-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a secure
command to renegotiate TLV encryption
#11965
Conversation
This gives us the ability to force TLV encryption if for some reason it's not already in place, and it means we can renegotiate a new key on the fly if we want to.
Looks like this works fine for
EDIT: it appears after poking at it a little bit that in PHP Meterpreter if the new symetric key is the same as the old key the renegotiation works as expected. |
@OJ Created rapid7/metasploit-payloads#351 to make PHP meterpreter compatible. Once that lands I think this is good to go. |
Wow, good find! |
Landed :) |
Release NotesThe |
This gives us the ability to force TLV encryption if for some reason it's not already in place, and it means
we can renegotiate a new key on the fly if we want to. This PR just puts the user in the drivers seat, but down the track my aim would be to periodically change keys automatically. The aim is just to make things harder to keep track of.
I have had cases where initial sessions kick off and TLV encryption doesn't happen, and other cases where stageless sessions don't end up with encryption enabled. So this is a means for us to drive it from the UI in those cases. Hopefully I'll get to the bottom of those edge cases soon.
This isn't hugely mind blowing :) But it's a thing that I know I'll use!
Verification
List the steps needed to make sure this thing works
msfconsole
secure
into the console.