92a9519fd9
Remove EOL spaces
2014-05-09 18:34:12 -05:00
8f6567967d
Heartbleed PostgreSQL TLS support improvements
2014-04-22 17:36:06 +02:00
fbe392a896
Add PostgreSQL TLS support to the Heartbleed scanner
2014-04-21 23:27:40 +02:00
2366f77226
Clean timeout handling code
2014-04-18 08:16:28 -05:00
e38f4cbfa0
Apply response_timeout to get_once, code cleanup
...
Add response_timeout to get_once
Change timeout output in establish_connect()
Add disconnect ater timeout output
Made establish_connect timeout check more readable
2014-04-18 07:57:33 -04:00
fab091ca88
Fix Action => DUMP
...
Fix for when Action is set to DUMP. Modifed the check to use action.name.
Console output:
msf auxiliary(openssl_heartbleed) > set action DUMP
action => DUMP
msf auxiliary(openssl_heartbleed) > run
[*] 192.168.1.3:443 - Sending Client Hello...
[*] 192.168.1.3:443 - Sending Heartbeat...
[*] 192.168.1.3:443 - Heartbeat response, 17403 bytes
[+] 192.168.1.3:443 - Heartbeat response with leak
[*] 192.168.1.3:443 - Heartbeat data stored in /root/.msf4/loot/20140418070745_default_192.168.1.3_openssl.heartble_135938.bin
[*] 192.168.1.3:443 - Printable info leaked: STUFF STUFF STUFF
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
2014-04-18 07:08:12 -04:00
1cf1616341
Rebase. Add timeout option support
...
Rebase to account for the KEYS merge.
Modify bleed() to work with timeout option.
Modify establish_connect() to work with timeout option.
Modify loot_and_report() to work with timeout option.
---Test Console Output---
Client Hello Timeout:
msf auxiliary(openssl_heartbleed) > run
[*] 127.0.0.1:443 - Sending Client Hello...
[-] 127.0.0.1:443 - No Client Hello response after 10 seconds...
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
Patched Apache:
msf auxiliary(openssl_heartbleed) > run
[*] 127.0.0.1:443 - Sending Client Hello...
[*] 127.0.0.1:443 - Sending Heartbeat...
[-] 127.0.0.1:443 - No Heartbeat response...
[-] 127.0.0.1:443 - Looks like there isn't leaked information...
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
Vulnerable Server:
msf auxiliary(openssl_heartbleed) > run
[*] 192.168.1.3:443 - Sending Client Hello...
[*] 192.168.1.3:443 - Sending Heartbeat...
[*] 192.168.1.3:443 - Heartbeat response, 17403 bytes
[+] 192.168.1.3:443 - Heartbeat response with leak
[*] 192.168.1.3:443 - Printable info leaked: STUFF STUFF STUFF
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
2014-04-18 07:04:05 -04:00
021ac53911
remove me
2014-04-18 07:03:36 -04:00
845108acf6
Looks like an autocorrect ran wild on TLS_CALLBACK
...
Whoops.
2014-04-17 17:47:47 -05:00
2aa2cb17f3
Reimplement a check.
2014-04-17 17:10:54 -05:00
d40ab039e4
Clean up whitespace. Protip: use commit hooks
2014-04-17 16:28:07 -05:00
c34d548e50
First, undo #3252 . Sorry about that.
...
undo #3252 completely. This means a reimplementation of @dchan's work,
but his intent was simply to implement a check_host() that doesn't
actually pull memory, so that should be pretty straight forward with the
new structure of the module.
2014-04-17 16:25:15 -05:00
e3daf6daf7
Singular 'TLS_CALLBACK' option
2014-04-17 15:51:37 -05:00
6c832e22d6
rename scan to loot_and_report
2014-04-17 15:47:57 -05:00
c12eae66b3
Error and return if public key wasn't retrieved.
2014-04-17 15:44:40 -05:00
578002e016
KEYS action gets it's own function
2014-04-17 15:39:05 -05:00
5b0b5d9476
Land #3252 , check() functionality for Heartbleed
2014-04-17 15:34:35 -05:00
a2d6c58374
Changing << to + per @jlee-r7
2014-04-17 15:34:13 -05:00
9f30976b83
Heartbleed RSA Keydump
...
Flattened, merge conflicts resolved, etc.
2014-04-17 14:30:47 -05:00
1f452aab48
Code cleanup
...
Changes requested by wvu-R7
2014-04-17 12:46:25 -05:00
9e2285619e
Additional cleanup
...
Whitespace cleanup
2014-04-17 10:46:33 -05:00
ee0d30a1f3
Whitespace fix
...
