Zinterax
e38f4cbfa0
Apply response_timeout to get_once, code cleanup
...
Add response_timeout to get_once
Change timeout output in establish_connect()
Add disconnect ater timeout output
Made establish_connect timeout check more readable
2014-04-18 07:57:33 -04:00
Zinterax
fab091ca88
Fix Action => DUMP
...
Fix for when Action is set to DUMP. Modifed the check to use action.name.
Console output:
msf auxiliary(openssl_heartbleed) > set action DUMP
action => DUMP
msf auxiliary(openssl_heartbleed) > run
[*] 192.168.1.3:443 - Sending Client Hello...
[*] 192.168.1.3:443 - Sending Heartbeat...
[*] 192.168.1.3:443 - Heartbeat response, 17403 bytes
[+] 192.168.1.3:443 - Heartbeat response with leak
[*] 192.168.1.3:443 - Heartbeat data stored in /root/.msf4/loot/20140418070745_default_192.168.1.3_openssl.heartble_135938.bin
[*] 192.168.1.3:443 - Printable info leaked: STUFF STUFF STUFF
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
2014-04-18 07:08:12 -04:00
Zinterax
1cf1616341
Rebase. Add timeout option support
...
Rebase to account for the KEYS merge.
Modify bleed() to work with timeout option.
Modify establish_connect() to work with timeout option.
Modify loot_and_report() to work with timeout option.
---Test Console Output---
Client Hello Timeout:
msf auxiliary(openssl_heartbleed) > run
[*] 127.0.0.1:443 - Sending Client Hello...
[-] 127.0.0.1:443 - No Client Hello response after 10 seconds...
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
Patched Apache:
msf auxiliary(openssl_heartbleed) > run
[*] 127.0.0.1:443 - Sending Client Hello...
[*] 127.0.0.1:443 - Sending Heartbeat...
[-] 127.0.0.1:443 - No Heartbeat response...
[-] 127.0.0.1:443 - Looks like there isn't leaked information...
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
Vulnerable Server:
msf auxiliary(openssl_heartbleed) > run
[*] 192.168.1.3:443 - Sending Client Hello...
[*] 192.168.1.3:443 - Sending Heartbeat...
[*] 192.168.1.3:443 - Heartbeat response, 17403 bytes
[+] 192.168.1.3:443 - Heartbeat response with leak
[*] 192.168.1.3:443 - Printable info leaked: STUFF STUFF STUFF
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
2014-04-18 07:04:05 -04:00
Zinterax
021ac53911
remove me
2014-04-18 07:03:36 -04:00
Tod Beardsley
845108acf6
Looks like an autocorrect ran wild on TLS_CALLBACK
...
Whoops.
2014-04-17 17:47:47 -05:00
Tod Beardsley
2aa2cb17f3
Reimplement a check.
2014-04-17 17:10:54 -05:00
Tod Beardsley
d40ab039e4
Clean up whitespace. Protip: use commit hooks
2014-04-17 16:28:07 -05:00
Tod Beardsley
c34d548e50
First, undo #3252 . Sorry about that.
...
undo #3252 completely. This means a reimplementation of @dchan's work,
but his intent was simply to implement a check_host() that doesn't
actually pull memory, so that should be pretty straight forward with the
new structure of the module.
2014-04-17 16:25:15 -05:00
Jeff Jarmoc
e3daf6daf7
Singular 'TLS_CALLBACK' option
2014-04-17 15:51:37 -05:00
Jeff Jarmoc
6c832e22d6
rename scan to loot_and_report
2014-04-17 15:47:57 -05:00
Jeff Jarmoc
c12eae66b3
Error and return if public key wasn't retrieved.
2014-04-17 15:44:40 -05:00
Jeff Jarmoc
578002e016
KEYS action gets it's own function
2014-04-17 15:39:05 -05:00
Tod Beardsley
5b0b5d9476
Land #3252 , check() functionality for Heartbleed
2014-04-17 15:34:35 -05:00
Tod Beardsley
a2d6c58374
Changing << to + per @jlee-r7
2014-04-17 15:34:13 -05:00
Jeff Jarmoc
9f30976b83
Heartbleed RSA Keydump
...
Flattened, merge conflicts resolved, etc.
2014-04-17 14:30:47 -05:00
Christian Mehlmauer
71a650fe6e
Land #3259 , XMPP Hostname autodetect by @TomSellers
2014-04-17 08:54:15 +02:00
Tom Sellers
1f452aab48
Code cleanup
...
Changes requested by wvu-R7
2014-04-17 12:46:25 -05:00
Tom Sellers
9e2285619e
Additional cleanup
...
Whitespace cleanup
2014-04-17 10:46:33 -05:00
Tom Sellers
ee0d30a1f3
Whitespace fix
...
Removing extra line feeds
2014-04-16 17:27:39 -05:00
Tom Sellers
92eab6c54b
Attribution addition
...
Per comment from Firefart
2014-04-16 17:26:09 -05:00
Tom Sellers
1f3ec46b8a
Heartbleed - Add autodetection of XMPP hostname (round 2)
...
Add the ability to scrape the hostname from the XMPP error message when connecting to an XMPP (Jabber) server. This allows the connection to get far enough to negotiate a TLS tunnel with STARTTLS. The manually specified domain, if present, will be used first and then the hostname autodetection will kick in if that fails.
