Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix #18326 (ssl_version module bug when selecting specific ssl version) #18327

Merged
merged 1 commit into from Sep 8, 2023
Merged

fix #18326 (ssl_version module bug when selecting specific ssl version) #18327

merged 1 commit into from Sep 8, 2023

Conversation

h00die
Copy link
Contributor

@h00die h00die commented Aug 28, 2023

fix #18326

Functions within the ssl_version module expected get_metasploit_ssl_versions to give a list/array, however if the user selected an individual ssl version, it returned a string. This fixes that.

@mzach99 feel free to give this a try and let me know if it fixes the problem

Verification

  • Start msfconsole
  • use auxiliary/scanner/ssl/ssl_version
  • set rhost [ip]
  • run
  • Verify it runs (defaults to All)
  • set SSLVersion TLSv1.0
  • run
  • Verify it no longer crashes

@mzach99
Copy link

mzach99 commented Sep 5, 2023

I tested this locally and it worked for me! Thanks for the quick fix @h00die

One thing I noticed is that the output is much more verbose for TLSv1.2 than for any other SSL version. Is there a reason for that?

@h00die
Copy link
Contributor Author

h00die commented Sep 5, 2023

Without seeing output, the best guess I can say is that the amount of ciphers available to Metasploit (through ruby, through openssl) is substantially more in TLS1.2 than others. I found that on my Kali system when I was overhauling the module

@mzach99
Copy link

mzach99 commented Sep 6, 2023

Gotcha, that makes sense 👍

@sjanusz-r7
Copy link
Contributor

The error is fixed.

Before:

msf6 auxiliary(scanner/ssl/ssl_version) > run rhosts=google.com sslversion=TLSv1.0

[-] google.com:443        - Auxiliary failed: NoMethodError undefined method `map' for "TLSv1.0":String
Did you mean?  tap
[-] google.com:443        - Call stack:
[-] google.com:443        -   /Users/sjanusz/Programming/metasploit-framework/modules/auxiliary/scanner/ssl/ssl_version.rb:445:in `run_host'
[-] google.com:443        -   /Users/sjanusz/Programming/metasploit-framework/lib/msf/core/auxiliary/scanner.rb:124:in `block (2 levels) in run'
[-] google.com:443        -   /Users/sjanusz/Programming/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn'
[*] Auxiliary module execution completed

msf6 auxiliary(scanner/ssl/ssl_version) > run rhosts=google.com sslversion=TLSv1.2

[-] google.com:443        - Auxiliary failed: NoMethodError undefined method `map' for "TLSv1.2":String
Did you mean?  tap
[-] google.com:443        - Call stack:
[-] google.com:443        -   /Users/sjanusz/Programming/metasploit-framework/modules/auxiliary/scanner/ssl/ssl_version.rb:445:in `run_host'
[-] google.com:443        -   /Users/sjanusz/Programming/metasploit-framework/lib/msf/core/auxiliary/scanner.rb:124:in `block (2 levels) in run'
[-] google.com:443        -   /Users/sjanusz/Programming/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn'
[*] Auxiliary module execution completed

msf6 auxiliary(scanner/ssl/ssl_version) > run rhosts=google.com sslversion=TLSv1.3

[-] google.com:443        - Auxiliary failed: NoMethodError undefined method `map' for "TLSv1.3":String
Did you mean?  tap
[-] google.com:443        - Call stack:
[-] google.com:443        -   /Users/sjanusz/Programming/metasploit-framework/modules/auxiliary/scanner/ssl/ssl_version.rb:445:in `run_host'
[-] google.com:443        -   /Users/sjanusz/Programming/metasploit-framework/lib/msf/core/auxiliary/scanner.rb:124:in `block (2 levels) in run'
[-] google.com:443        -   /Users/sjanusz/Programming/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn'
[*] Auxiliary module execution completed

msf6 auxiliary(scanner/ssl/ssl_version) > run rhosts=google.com sslversion=All

[+] 142.250.200.14:443    - Connected with SSL Version: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384
[+] 142.250.200.14:443    - Certificate saved to loot: /Users/sjanusz/.msf4/loot/20230908121305_default_142.250.200.14_ssl.certificate_480132.txt
[*] 142.250.200.14:443    - Certificate Information:
[*] 142.250.200.14:443    -     Subject: /CN=*.google.com
[*] 142.250.200.14:443    -     Issuer: /C=US/O=Google Trust Services LLC/CN=GTS CA 1C3
[*] 142.250.200.14:443    -     Signature Alg: sha256WithRSAEncryption
[*] 142.250.200.14:443    -     Public Key Size: 2048 bits
[*] 142.250.200.14:443    -     Not Valid Before: 2023-08-14 08:16:28 UTC
[*] 142.250.200.14:443    -     Not Valid After: 2023-11-06 08:16:27 UTC
[*] 142.250.200.14:443    -     CA Issuer: http://pki.goog/repo/certs/gts1c3.der
[*] 142.250.200.14:443    -     Has common name *.google.com
[+] 142.250.200.14:443    - Connected with SSL Version: TLSv1.2, Cipher: ECDHE-RSA-CHACHA20-POLY1305
[+] 142.250.200.14:443    - Connected with SSL Version: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256
[+] 142.250.200.14:443    - Connected with SSL Version: TLSv1.2, Cipher: AES256-GCM-SHA384
[+] 142.250.200.14:443    - Connected with SSL Version: TLSv1.2, Cipher: AES128-GCM-SHA256
[*] google.com:443        - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

