nmap ssl-ccs-injection脚本解析
1. 代码分析
1.1 require
nmap:与Nmap内部接口。
shortport:建立短portrules的函数
stdnse:标准的Nmap脚本引擎功能。 该模块包含各种方便的功能,这些模块功能太小而无法证明自己。
table:将输出排列成表格。
vulns:漏洞管理功能。
tls
1.2 description
1.2.1 CCS Injection vulnerability(CVE-2014-0224)
How I discovered CCS Injection Vulnerability (CVE-2014-0224)
1.2.2 脚本流程
脚本发送一个失序的ChangeCipherSpec信息,检查服务器是否返回UNEXPECTED_MESSAGE警告字段。 由于未修复该漏洞的服务器只会接受此消息,因此CCS数据包将发送两次,以强制服务器发出警报。 如果警报类型与“UNEXPECTED_MESSAGE”不同,我们可以得出结论,服务器容易受影响。
1.3 function test_ccs_injection
1.3.1 向目标服务器发送Client Hello
s:send(hello)
检测发送状态,若失败返回错误信息Couldn't send Client Hello: err,err为s:send返回的err信息。
1.3.2 读取回复
-- 判断是否是提示超时
tls.record_buffer(s, response, i)
tls.record_read(response, i)
-- 循环record
-- 判断record.type == “handshake"
-- 判断body.type == "server_hello_done"
stdnse.debug1("Handshake completed (%s)", version)
1.3.3 重复发送change_cipher_spec
change_cipher_spec消息
ccs = tls.record_write("change_cipher_spec", version, "\x01")
发送第一个ccs消息
s:send(ccs)
发送第二个ccs消息
s:send(ccs)
读取警告信息
vulnerable = alert_unexpected_message(s)
1.4 function alert_unexpected_message(s)
buffer = tls.record_buffer(s, buffer, 1)
record = tls.record_read(buffer, 1)
if record.type ~= "alert" then
-- VULNERABLE 标记,预期中的alert record
return true,true
end
for _, body in ipairs(record.body) do
if body.level == "fatal" and body.description == "unexpected_message" then
return true,false
end
end
1.5 action = function(host, port)
对tls.PROTOCOLS迭代
local vulnerable, err = test_ccs_injection(host, port, tls_version)
2. 检测
2.1 对自建易受攻击环境的检测
客户端执行nmap:
renz@ubuntuserver17:~$ nmap -p 443 --script ssl-ccs-injection 192.168.80.211
Starting Nmap 7.50 ( https://nmap.org ) at 2018-06-08 11:52 CST
Nmap scan report for 192.168.80.211
Host is up (0.00042s latency).
PORT STATE SERVICE
443/tcp open https
| ssl-ccs-injection:
| VULNERABLE:
| SSL/TLS MITM vulnerability (CCS Injection)
| State: VULNERABLE
| Risk factor: High
| OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h
| does not properly restrict processing of ChangeCipherSpec messages,
| which allows man-in-the-middle attackers to trigger use of a zero
| length master key in certain OpenSSL-to-OpenSSL communications, and
| consequently hijack sessions or obtain sensitive information, via
| a crafted TLS handshake, aka the "CCS Injection" vulnerability.
|
| References:
| http://www.openssl.org/news/secadv_20140605.txt
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
|_ http://www.cvedetails.com/cve/2014-0224
Nmap done: 1 IP address (1 host up) scanned in 0.26 seconds
客户端抓包:ssldump -i eth0:
...
10 2 0.0019 (0.0015) S>C Handshake
ServerHello
Version 3.1
session_id[32]=
b6 d5 f5 96 08 bc c0 6c 1c 31 5b df 34 11 e5 60
d4 61 d1 da f1 c3 78 b4 d1 64 d3 df 00 48 e7 71
cipherSuite TLS_RSA_WITH_3DES_EDE_CBC_SHA
compressionMethod NULL
10 3 0.0019 (0.0000) S>C Handshake
Certificate
10 4 0.0019 (0.0000) S>C Handshake
ServerHelloDone
10 5 0.0022 (0.0002) C>S ChangeCipherSpec
10 6 0.0426 (0.0404) C>S ChangeCipherSpec
10 7 0.0429 (0.0002) S>C Alert
level fatal
value decryption_failed
10 0.0430 (0.0001) C>S TCP FIN
10 0.0431 (0.0001) S>C TCP FIN
107行未检测到unexpected_message表明未修复该漏洞。
2.2 对自建不受攻击环境的检测
客户端执行nmap:
renz@ubuntuserver17:~$ nmap -p 443 --script ssl-ccs-injection 192.168.80.215
Starting Nmap 7.50 ( https://nmap.org ) at 2018-06-08 11:39 CST
Nmap scan report for 192.168.80.215
Host is up (0.00046s latency).
PORT STATE SERVICE
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 0.22 seconds
客户端抓包:
78 2 0.0010 (0.0005) S>C Handshake
ServerHello
Version 3.3
session_id[32]=
57 bc 8c 2c ba 85 97 52 1f 0e 68 5c 56 c1 21 96
88 db a6 b6 8c 4d b4 4b eb 36 e1 a7 b8 29 6d 57
cipherSuite TLS_RSA_WITH_AES_256_CBC_SHA
compressionMethod NULL
78 3 0.0010 (0.0000) S>C Handshake
Certificate
78 4 0.0010 (0.0000) S>C Handshake
ServerHelloDone
78 5 0.0013 (0.0003) C>S ChangeCipherSpec
78 6 0.0016 (0.0002) S>C Alert
level fatal
value unexpected_message
78 7 0.0016 (0.0000) C>S ChangeCipherSpec
78 0.0016 (0.0000) S>C TCP FIN
78 0.0018 (0.0001) C>S TCP FIN
78行检测到unexpected_message表明已修复该漏洞。
3. 利用漏洞攻击
能力有限,虽然手头有易被攻击的环境,但仍没有什么可行的办法以己之矛攻己之盾。是不是说自己作为中间人,成功诱导c/s双方使用弱加密套件,自己这边穷举算出密钥的可能性就大了。
我果然最后都没能搞出。
看了以下几篇文章推荐给大家,如果有什么可行性高的办法请一定分享。
早期ChangeCipherSpec攻击
How I discovered CCS Injection Vulnerability (CVE-2014-0224)
3.1 使用1.0.1h之前版本的openssl进行ssl握手
进行这样一个测试,我觉得我需要两个ubuntu,作为服务端的ubuntu安装openssl-1.0.1g,并运行命令openssl s_server,客户端运行nmap。
或者通过gdb来运行openssl s_server来查看openssl如何接受ChangeCipherSpec。
handshark flow:
Client Server
ClientHello -------->
ServerHello
Certificate*
ServerKeyExchange*
CertificateRequest*
<-------- ServerHelloDone
Certificate*
ClientKeyExchange
CertificateVerify*
[ChangeCipherSpec]
Finished -------->
[ChangeCipherSpec]
<-------- Finished
Application Data <-------> Application Data