This version addresses issues that FireFart (Thanks!) brought up about code quality and connection reliability.
2014-04-16 08:49:45 -05:00
sinn3r
7a4e12976c
First little bit at Bug 8498
...
[FixRM #8489 ] rhost/rport modification
2014-04-15 18:20:16 -05:00
Tod Beardsley
9db01770ec
Add custom rhost/rport, remove editorializing desc
...
Verification:
````
resource (./a.rc)> run
[*] Connecting to FTP server ....
[*] FTP recv: "220 ProFTPD 1.3.3a Server (My FTP server)
[*] Connected to target FTP server.
[*] Authenticating as anonymous with password mozilla@example.com...
[*] FTP send: "USER anonymous\r\n"
[*] FTP recv: "331 Anonymous login ok, send your complete email address
as your password\r\n"
````
...etc.
2014-04-14 21:46:05 -05:00
Tom Sellers
0360d1177f
Heartbleed - Add autodetection of XMPP hostname
...
Add the ability to scrape the hostname from the XMPP error message when connecting to an XMPP (Jabber) server. This allows the connection to get far enough to negotiate a TLS tunnel with STARTTLS. The manually specified domain, if present, will be used first and then the hostname autodetection will kick in if that fails.
2014-04-14 20:09:21 -05:00
David Chan
1a73206034
Add detection for GnuTLS with with multiple records
2014-04-14 17:09:25 -07:00
Tom Sellers
634a03a852
Update to openssl_heartbleed to deal with SMTP RFC
...
Added CR character in order to have the commands match SMTP RFC 5321 2.3.8 for line termination. Some SMTP services, such as the Symantec Mail Gateway, require strict compliance or the connection will be dropped with the response '550 esmtp: protocol deviation'
Reference:
http://www.symantec.com/business/support/index?page=content&id=TECH96829
http://tools.ietf.org/html/rfc5321#section-2.3.8
2014-04-14 13:27:33 -05:00
David Chan
6fafc10184
Add HeartBleed check functionality
2014-04-12 00:07:00 -07:00
Sebastiano Di Paola
a63f020a68
Fixing coding style
2014-04-11 19:39:57 +02:00
Sebastiano Di Paola
4acacb005d
Fixed a bug...referring to wrong variable after filtering with regexp
2014-04-11 19:33:23 +02:00
Sebastiano Di Paola
83fe1cec65
Cleaned up Array.join call
2014-04-11 19:24:32 +02:00
Sebastiano Di Paola
55ec969bd9
Renamed FILTER -> DUMPFILTER, more intuitive and coherent
2014-04-11 19:07:57 +02:00
Sebastiano Di Paola
8268009b36
Renamed PATTERN_FILTER -> FILTER
2014-04-11 19:03:25 +02:00
Sebastiano Di Paola
c378fe95c1
Added missing space in comment
2014-04-11 19:01:01 +02:00
Sebastiano Di Paola
f8f710547c
Fixed call to String.match with regexp pattern
2014-04-11 18:59:59 +02:00
Sebastiano Di Paola
638cb41a3f
Remove Spaces at EOL, fixed if test on pattern variable
2014-04-11 18:58:05 +02:00
Sebastiano Di Paola
34fa4e29d9
Restored FTP option
2014-04-11 18:16:19 +02:00
Sebastiano Di Paola
eb0e35bf25
Fixed store on file option
2014-04-11 18:07:14 +02:00
Sebastiano Di Paola
4315ad2987
Fixed conflict and used OptRegexp type for pattern
2014-04-11 17:15:39 +02:00
jvazquez-r7
813e0eab89
Land #3233 , @wvu-r7's improvements fort heartbleed modules
2014-04-11 09:33:57 -05:00
jvazquez-r7
e2ec53272e
Fix also negative numbers
2014-04-11 09:33:27 -05:00
jvazquez-r7
fb5881d8e2
Land #2324 , @sensepost and @Firefart's sftp support for heartbleed
2014-04-11 08:47:22 -05:00
jvazquez-r7
2134d676b4
Use verbose by default
2014-04-11 07:58:56 -05:00
William Vu
6675464c20
Fix a few things in the Heartbleed modules
2014-04-10 16:06:40 -05:00
Sebastiano Di Paola
9adf629ee7
Added feature to dump to file leaked memory
2014-04-10 22:51:07 +02:00
Christian Mehlmauer
f115a7f6e1
Fix intendation
2014-04-10 02:52:05 +02:00
gigstorm
f1443c039e
Updated hash value to SSLv3
...
Tested and working on server that has SSLv3 only enabled
2014-04-11 14:01:28 -07:00
gigstorm
6ab3478c7e
Update to include SSL Version 3 protocol
...
SSL Version 3 will also respond to this and a server configured to respond to SSL version 3 but not TLS will show false negative without this option (proven). May need to update cipher suites to include this option.
2014-04-11 12:41:17 -07:00
Christian Mehlmauer
4fc272c0e9
Fix merge error
2014-04-10 00:53:14 +02:00
Christian Mehlmauer
98816c3a01
Added @sensepost FTP implemenation
2014-04-10 00:48:09 +02:00
singe
ccfcf2cedb
Added FTP STARTTLS support to heartbleed scanner.
2014-04-10 00:45:59 +02:00