Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

RDP lib: lower SSL security level for compatibility with certain Win7 #12286

Merged
merged 3 commits into from Sep 10, 2019

Conversation

@cnotin
Copy link
Contributor

commented Sep 6, 2019

I use the auxiliary/scanner/rdp/cve_2019_0708_bluekeep against a Windows 7 Pro x64 that received many updates, up to 2017 but none since (lab machine 馃槈). But I get this:

msf5 auxiliary(scanner/rdp/cve_2019_0708_bluekeep) > run

[*] 192.168.56.130:3389   - Verifying RDP protocol...
[*] 192.168.56.130:3389   - Attempting to connect using TLS security
[-] 192.168.56.130:3389   - Connection reset
[*] 192.168.56.130:3389   - The target service is running, but could not be validated.
[*] 192.168.56.130:3389   - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Wireshark shows that the RDP server resets (RST) the connection after getting the ClientHello:
image

At first I thought it was again a TLS version issue (cf. #12214) but the ClientHello accepts everything from TLS 1.0 to 1.3 so not the issue here...
Then I remembered the current situation with Debian (and Kali) hardening the default values for OpenSSL security level in /etc/ssl/openssl.cnf:

[system_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT@SECLEVEL=2

So I decided to comment everything and it worked better! The only difference I see in the ClientHello is the proposed signature algorithms:

  • doesn't work with (20 algo):
    image

  • works with: (23 algos):
    image

And indeed if my understanding (actually, guessing) of TLS is correct. When it works then the server (ServerHello) selects rsa_pkcs1_sha1 which is indeed among the missing algorithms in the list that doesn't work:
image

By using the security_level option of Ruby OpenSSL, I manage to lower the OS default security level and obtain the same list of signature algorithms and finally a working scanner!
I would have preferred to only change the list of signature algorithms, instead of the entire security level, however the SSL_CTX_set1_sigalgs doesn't seem exposed by Ruby OpenSSL.

Verification

List the steps needed to make sure this thing works

@cnotin cnotin changed the title RDP lib: lower SSL security level for compatibility with stock Win7 RDP lib: lower SSL security level for compatibility with certain Win7 Sep 6, 2019

@sempervictus

This comment has been minimized.

Copy link
Contributor

commented Sep 7, 2019

Thank you for the PR and anlysis.
This sort of thing might be best exposed as an advanced datastore option in the mixn (RDP_SSL_SECURITY_LEVEL) defaulting to the most compatible, but permitting adjustment as needed by consumers of the mixin.

@cnotin

This comment has been minimized.

Copy link
Contributor Author

commented Sep 7, 2019

Here it is! First time creating an option, so I expect a thorough review :)

Error message in verbose mode:

msf5 auxiliary(scanner/rdp/cve_2019_0708_bluekeep) > set verbose true
verbose => true
msf5 auxiliary(scanner/rdp/cve_2019_0708_bluekeep) > run

[*] 192.168.56.130:3389   - Verifying RDP protocol...
[*] 192.168.56.130:3389   - Attempting to connect using TLS security
[-] 192.168.56.130:3389   - Retry with advanced option RDP_TLS_SECURITY_LEVEL=0
[-] 192.168.56.130:3389   - Connection reset
[*] 192.168.56.130:3389   - The target service is running, but could not be validated.
[*] 192.168.56.130:3389   - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

I set the option and it works:

msf5 auxiliary(scanner/rdp/cve_2019_0708_bluekeep) > set RDP_TLS_SECURITY_LEVEL 0
RDP_TLS_SECURITY_LEVEL => 0
msf5 auxiliary(scanner/rdp/cve_2019_0708_bluekeep) > run

[*] 192.168.56.130:3389   - Verifying RDP protocol...
[*] 192.168.56.130:3389   - Attempting to connect using TLS security
[*] 192.168.56.130:3389   - Sending erect domain request
[*] 192.168.56.130:3389   - Sending client info PDU
[*] 192.168.56.130:3389   - Received License packet
[*] 192.168.56.130:3389   - Waiting for Server Demand packet
[*] 192.168.56.130:3389   - Received Server Demand packet
[*] 192.168.56.130:3389   - Sending client confirm active PDU
[*] 192.168.56.130:3389   - Sending client synchronize PDU
[*] 192.168.56.130:3389   - Sending client control cooperate PDU
[*] 192.168.56.130:3389   - Sending client control request control PDU
[*] 192.168.56.130:3389   - Sending client input sychronize PDU
[*] 192.168.56.130:3389   - Sending client font list PDU
[*] 192.168.56.130:3389   - Sending patch check payloads
[+] 192.168.56.130:3389   - The target is vulnerable.
[*] 192.168.56.130:3389   - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
@sempervictus

This comment has been minimized.

Copy link
Contributor

commented Sep 7, 2019

Excellent, thanks.
The data store opts get a third argument in the array for the default value. Just set to zero, make it a required option (first element in the array becomes true), and drop the nil check

@cnotin

This comment has been minimized.

Copy link
Contributor Author

commented Sep 7, 2019

Oh you want the default to be the less secure (but the most compatible), while the advanced option allows to improve the security. I had the opposite in mind, just a sec :)

@sempervictus

This comment has been minimized.

Copy link
Contributor

commented Sep 7, 2019

Awesome, thanks. LGTM, pulling in for testing

@busterb busterb self-assigned this Sep 9, 2019

busterb added a commit that referenced this pull request Sep 10, 2019

@busterb busterb merged commit 579ea56 into rapid7:master Sep 10, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@busterb

This comment has been minimized.

Copy link
Member

commented Sep 10, 2019

Looks good to me, thanks @cnotin

@busterb

This comment has been minimized.

Copy link
Member

commented Sep 10, 2019

Release Notes

This updates the RDP protocol library to use a lower, configurable SSL security level to enable protocol negotiation with older targets.

msjenkins-r7 added a commit that referenced this pull request Sep 10, 2019

@cnotin cnotin deleted the cnotin:patch-3 branch Sep 11, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can鈥檛 perform that action at this time.