Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support OpenSSL 3 #16818

Closed
adfoster-r7 opened this issue Jul 25, 2022 · 11 comments
Closed

Support OpenSSL 3 #16818

adfoster-r7 opened this issue Jul 25, 2022 · 11 comments
Labels
bug openssl3 Tracking issues related to OpenSSL 3's backwards breaking changes Stale Marks an issue as stale, to be closed if no action is taken

Comments

@adfoster-r7
Copy link
Contributor

adfoster-r7 commented Jul 25, 2022

Description

OpenSSL3 is now released which is not fully supported by Metasploit. Let's update our library dependencies and most popular modules to work with OpenSSL 3.

Steps to reproduce

Using stock Ubuntu 20.04 and Ruby 3.0.4

SMB Modules fail:

msf6 auxiliary(scanner/smb/smb_login) > run smb://admin:password123@192.168.123.154

[*] 192.168.123.154:445   - 192.168.123.154:445 - Starting SMB login bruteforce
[*] smb://admin:password123@192.168.123.154:445 - Error: 192.168.123.154: OpenSSL::Digest::DigestError Digest initialization failed: initialization error
[*] smb://admin:password123@192.168.123.154:445 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Older Ciphers crash, for instance when running vnc_login:

msf6 auxiliary(scanner/vnc/vnc_login) > run tcp://192.168.123.128:5902 password=password123

[*] 192.168.123.128:5902  - 192.168.123.128:5902 - Starting VNC login sweep
[*] tcp://192.168.123.128:5902:5900 - Error: 192.168.123.128: OpenSSL::Cipher::CipherError unsupported
[*] tcp://192.168.123.128:5902:5900 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Warnings on bootup:

bundle exec ruby ./msfconsole -q
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:10: warning: already initialized constant HrrRbSsh::Transport::EncryptionAlgorithm::BlowfishCbc::NAME
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:10: warning: previous definition of NAME was here
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:11: warning: already initialized constant HrrRbSsh::Transport::EncryptionAlgorithm::BlowfishCbc::PREFERENCE
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:11: warning: previous definition of PREFERENCE was here
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:12: warning: already initialized constant HrrRbSsh::Transport::EncryptionAlgorithm::BlowfishCbc::CIPHER_NAME
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:12: warning: previous definition of CIPHER_NAME was here
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:13: warning: already initialized constant HrrRbSsh::Transport::EncryptionAlgorithm::BlowfishCbc::BLOCK_SIZE
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:13: warning: previous definition of BLOCK_SIZE was here
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:10: warning: already initialized constant HrrRbSsh::Transport::EncryptionAlgorithm::BlowfishCbc::NAME
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:10: warning: previous definition of NAME was here
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:11: warning: already initialized constant HrrRbSsh::Transport::EncryptionAlgorithm::BlowfishCbc::PREFERENCE
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:11: warning: previous definition of PREFERENCE was here
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:12: warning: already initialized constant HrrRbSsh::Transport::EncryptionAlgorithm::BlowfishCbc::CIPHER_NAME
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:12: warning: previous definition of CIPHER_NAME was here
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:13: warning: already initialized constant HrrRbSsh::Transport::EncryptionAlgorithm::BlowfishCbc::BLOCK_SIZE
/var/lib/gems/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/encryption_algorithm/blowfish_cbc.rb:13: warning: previous definition of BLOCK_SIZE was here

Version/Install

The versions and install method of your Metasploit setup:

Collapse
Framework: 6.2.9-dev-4bbae96840
Ruby: ruby 3.0.2p107 (2021-07-07 revision 0db68f0233) [x86_64-linux-gnu]
OpenSSL: OpenSSL 3.0.2 15 Mar 2022
Install Root: /mnt/hgfs/metasploit-framework
Session Type: postgresql selected, no connection
Install Method: Git Clone
@h00die
Copy link
Contributor

h00die commented Jul 28, 2022

if you run tools/modules/module_references.rb -t cve it will load each module so you can test quickly if any more modules are broken. dnn_cookie_deserialization_rce.rb also throws an error through this method, or from console by doing use dnn_cookie_deserialization_rce.

