-
Notifications
You must be signed in to change notification settings - Fork 14.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for OpenSSL 3 #16800
Add support for OpenSSL 3 #16800
Conversation
@@ -44,7 +44,7 @@ def build_as_pa_time_stamp(opts = {}) | |||
time_stamp = opts[:time_stamp] || Time.now | |||
pausec = opts[:pausec] || 0 | |||
etype = opts[:etype] || Rex::Proto::Kerberos::Crypto::RC4_HMAC | |||
key = opts[:key] || '' | |||
key = opts[:key] || OpenSSL::Random.random_bytes(16) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OpenSSL 3 throws errors on invalid keys
Gemfile
Outdated
gem 'openssl-ccm', github: 'adfoster-r7/openssl-ccm', branch: 'add-support-openssl-3' | ||
gem 'openssl-cmac', github: 'adfoster-r7/openssl-cmac', branch: 'add-support-for-openssl3' | ||
gem 'metasploit-credential', github: 'adfoster-r7/metasploit-credential', branch: 'add-support-for-openssl3' | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These custom forks will either need to be shipped by the maintainers, or we'll have to temporarily move them under the Rapid7 Github account until they're merged upstream and officially available in RubyGems
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These are all landed now, apart from hrr_rb_ssh
@msjenkins-r7 retest this please |
f3d6eb5
to
c7e8912
Compare
|
||
return key | ||
key = OpenSSL::PKey::RSA.new(asn1.to_der) | ||
key |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've also added additional documentation on running heartbleed with docker
This code path is triggered via:
msf6 auxiliary(scanner/ssl/openssl_heartbleed) > run 192.168.123.128 rport=8443 verbose=true action=KEYS
[*] 192.168.123.128:8443 - Sending Client Hello...
[*] 192.168.123.128:8443 - SSL record #1:
[*] 192.168.123.128:8443 - Type: 22
[*] 192.168.123.128:8443 - Version: 0x0301
[*] 192.168.123.128:8443 ... etc ...
[+] 192.168.123.128:8443 - Found factor at offset d297
[+] 192.168.123.128:8443 - 2022-07-21 14:55:50 UTC - Got the private key
[*] 192.168.123.128:8443 - -----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAxjgB/cs7Hg3X+LPIL3Sgtq3Kf17D0dsF9FD2zz3z/pn7d4kq
YvJhPgM4gFGcP+EkLmMa7cEZyOy1e0egIOsC0pKIjd77bP+CaffznkTdjlbZ9o34
MJjj7BDsG0LO2ErT+lmsY5p3T6nNs+eFTbpEZub5Uq0LmJgi8jTAdeXO/QIOEdeF
tMCdh/oOClDhPjw3ZH1WSzRekiSxU7LcVbridfmeUjds5iu5SM7Shd47LlZcnncU
P6W6Kc2qLscOuvfOrlv48wakTbyjM/UV/6L2wT+lz2UbyOlXQkle9bEmDyf0bmhW
Id8YgJQb+C5WjjuuzQN5AAwrJnRtw2Mx86YzLQIDAQABAoIBAF/+G6jG1RhW5/J/
TkD9IB+Xxmss.... etc...
[*] 192.168.123.128:8443 - Private key stored in /home/a/.msf4/loot/20220721155550_default_192.168.123.128_openssl.heartble_546413.txt
[*] 192.168.123.128:8443 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
c7e8912
to
51c735a
Compare
dh.generate_key! | ||
|
||
shared_key = dh.compute_key(dh_peer.pub_key) | ||
# OpenSSL 3.0+ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code path triggered via vnc_login module and connecting to an apple VNC server. I added a user to a mac that has permissions to log in, as well as going into Mac's sharing menu, enabling Screen Sharing
and granting access to the new test_user
account
msf6 auxiliary(scanner/vnc/vnc_login) > run 192.168.123.1 username=test_user password=p4$$w0rd1
[*] 192.168.123.1:5900 - 192.168.123.1:5900 - Starting VNC login sweep
[!] 192.168.123.1:5900 - No active DB -- Credential data will not be saved!
[+] 192.168.123.1:5900 - 192.168.123.1:5900 - Login Successful: test_user:p4$$w0rd1
[*] 192.168.123.1:5900 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
51c735a
to
23d0d33
Compare
@msjenkins-r7 retest this please |
23d0d33
to
f65119b
Compare
@@ -234,7 +234,7 @@ GEM | |||
activemodel (~> 6.0) | |||
activesupport (~> 6.0) | |||
railties (~> 6.0) | |||
metasploit-credential (5.0.7) | |||
metasploit-credential (5.0.8) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Adds support for OpenSSL3 rapid7/metasploit-credential#163
openssl-ccm (1.2.2) | ||
openssl-cmac (2.0.1) | ||
openssl-ccm (1.2.3) | ||
openssl-cmac (2.0.2) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Adds support for openssl 3 SmallLars/openssl-cmac#5
@@ -287,8 +287,8 @@ GEM | |||
octokit (4.25.1) | |||
faraday (>= 1, < 3) | |||
sawyer (~> 0.9) | |||
openssl-ccm (1.2.2) | |||
openssl-cmac (2.0.1) | |||
openssl-ccm (1.2.3) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Adds support for openssl 3 SmallLars/openssl-ccm#10
@@ -429,7 +429,7 @@ GEM | |||
ruby-progressbar (1.11.0) | |||
ruby-rc4 (0.1.5) | |||
ruby2_keywords (0.0.5) | |||
ruby_smb (3.1.6) | |||
ruby_smb (3.1.7) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Adds support for openssl 3 rapid7/ruby_smb#234
Release NotesThis adds support for OpenSSL 3 compatibility with legacy ciphers. |
cc @sbrun for visibility 👍 This fixes a lot of the OpenSSL 3 issues with Metasploit on Kali, especially the SMB modules such as |
Relates to #16818
Updates metasploit-framework to work with OpenSSL 3.0. Let's also run Ubuntu 22.04 in our test matrix, to catch any OpenSSL v3 regression issues
Verification