infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #4247 - Auto-generated SSL certs now match "snakeoil" defaults

bug/bundler_fix
sinn3r 2014-11-22 13:36:06 -06:00
parent 3ac1f7d4fb ba9c763f7e
commit b34ddbdfff
No known key found for this signature in database
GPG Key ID: 2384DB4EF06F730B
1 changed files with 16 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
lib/rex/socket/ssl_tcp_server.rb
View File

@ -138,44 +138,31 @@ module Rex::Socket::SslTcpServer
#
# Generate a realistic-looking but obstensibly fake SSL
# certificate.
# certificate. This matches a typical "snakeoil" cert.
#
# @return [String, String, Array]
def self.ssl_generate_certificate
key = OpenSSL::PKey::RSA.new(1024){ }
yr = 24*3600*365
vf = Time.at(Time.now.to_i - rand(yr * 3) - yr)
vt = Time.at(vf.to_i + (10 * yr))
cn = Rex::Text.rand_text_alpha_lower(rand(8)+2)
key = OpenSSL::PKey::RSA.new(2048){ }
cert = OpenSSL::X509::Certificate.new
cert.version = 2
cert.serial = rand(0xFFFFFFFF)
subject = OpenSSL::X509::Name.new([
["C","US"],
['ST', Rex::Text.rand_state()],
["L", Rex::Text.rand_text_alpha(rand(20) + 10)],
["O", Rex::Text.rand_text_alpha(rand(20) + 10)],
["CN", Rex::Text.rand_hostname],
])
issuer = OpenSSL::X509::Name.new([
["C","US"],
['ST', Rex::Text.rand_state()],
["L", Rex::Text.rand_text_alpha(rand(20) + 10)],
["O", Rex::Text.rand_text_alpha(rand(20) + 10)],
["CN", Rex::Text.rand_hostname],
])
cert.subject = subject
cert.issuer = issuer
cert.not_before = Time.now - (3600 * 365)
cert.not_after = Time.now + (3600 * 365)
cert.version = 2
cert.serial = (rand(0xFFFFFFFF) << 32) + rand(0xFFFFFFFF)
cert.subject = OpenSSL::X509::Name.new([["CN", cn]])
cert.issuer = OpenSSL::X509::Name.new([["CN", cn]])
cert.not_before = vf
cert.not_after = vt
cert.public_key = key.public_key
ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)
cert.extensions = [
ef.create_extension("basicConstraints","CA:FALSE"),
ef.create_extension("subjectKeyIdentifier","hash"),
ef.create_extension("extendedKeyUsage","serverAuth"),
ef.create_extension("keyUsage","keyEncipherment,dataEncipherment,digitalSignature")
ef.create_extension("basicConstraints","CA:FALSE")
]
ef.issuer_certificate = cert
cert.add_extension ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")
cert.sign(key, OpenSSL::Digest::SHA1.new)
cert.sign(key, OpenSSL::Digest::SHA256.new)
[key, cert, nil]
end