Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a `secure` command to renegotiate TLV encryption #11965

Merged
merged 1 commit into from Jun 13, 2019

Conversation

Projects
None yet
5 participants
@OJ
Copy link
Contributor

commented Jun 10, 2019

This gives us the ability to force TLV encryption if for some reason it's not already in place, and it means
we can renegotiate a new key on the fly if we want to. This PR just puts the user in the drivers seat, but down the track my aim would be to periodically change keys automatically. The aim is just to make things harder to keep track of.

I have had cases where initial sessions kick off and TLV encryption doesn't happen, and other cases where stageless sessions don't end up with encryption enabled. So this is a means for us to drive it from the UI in those cases. Hopefully I'll get to the bottom of those edge cases soon.

This isn't hugely mind blowing :) But it's a thing that I know I'll use!

Verification

List the steps needed to make sure this thing works

  • Start msfconsole
  • create a new encryption-supported meterpreter session (Windows is my go to, but we should try it on a few)
  • Type secure into the console.
  • Verify that you receive a success message.
Add a `secure` command to renegotiate TLV encryption
This gives us the ability to force TLV encryption if for some reason
it's not already in place, and it means we can renegotiate a new key on
the fly if we want to.

@acammack-r7 acammack-r7 self-assigned this Jun 12, 2019

@acammack-r7

This comment has been minimized.

Copy link
Contributor

commented Jun 12, 2019

Looks like this works fine for mettle, but causes PHP Meterpreter to hang:

meterpreter > secure
[*] Negotiating new encryption key ...
[-] Error running command secure: Rex::TimeoutError Operation timed out.

EDIT: it appears after poking at it a little bit that in PHP Meterpreter if the new symetric key is the same as the old key the renegotiation works as expected.
EDIT 2: ok, looks like the encryption flag needed to be cleared, PHP meterp PR incoming

@acammack-r7 acammack-r7 referenced this pull request Jun 12, 2019

Merged

Let PHP Meterpreter renegotiate CryptTLV #351

9 of 9 tasks complete
@acammack-r7

This comment has been minimized.

Copy link
Contributor

commented Jun 12, 2019

@OJ Created rapid7/metasploit-payloads#351 to make PHP meterpreter compatible. Once that lands I think this is good to go.

@wvu-r7

This comment has been minimized.

Copy link
Contributor

commented Jun 12, 2019

Wow, good find!

@OJ

This comment has been minimized.

Copy link
Contributor Author

commented Jun 12, 2019

Landed :)

@acammack-r7 acammack-r7 merged commit 0e0edeb into rapid7:master Jun 13, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

acammack-r7 added a commit that referenced this pull request Jun 13, 2019

Land #11965, Add `secure` Meterpreter command
The command will force or renegotiate TLV encryption on the for the
current session.

msjenkins-r7 added a commit that referenced this pull request Jun 13, 2019

Land #11965, Add `secure` Meterpreter command
The command will force or renegotiate TLV encryption on the for the
current session.
@acammack-r7

This comment has been minimized.

Copy link
Contributor

commented Jun 13, 2019

Release Notes

The secure Meterpreter renegotiates the session symmetric key for per-TLV encryption or will attempt to set up per-TLV encryption if it is not present.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.