/core/exploit/tcp.rb b/lib/msf/core/exploit/tcp.rb index e26e1cc5c5..13c0a7f6ac 100644 --- a/lib/msf/core/exploit/tcp.rb +++ b/lib/msf/core/exploit/tcp.rb @@ -64,7 +64,7 @@ module Exploit::Remote::Tcp register_advanced_options( [ OptBool.new('SSL', [ false, 'Negotiate SSL for outgoing connections', false]), - OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL that should be used', 'TLS1', ['SSL2', 'SSL3', 'TLS1']]), + OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL/TLS to be used (TLS and SSL23 are auto-negotiate)', 'TLS1', ['SSL2', 'SSL3', 'SSL23', 'TLS', 'TLS1', 'TLS1.1', 'TLS1.2']]), OptEnum.new('SSLVerifyMode', [ false, 'SSL verification method', 'PEER', %W{CLIENT_ONCE FAIL_IF_NO_PEER_CERT NONE PEER}]), OptString.new('SSLCipher', [ false, 'String for SSL cipher - "DHE-RSA-AES256-SHA" or "ADH"']), Opt::Proxies, diff --git a/lib/rex/socket/ssl_tcp.rb b/lib/rex/socket/ssl_tcp.rb index ca92f0852a..6539330307 100644 --- a/lib/rex/socket/ssl_tcp.rb +++ b/lib/rex/socket/ssl_tcp.rb @@ -64,7 +64,8 @@ begin case params.ssl_version when 'SSL2', :SSLv2 version = :SSLv2 - when 'SSL23', :SSLv23 + # 'TLS' will be the new name for autonegotation with newer versions of OpenSSL + when 'SSL23', :SSLv23, 'TLS' version = :SSLv23 when 'SSL3', :SSLv3 version = :SSLv3