After:

msf6 auxiliary(scanner/ssl/ssl_version) > run rhosts=google.com sslversion=TLSv1.0

[*] google.com:443        - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

msf6 auxiliary(scanner/ssl/ssl_version) > run rhosts=google.com sslversion=TLSv1.2

[+] 142.250.200.14:443    - Connected with SSL Version: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384
[+] 142.250.200.14:443    - Certificate saved to loot: /Users/sjanusz/.msf4/loot/20230908121636_default_142.250.200.14_ssl.certificate_945963.txt
[*] 142.250.200.14:443    - Certificate Information:
[*] 142.250.200.14:443    -     Subject: /CN=*.google.com
[*] 142.250.200.14:443    -     Issuer: /C=US/O=Google Trust Services LLC/CN=GTS CA 1C3
[*] 142.250.200.14:443    -     Signature Alg: sha256WithRSAEncryption
[*] 142.250.200.14:443    -     Public Key Size: 2048 bits
[*] 142.250.200.14:443    -     Not Valid Before: 2023-08-14 08:16:28 UTC
[*] 142.250.200.14:443    -     Not Valid After: 2023-11-06 08:16:27 UTC
[*] 142.250.200.14:443    -     CA Issuer: http://pki.goog/repo/certs/gts1c3.der
[*] 142.250.200.14:443    -     Has common name *.google.com
[+] 142.250.200.14:443    - Connected with SSL Version: TLSv1.2, Cipher: ECDHE-RSA-CHACHA20-POLY1305
[+] 142.250.200.14:443    - Connected with SSL Version: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256
[+] 142.250.200.14:443    - Connected with SSL Version: TLSv1.2, Cipher: AES256-GCM-SHA384
[+] 142.250.200.14:443    - Connected with SSL Version: TLSv1.2, Cipher: AES128-GCM-SHA256
[*] google.com:443        - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

msf6 auxiliary(scanner/ssl/ssl_version) > run rhosts=google.com sslversion=TLSv1.3

[*] google.com:443        - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

msf6 auxiliary(scanner/ssl/ssl_version) > run rhosts=google.com sslversion=All

[+] 142.250.200.14:443    - Connected with SSL Version: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384
[+] 142.250.200.14:443    - Certificate saved to loot: /Users/sjanusz/.msf4/loot/20230908121646_default_142.250.200.14_ssl.certificate_193837.txt
[*] 142.250.200.14:443    - Certificate Information:
[*] 142.250.200.14:443    -     Subject: /CN=*.google.com
[*] 142.250.200.14:443    -     Issuer: /C=US/O=Google Trust Services LLC/CN=GTS CA 1C3
[*] 142.250.200.14:443    -     Signature Alg: sha256WithRSAEncryption
[*] 142.250.200.14:443    -     Public Key Size: 2048 bits
[*] 142.250.200.14:443    -     Not Valid Before: 2023-08-14 08:16:28 UTC
[*] 142.250.200.14:443    -     Not Valid After: 2023-11-06 08:16:27 UTC
[*] 142.250.200.14:443    -     CA Issuer: http://pki.goog/repo/certs/gts1c3.der
[*] 142.250.200.14:443    -     Has common name *.google.com
[+] 142.250.200.14:443    - Connected with SSL Version: TLSv1.2, Cipher: ECDHE-RSA-CHACHA20-POLY1305
[+] 142.250.200.14:443    - Connected with SSL Version: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256
[+] 142.250.200.14:443    - Connected with SSL Version: TLSv1.2, Cipher: AES256-GCM-SHA384
[+] 142.250.200.14:443    - Connected with SSL Version: TLSv1.2, Cipher: AES128-GCM-SHA256
[*] google.com:443        - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

@sjanusz-r7 sjanusz-r7 merged commit 5e8d009 into rapid7:master Sep 8, 2023
34 checks passed
@sjanusz-r7 sjanusz-r7 added the rn-enhancement release notes enhancement label Sep 8, 2023
@sjanusz-r7
Copy link
Contributor

Release Notes

Fixes an issue where specifying a TLS version in the ssl_version module would result in a NoMethodError.

@h00die h00die deleted the fix_18326 branch September 8, 2023 23:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adfoster-r7 adfoster-r7 adfoster-r7 left review comments

Assignees

@sjanusz-r7 sjanusz-r7

Labels
rn-enhancement release notes enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ssl_version auxiliary module fails when SSLVersion is set to anything other than All
4 participants
@h00die @mzach99 @sjanusz-r7 @adfoster-r7