@h00die
Copy link
Contributor

h00die commented Jul 29, 2022

Zerologon is also failing when trying to use it

@adfoster-r7
Copy link
Contributor Author

Thanks @h00die 👍

I've fixed all the modules that crash on bootup over here: #16800

I think that PR will also fix Zerologon - assuming it only fails on this line:

EMPTY_SHARED_SECRET = OpenSSL::Digest.digest('MD4', '')

@godylockz
Copy link

Is this part of this same issue?

msfconsole
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384.rb:11: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp384::NAME
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384.rb:11: warning: previous definition of NAME was here
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384.rb:12: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp384::PREFERENCE
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384.rb:12: warning: previous definition of PREFERENCE was here
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384.rb:13: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp384::IDENTIFIER
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384.rb:13: warning: previous definition of IDENTIFIER was here
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384.rb:11: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp384::NAME
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384.rb:11: warning: previous definition of NAME was here
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384.rb:12: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp384::PREFERENCE
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384.rb:12: warning: previous definition of PREFERENCE was here
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384.rb:13: warning: already initialized constant HrrRbSsh::Transport::ServerHostKeyAlgorithm::EcdsaSha2Nistp384::IDENTIFIER
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384.rb:13: warning: previous definition of IDENTIFIER was here

@adfoster-r7
Copy link
Contributor Author

@godylockz Yip - those are warnings related to OpenSSL 3 and can be ignored 👍

@YooShadow
Copy link

Good afternoon guys,

i am trying to run smb_login scanner but i am getting this error not sure what to do can you guys help??
image

@github-actions
Copy link

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

@github-actions github-actions bot added the Stale Marks an issue as stale, to be closed if no action is taken label Sep 23, 2022
@adfoster-r7 adfoster-r7 removed the Stale Marks an issue as stale, to be closed if no action is taken label Sep 23, 2022
@github-actions
Copy link

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

@github-actions github-actions bot added the Stale Marks an issue as stale, to be closed if no action is taken label Oct 24, 2022
@adfoster-r7
Copy link
Contributor Author

Will close this; Most of the main openssl 3 issues have been resolved now.

@hastalamuerte
Copy link

Will close this; Most of the main openssl 3 issues have been resolved now.

same errors on win warning: previous definition of NAME was here

@hastalamuerte
Copy link

C:/metasploit/apps/pro/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/connection/channel/channel_type/session.rb:13: warning: previous definition of NAME was here
C:/metasploit/apps/pro/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/connection/channel/channel_type/session.rb:13: warning: already initialized constant HrrRbSsh::Connection::Channel::ChannelType::Session::NAME
C:/metasploit/apps/pro/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/connection/channel/channel_type/session.rb:13: warning: previous definition of NAME was here
C:/metasploit/apps/pro/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/connection/channel/channel_type/session.rb:13: warning: already initialized constant HrrRbSsh::Connection::Channel::ChannelType::Session::NAME
C:/metasploit/apps/pro/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/connection/channel/channel_type/session.rb:13: warning: previous definition of NAME was here
C:/metasploit/apps/pro/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/connection/channel/channel_type/session.rb:13: warning: already initialized constant HrrRbSsh::Connection::Channel::ChannelType::Session::NAME
C:/metasploit/apps/pro/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/connection/channel/channel_type/session.rb:13: warning: previous definition of NAME was here
C:/metasploit/apps/pro/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/connection/channel/channel_type/session.rb:13: warning: already initialized constant HrrRbSsh::Connection::Channel::ChannelType::Session::NAME
C:/metasploit/apps/pro/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/connection/channel/channel_type/session.rb:13: warning: previous definition of NAME was here
C:/metasploit/apps/pro/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/connection/channel/channel_type/session.rb:13: warning: already initialized constant HrrRbSsh::Connection::Channel::ChannelType::Session::NAME
C:/metasploit/apps/pro/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/connection/channel/channel_type/session.rb:13: warning: previous definition of NAME was here
C:/metasploit/apps/pro/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/connection/channel/channel_type/session.rb:13: warning: already initialized constant HrrRbSsh::Connection::Channel::ChannelType::Session::NAME
C:/metasploit/apps/pro/vendor/bundle/ruby/3.0.0/gems/hrr_rb_ssh-0.4.2/lib/hrr_rb_ssh/connection/channel/channel_type/session.rb:13: warning: previous definition of NAME was here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug openssl3 Tracking issues related to OpenSSL 3's backwards breaking changes Stale Marks an issue as stale, to be closed if no action is taken
Projects
None yet
Development

No branches or pull requests

5 participants