Removing extra line feeds
2014-04-16 17:27:39 -05:00
92eab6c54b
Attribution addition
...
Per comment from Firefart
2014-04-16 17:26:09 -05:00
1f3ec46b8a
Heartbleed - Add autodetection of XMPP hostname (round 2)
...
Add the ability to scrape the hostname from the XMPP error message when connecting to an XMPP (Jabber) server. This allows the connection to get far enough to negotiate a TLS tunnel with STARTTLS. The manually specified domain, if present, will be used first and then the hostname autodetection will kick in if that fails.
This version addresses issues that FireFart (Thanks!) brought up about code quality and connection reliability.
2014-04-16 08:49:45 -05:00
0360d1177f
Heartbleed - Add autodetection of XMPP hostname
...
Add the ability to scrape the hostname from the XMPP error message when connecting to an XMPP (Jabber) server. This allows the connection to get far enough to negotiate a TLS tunnel with STARTTLS. The manually specified domain, if present, will be used first and then the hostname autodetection will kick in if that fails.
2014-04-14 20:09:21 -05:00
1a73206034
Add detection for GnuTLS with with multiple records
2014-04-14 17:09:25 -07:00
634a03a852
Update to openssl_heartbleed to deal with SMTP RFC
...
Added CR character in order to have the commands match SMTP RFC 5321 2.3.8 for line termination. Some SMTP services, such as the Symantec Mail Gateway, require strict compliance or the connection will be dropped with the response '550 esmtp: protocol deviation'
Reference:
http://www.symantec.com/business/support/index?page=content&id=TECH96829
http://tools.ietf.org/html/rfc5321#section-2.3.8
2014-04-14 13:27:33 -05:00
6fafc10184
Add HeartBleed check functionality
2014-04-12 00:07:00 -07:00
a63f020a68
Fixing coding style
2014-04-11 19:39:57 +02:00
4acacb005d
Fixed a bug...referring to wrong variable after filtering with regexp
2014-04-11 19:33:23 +02:00
83fe1cec65
Cleaned up Array.join call
2014-04-11 19:24:32 +02:00
55ec969bd9
Renamed FILTER -> DUMPFILTER, more intuitive and coherent
2014-04-11 19:07:57 +02:00
8268009b36
Renamed PATTERN_FILTER -> FILTER
2014-04-11 19:03:25 +02:00
c378fe95c1
Added missing space in comment
2014-04-11 19:01:01 +02:00
f8f710547c
Fixed call to String.match with regexp pattern
2014-04-11 18:59:59 +02:00
638cb41a3f
Remove Spaces at EOL, fixed if test on pattern variable
2014-04-11 18:58:05 +02:00
34fa4e29d9
Restored FTP option
2014-04-11 18:16:19 +02:00
eb0e35bf25
Fixed store on file option
2014-04-11 18:07:14 +02:00
4315ad2987
Fixed conflict and used OptRegexp type for pattern
2014-04-11 17:15:39 +02:00
813e0eab89
Land #3233 , @wvu-r7's improvements fort heartbleed modules
2014-04-11 09:33:57 -05:00
e2ec53272e
Fix also negative numbers
2014-04-11 09:33:27 -05:00
fb5881d8e2
Land #2324 , @sensepost and @Firefart's sftp support for heartbleed
2014-04-11 08:47:22 -05:00
2134d676b4
Use verbose by default
2014-04-11 07:58:56 -05:00
6675464c20
Fix a few things in the Heartbleed modules
2014-04-10 16:06:40 -05:00
9adf629ee7
Added feature to dump to file leaked memory
2014-04-10 22:51:07 +02:00
f115a7f6e1
Fix intendation
2014-04-10 02:52:05 +02:00
f1443c039e
Updated hash value to SSLv3
...
Tested and working on server that has SSLv3 only enabled
2014-04-11 14:01:28 -07:00
6ab3478c7e
Update to include SSL Version 3 protocol
...
SSL Version 3 will also respond to this and a server configured to respond to SSL version 3 but not TLS will show false negative without this option (proven). May need to update cipher suites to include this option.
2014-04-11 12:41:17 -07:00
4fc272c0e9
Fix merge error
2014-04-10 00:53:14 +02:00
98816c3a01
Added @sensepost FTP implemenation
2014-04-10 00:48:09 +02:00
William Vu
Wiesław Kielas
jvazquez-r7
Zinterax
Tod Beardsley
Jeff Jarmoc
Tom Sellers
David Chan
David Chan
Sebastiano Di Paola
Christian Mehlmauer
gigstorm