Testing with OpenSSL

Recently, I've ran into a few situations were I had to start testing for if SSLv2 was allowing connections. Instead of using a tool such as a vulnerability scanner, I found that the best way to go about this was with openssl and s_client. This would allow me to fine tune my request to get the information that I needed manually and cut out the time spent waiting for a scanner to finish.

Here is an example of how you can check if SSLv2 is allowed on a system using openssl

Allowed Connection:
root#openssl s_client -ssl2 -no_ssl3 -no_tls1 -connect 192.168.1.2:443
CONNECTED(00000003)
...certificate exhange etc....
SSL handshake has read 879 bytes and written 236 bytes
---
New, SSLv2, Cipher is DES-CBC3-MD5
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv2 <---Tells us SSLv2 was used for the session
Cipher : DES-CBC3-MD5
Session-ID: 26691A60E4F2220AB63D22A032E26872
Session-ID-ctx:
Master-Key: CC2E5772DA1C9908333FC4905136041BADAB4ED4F965537E
Key-Arg : 86F6F36C8D5FD389
Krb5 Principal: None
Start Time: 1274455830
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)

Denied Connection:
root#openssl s_client -ssl2 -no_ssl3 -no_tls1 -connect 192.168.1.3:443
CONNECTED(00000003)
2790:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:

That covers an easy way to test if SSLv2 is allowed on a web server, my next post I'll cover how to check for ciphers, maybe a little more.

Comments

Post a Comment

Popular posts from this blog

And now for something completely different...

Over the course of my INFOSEC career I've worked in many different positions. IDS, network analysis, pentester, mobile application testing and a few others but one area has always stoked my interest. Vulnerability development is an area I wish I knew more about along with having a better grasp of reversing software. So over the next few months I've decided to try and fuel that interest by jumping into the world of fuzzing. I have chosen to start messing around with american fuzzy lop (AFL)  and see if I can find my first CVE. So here goes nothing.
Read more

Been awhile hasn't it.

It's been over a year since the last time I posted anything so I'll give a quick update. The whole AFL thing didn't pan out as much as I'd like as I never really made time for it. I did add another child into the world so I got that going for me. As for work, I'm still at Cisco Talos doing the Detection Response Team (DRT) stuff, basically creating rules for Snort and sigs for ClamAV. That's going ok, gets a little mundane at times as I'm a researcher by trade and love looking into different things, especially mobile stuff, but overall I feel it's going well. At least no one has told me otherwise. That's pretty much it for me over the last year so lets start on some new exciting info. I recently went to TROOPERS  for TROOPERS19 and it was awesome. For those that don't know, it is a computer security conference in Heidelberg, Germany that takes place in March time frame. The city of Heidelberg was beautiful and the content of the conference was
Read more

Testing Joomla for CVE-2015-8562

Over the last couple of days I've been responding to question about Joomla's 0-day which has been gaining some attention lately. I decided to write a PowerShell script to check a Joomla server if it is running the at least 3.4.6 or 3.4.7. Hope you enjoy it and let me know your thoughts. ############################################################################################### # # Script: CheckJoomla.ps1 # By: Tim Muniz # Date: 20151222 # ############################################################################################### <# .SYNOPSIS This script checks Joomla Version to check if the remote host is vulnerable to CVE-2015-8562. .DESCRIPTION This script checks Joomla Version to check if the remote host is vulnerable to CVE-2015-8562. .PARAMETER target a host running Joomla to test. .PARAMETER Https To test a host running SSL/TLS.  This is an optional parameter. .EXAMPLE Check remote Joomla
Read more