-
Notifications
You must be signed in to change notification settings - Fork 14.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds RSA key extraction via Heartbleed #3268
Conversation
This enables passing rhost and rport directly to send_request_cgi without having to monkey with the datastore. See #8498
- [ ] Fire up tcpdump on the listening interface - [ ] Run the module and see the pcap: listening on vmnet8, link-type EN10MB (Ethernet), capture size 65535 bytes 20:56:02.592331 IP 192.168.145.1.41547 > 255.255.255.255.9: UDP, length 102
Works now. The rhost option was not keeping the custom vhost option. ```` msf auxiliary(shodan_search) > rexploit [*] Reloading module... [*] Total: 13443 on 269 pages. Showing: 1 [*] Country Statistics: [*] United States (US): 2006 [*] Germany (DE): 1787 [*] Korea, Republic of (KR): 1061 [*] Italy (IT): 916 [*] Hungary (HU): 604 [*] Collecting data, please WaitUntilAuthEmptyt... IP Results ========== ````
Verification: ```` resource (./a.rc)> run [*] Connecting to FTP server .... [*] FTP recv: "220 ProFTPD 1.3.3a Server (My FTP server) [*] Connected to target FTP server. [*] Authenticating as anonymous with password mozilla@example.com... [*] FTP send: "USER anonymous\r\n" [*] FTP recv: "331 Anonymous login ok, send your complete email address as your password\r\n" ```` ...etc.
There are three total, and they're all copy-pasted from the original module from 2009. I suspect this idiom isn't used at all any more -- I can't detect a difference in the payload if I just declare a host being cli.peerhost, rather than rewriting RHOST to be cli.peerhost. [SeeRM #8498]
We dont know if a DOMAIN or IP is specified etc.
Conflicts: lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb
[FixRM #8489] rhost/rport modification
Lots of refactoring too.
Awesome work! I hope I will find some time during this week to test this |
Thanks for the kind words, @firefart and for getting the msf module in gear in the first place! One note to hopefully head off what I'm sure will be a FAQ; The private key extracted might not match the legit privatekey's PEM bytewise. It depends on the order factors are stored, and whether optional params such as CRT constants are included or not. However, it will be a valid private key for the retrieved public, and that's what matters... |
Your MODE option sounds like it should be an |
In my Apache it seems that you don't need so much lucky. After every reboot, you get the key on first attempt. And after running 20.000 POST requests with Content-Length: 35260, it continues leaking the key (first attempt), but after more or less 30.000 it starts needing more attempts. When 40.000, is not leaking the key (at least with more than 100 hundred attempts). |
Ok I tried it over night --> No result after ~7000 tries. |
What about changing |
Having options be specific to an action is something I've thought about in the past. Unfortunately, it would require major re-work of the options system. |
That seems like a good idea @jlee-r7. I had considered it, but I wasn't sure if the I was also trying to minimize changes to other functions of the module, in the interest of making it easier to review and land. |
Hi @jjarmoc I just merged another PR for this module and now there are merge conflicts on this PR (I think the authors). Can you please rebase your PR and fix the conflicts? |
Hmm.. I'm trying. Rebase shows the merge conflict, but I don't see an easy way to identify exactly what's conflicting, beyond the fact that it's this file (obviously.) |
Maybe git diff filename. Not sure if that will give you exactly what's conflicting, but will at least show the differences of course -Josh
|
One of the options for store loot decides what to do when there's a collision. Can't remember the name (am in the dr office ATM) but it's well doc'd -Josh
|
Lots of refactoring too.
Also changes the TLS_CALLBACKS Enum, per egyp7's request.
Conflicts: modules/auxiliary/scanner/ssl/openssl_heartbleed.rb
Uhh yah... that sort of worked. My branch is resolved, but the PR seems to have picked up all the intermediate commits as well. Is that going to pose a problem in landing it? |
Ok this PR is now **** up. Would you mind creating a new branch, add the changes and submit a new PR? You can create a patch from this branch with some git-diff magic and apply it on the new branch. |
See #3274 If we land that one, this one can just be closed out... |
Closing, see other PR for ongoing discussion and merge |
Hi jjarmoc, first of all thank you for that wonderful plugin, unfortunately I am unsuccesful , Please advice me where I am doing wrong. detailes below
Also tried SslV3 TLS 1.2 & 1.0 but no success yet... |
additionally I receive response and all of them are 64k
|
@gozubuyukoglu dumping keys can take a while and maybe needs some tries. Some time ago I tried the module against the hacking lab server and it worked. I ran a script in the background to generate some traffic on the server like |
nod @firefart pretty much nails it. You may need more than the 50 tries you're configured for (like, as many as several thousand) and/or might need to send other requests to the server to get it to move memory around, etc. Finding keys in memory isn't entirely deterministic - it depends on the values being there which requires some degree of stars aligning. Also, commenting on a close pull for help probably isn't appropriate. You may want to jump in #metasploit on freenode or open an issue or something in the future. |
I only have the scan option. Instead of Name Description KEYS Recover private keys from memory it gives me SCAN, and no KEYS. |
@varkum19: Please submit an issue if you have a bug report. You are using |
@wvu-r7: thanks! I figured that problem out. Now, when I try "run," it scans for private keys but fails, stating that I should increase max_keytries or heartbeat length. I am not sure what I can do. |
This pull adds the ability to retrieve Private Keys from memory. There's also significant refactoring, mostly splitting things into functions to allow for better reuse.
msftidy comes back clean.
I've tested this against my own vulnerable nginx box (set up similar to https://news.ycombinator.com/item?id=7577659), and it works well with 1024 and 2048 bit keys. After restart it gets the key every time. Under light load it takes a little longer, as expected. I also used this on www.cloudflarechallenge.com successfully (see https://gist.github.com/jjarmoc/10890697)
Some new options are added. Notably;
MODE is an Enum that determines how the module operates. Choices are:
In KEYS mode, two new options are used;
Some caveats: