ตรวจสอบ SSL issue

เราทราบกันดีอยู่แล้วว่า ณ ปัจจุบันเว็บไซด์ส่วนใหญ่เป็น HTTPS ไปหมดแล้ว ซึ่ง HTTPS ที่ว่าคือการใช้งาน protocol ssl/tls นั่นเอง ซึ่งแน่นอนว่าเมื่อมีการใช้งาน protocol ที่แตกต่างจากเดิม ปัญหาที่อาจจะเกิดขึ้นนั้นก็ต้องทดสอบแตกต่างไปจากเดิมเช่นกัน โดยปกติตัวผมเองมักจะใช้ testssl.sh ในการทดสอบหาปัญหา (issue) ของ HTTPS ต่างๆ ซึ่งเราสามารถตรวจสอบผลที่ได้จาก testssl.sh ได้โดยทำตามแต่ละ issue ดังต่อไปนี้

*** หมายเหตุ 1# ข้อ 1,2 จะไม่สามารถทดสอบได้ด้วย openssl ตัวใหม่ๆ ต้องใช้ตัวเก่าๆหรือไม่ก็เครื่องมืออื่นในการทดสอบแทนครับ

1. SSLv2 Support

ปัญหานี้เราแค่ตรวจสอบเพื่อยืนยันว่ามีการใช้งาน sslv2 จริงหรือไม่โดยใช้คำสั่งเป็น

<span class="pln">openssl s_client </span><span class="pun">–</span><span class="pln">ssl2 </span><span class="pun">-</span><span class="pln">connect &lt;TARGET&gt;</span><span class="pun">:</span><span class="lit">&lt;PORT&gt;</span>

1	<span class="pln">openssl s_client </span><span class="pun">–</span><span class="pln">ssl2 </span><span class="pun">-</span><span class="pln">connect <TARGET></span><span class="pun">:</span><span class="lit"><PORT></span>

หาก support ตัว server จะ response กลับมาด้วย certificate

<span class="pln">openssl s_client </span><span class="pun">-</span><span class="pln">ssl2 </span><span class="pun">-</span><span class="pln">connect </span><span class="lit">10.0</span><span class="pun">.</span><span class="lit">0.1</span><span class="pun">:</span><span class="lit">443</span><span class="pln">

CONNECTED</span><span class="pun">(</span><span class="lit">00000003</span><span class="pun">)</span><span class="pln">
depth</span><span class="pun">=</span><span class="lit">0</span> <span class="pun">/</span><span class="pln">C</span><span class="pun">=</span><span class="pln">AU</span><span class="pun">/</span><span class="pln">ST</span><span class="pun">=</span><span class="str">/L=/</span><span class="pln">O</span><span class="pun">=</span><span class="typ">Context</span><span class="pun">/</span><span class="pln">OU</span><span class="pun">=</span><span class="pln">context</span><span class="pun">/</span><span class="pln">CN</span><span class="pun">=</span><span class="pln">sslserver
verify error</span><span class="pun">:</span><span class="pln">num</span><span class="pun">=</span><span class="lit">18</span><span class="pun">:</span><span class="kwd">self</span> <span class="kwd">signed</span><span class="pln"> certificate
verify </span><span class="kwd">return</span><span class="pun">:</span><span class="lit">1</span><span class="pln">
depth</span><span class="pun">=</span><span class="lit">0</span> <span class="pun">/</span><span class="pln">C</span><span class="pun">=</span><span class="pln">AU</span><span class="pun">/</span><span class="pln">ST</span><span class="pun">=</span><span class="str">/L=/</span><span class="pln">O</span><span class="pun">=</span><span class="typ">Context</span><span class="pun">/</span><span class="pln">OU</span><span class="pun">=</span><span class="pln">context</span><span class="pun">/</span><span class="pln">CN</span><span class="pun">=</span><span class="pln">sslserver
verify </span><span class="kwd">return</span><span class="pun">:</span><span class="lit">1</span>
<span class="pun">---</span>
<span class="typ">Server</span><span class="pln"> certificate
</span><span class="pun">-----</span><span class="kwd">BEGIN</span><span class="pln"> CERTIFICATE</span><span class="pun">-----</span>
<span class="typ">MIICnjCCAgugAwIBAgIJAPB2liVH7xRsMA0GCSqGSIb3DQEBBQUAMGwxCzAJBgNV</span>
<span class="typ">BAYTAkFVMREwDwYDVQQIDAhWaWN0b3JpYTESMBAGA1UEBwwJTWVsYm91cm5lMRAw</span>
<span class="typ">DgYDVQQKDAdDb250ZXh0MRAwDgYDVQQLDAdQbGF5cGVuMRIwEAYDVQQDDAlzc2xz</span><span class="pln">
ZXJ2ZXIwHhcNMTQwMTE3MDMwNjAxWhcNMTcxMDEzMDMwNjAxWjBsMQswCQYDVQQG
</span><span class="typ">EwJBVTERMA8GA1UECAwIVmljdG9yaWExEjAQBgNVBAcMCU1lbGJvdXJuZTEQMA4G</span><span class="pln">
A1UECgwHQ29udGV4dDEQMA4GA1UECwwHUGxheXBlbjESMBAGA1UEAwwJc3Nsc2Vy
dmVyMIGbMA0GCSqGSIb3DQEBAQUAA4GJADCBhQJ</span><span class="pun">+</span><span class="typ">AJdlQF95PWaFnmN0hQd5BYUf</span><span class="pln">
SALBHBDO</span><span class="pun">+</span><span class="typ">JkNIPj5evYEAoPql3Am6Uphv3Pxyd</span><span class="pun">+</span><span class="pln">scDowb7UrReH8dBltxfz0Id4V
</span><span class="lit">3wpSJRdwo4Gx8xx27tLjDqbTaPKfSRWGpr0s2S2KJerr3XJvTDtWoiHN3zsx5kLU</span><span class="pln">
qvKTm</span><span class="pun">+</span><span class="lit">3LNHp7DgwNAgMBAAGjUDBOMB0GA1UdDgQWBBS5W</span><span class="pun">+</span><span class="pln">orwrw8K5LuFRykGg9w
</span><span class="lit">1DCanzAfBgNVHSMEGDAWgBS5W</span><span class="pun">+</span><span class="pln">orwrw8K5LuFRykGg9w1DCanzAMBgNVHRMEBTAD
AQH</span><span class="pun">/</span><span class="pln">MA0GCSqGSIb3DQEBBQUAA34AegQVwKLQseAu7krFdsrfL117Sfpk7BuucJXJ
nNbg9WRKFk5raikmp1nc5zLRZ4c6waDSX</span><span class="pun">/</span><span class="pln">rrT2g06IXSAJXmv5d2NYU</span><span class="pun">+</span><span class="lit">5YECJnY5</span>
<span class="typ">ApexOlQJvsunKXZdJvBC6FijyLGi8G9zbA5S</span><span class="pun">++</span><span class="typ">JQkXWtiiICPGF2afYI5ahBgGO2</span><span class="pln">
hgE</span><span class="pun">=</span>
<span class="pun">-----</span><span class="kwd">END</span><span class="pln"> CERTIFICATE</span><span class="pun">-----</span><span class="pln">
subject</span><span class="pun">=</span><span class="str">/C=AU/</span><span class="pln">ST</span><span class="pun">=</span><span class="str">/L=/</span><span class="pln">O</span><span class="pun">=</span><span class="typ">Context</span><span class="pun">/</span><span class="pln">OU</span><span class="pun">=</span><span class="pln">context</span><span class="pun">/</span><span class="pln">CN</span><span class="pun">=</span><span class="pln">sslserver
issuer</span><span class="pun">=</span><span class="str">/C=AU/</span><span class="pln">ST</span><span class="pun">=</span><span class="str">/L=/</span><span class="pln">O</span><span class="pun">=</span><span class="typ">Context</span><span class="pun">/</span><span class="pln">OU</span><span class="pun">=</span><span class="pln">context</span><span class="pun">/</span><span class="pln">CN</span><span class="pun">=</span><span class="pln">sslserver
</span><span class="pun">---</span>
<span class="typ">No</span><span class="pln"> client certificate CA names sent
</span><span class="pun">---</span>
<span class="typ">Ciphers</span><span class="pln"> common between both SSL endpoints</span><span class="pun">:</span><span class="pln">
RC4</span><span class="pun">-</span><span class="pln">MD5         EXP</span><span class="pun">-</span><span class="pln">RC4</span><span class="pun">-</span><span class="pln">MD5     RC2</span><span class="pun">-</span><span class="pln">CBC</span><span class="pun">-</span><span class="pln">MD5    
EXP</span><span class="pun">-</span><span class="pln">RC2</span><span class="pun">-</span><span class="pln">CBC</span><span class="pun">-</span><span class="pln">MD5 DES</span><span class="pun">-</span><span class="pln">CBC</span><span class="pun">-</span><span class="pln">MD5     DES</span><span class="pun">-</span><span class="pln">CBC3</span><span class="pun">-</span><span class="pln">MD5
</span><span class="pun">---</span><span class="pln">
SSL handshake has read </span><span class="lit">807</span><span class="pln"> bytes </span><span class="kwd">and</span><span class="pln"> written </span><span class="lit">233</span><span class="pln"> bytes
</span><span class="pun">---</span>
<span class="typ">New</span><span class="pun">,</span> <span class="typ">SSLv2</span><span class="pun">,</span> <span class="typ">Cipher</span> <span class="kwd">is</span><span class="pln"> DES</span><span class="pun">-</span><span class="pln">CBC3</span><span class="pun">-</span><span class="pln">MD5
</span><span class="typ">Server</span> <span class="kwd">public</span><span class="pln"> key </span><span class="kwd">is</span> <span class="lit">1000</span><span class="pln"> bit
</span><span class="typ">Secure</span> <span class="typ">Renegotiation</span><span class="pln"> IS NOT supported
</span><span class="typ">Compression</span><span class="pun">:</span><span class="pln"> NONE
</span><span class="typ">Expansion</span><span class="pun">:</span><span class="pln"> NONE
SSL</span><span class="pun">-</span><span class="typ">Session</span><span class="pun">:</span>
    <span class="typ">Protocol</span>  <span class="pun">:</span> <span class="typ">SSLv2</span>
    <span class="typ">Cipher</span>    <span class="pun">:</span><span class="pln"> DES</span><span class="pun">-</span><span class="pln">CBC3</span><span class="pun">-</span><span class="pln">MD5
    </span><span class="typ">Session</span><span class="pun">-</span><span class="pln">ID</span><span class="pun">:</span> <span class="lit">3BD641677102DBE9BDADF9B990D2D716</span>
    <span class="typ">Session</span><span class="pun">-</span><span class="pln">ID</span><span class="pun">-</span><span class="pln">ctx</span><span class="pun">:</span> 
    <span class="typ">Master</span><span class="pun">-</span><span class="typ">Key</span><span class="pun">:</span><span class="pln"> D2AAB3751263EB53BAD83453D26A09DA1F700059FD16B510
    </span><span class="typ">Key</span><span class="pun">-</span><span class="typ">Arg</span>   <span class="pun">:</span><span class="pln"> DB92A6A80BF4CA4A
    </span><span class="typ">Start</span> <span class="typ">Time</span><span class="pun">:</span> <span class="lit">1390178607</span>
    <span class="typ">Timeout</span>   <span class="pun">:</span> <span class="lit">300</span> <span class="pun">(</span><span class="pln">sec</span><span class="pun">)</span>
    <span class="typ">Verify</span> <span class="kwd">return</span><span class="pln"> code</span><span class="pun">:</span> <span class="lit">18</span> <span class="pun">(</span><span class="kwd">self</span> <span class="kwd">signed</span><span class="pln"> certificate</span><span class="pun">)</span>

openssl s_client -ssl2 -connect 10.0.0.1:443

CONNECTED(00000003)

depth=0 /C=AU/ST=/L=/O=Context/OU=context/CN=sslserver

verify error:num=18:self signed certificate

verify return:1

verify return:1

---

Server certificate

-----BEGIN CERTIFICATE-----

MIICnjCCAgugAwIBAgIJAPB2liVH7xRsMA0GCSqGSIb3DQEBBQUAMGwxCzAJBgNV

BAYTAkFVMREwDwYDVQQIDAhWaWN0b3JpYTESMBAGA1UEBwwJTWVsYm91cm5lMRAw

DgYDVQQKDAdDb250ZXh0MRAwDgYDVQQLDAdQbGF5cGVuMRIwEAYDVQQDDAlzc2xz

ZXJ2ZXIwHhcNMTQwMTE3MDMwNjAxWhcNMTcxMDEzMDMwNjAxWjBsMQswCQYDVQQG

EwJBVTERMA8GA1UECAwIVmljdG9yaWExEjAQBgNVBAcMCU1lbGJvdXJuZTEQMA4G

A1UECgwHQ29udGV4dDEQMA4GA1UECwwHUGxheXBlbjESMBAGA1UEAwwJc3Nsc2Vy

dmVyMIGbMA0GCSqGSIb3DQEBAQUAA4GJADCBhQJ+AJdlQF95PWaFnmN0hQd5BYUf

SALBHBDO+JkNIPj5evYEAoPql3Am6Uphv3Pxyd+scDowb7UrReH8dBltxfz0Id4V

3wpSJRdwo4Gx8xx27tLjDqbTaPKfSRWGpr0s2S2KJerr3XJvTDtWoiHN3zsx5kLU

qvKTm+3LNHp7DgwNAgMBAAGjUDBOMB0GA1UdDgQWBBS5W+orwrw8K5LuFRykGg9w

1DCanzAfBgNVHSMEGDAWgBS5W+orwrw8K5LuFRykGg9w1DCanzAMBgNVHRMEBTAD

AQH/MA0GCSqGSIb3DQEBBQUAA34AegQVwKLQseAu7krFdsrfL117Sfpk7BuucJXJ

nNbg9WRKFk5raikmp1nc5zLRZ4c6waDSX/rrT2g06IXSAJXmv5d2NYU+5YECJnY5

ApexOlQJvsunKXZdJvBC6FijyLGi8G9zbA5S++JQkXWtiiICPGF2afYI5ahBgGO2

hgE=

-----END CERTIFICATE-----

subject=/C=AU/ST=/L=/O=Context/OU=context/CN=sslserver

issuer=/C=AU/ST=/L=/O=Context/OU=context/CN=sslserver

---

No client certificate CA names sent

---

Ciphers common between both SSL endpoints:

RC4-MD5 EXP-RC4-MD5 RC2-CBC-MD5

EXP-RC2-CBC-MD5 DES-CBC-MD5 DES-CBC3-MD5

---

SSL handshake has read 807 bytes and written 233 bytes

---

New, SSLv2, Cipher is DES-CBC3-MD5

Server public key is 1000 bit

Secure Renegotiation IS NOT supported

Compression: NONE

Expansion: NONE

SSL-Session:

Protocol : SSLv2

Cipher : DES-CBC3-MD5

Session-ID: 3BD641677102DBE9BDADF9B990D2D716

Session-ID-ctx:

Master-Key: D2AAB3751263EB53BAD83453D26A09DA1F700059FD16B510

Key-Arg : DB92A6A80BF4CA4A

Start Time: 1390178607

Timeout : 300 (sec)

Verify return code: 18 (self signed certificate)

หากไม่ support จะขึ้นเป็น

<span class="pln">CONNECTED</span><span class="pun">(</span><span class="lit">00000003</span><span class="pun">)</span>
<span class="lit">458</span><span class="pun">:</span><span class="pln">error</span><span class="pun">:</span><span class="lit">1407F0E5</span><span class="pun">:</span><span class="pln">SSL routines</span><span class="pun">:</span><span class="pln">SSL2_WRITE</span><span class="pun">:</span><span class="pln">ssl handshake failure</span><span class="pun">:</span><span class="pln">s2_pkt</span><span class="pun">.</span><span class="pln">c</span><span class="pun">:</span><span class="lit">428</span><span class="pun">:</span>

CONNECTED(00000003)

458:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:

2. SSLv3 Support

อันนี้จะคล้ายๆกับ sslv3 ว่า server ปลายทาง support หรือไม่ไม่โดยใช้คำสั่งเป็น

<span class="pln">openssl s_client </span><span class="pun">–</span><span class="pln">ssl3 </span><span class="pun">-</span><span class="pln">connect &lt;TARGET&gt;</span><span class="pun">:</span><span class="lit">&lt;PORT&gt;</span>

1	<span class="pln">openssl s_client </span><span class="pun">–</span><span class="pln">ssl3 </span><span class="pun">-</span><span class="pln">connect <TARGET></span><span class="pun">:</span><span class="lit"><PORT></span>

หากสำเร็จ จะได้ผลลัพธ์ออกมาเป็น

<span class="pln">openssl s_client </span><span class="pun">-</span><span class="pln">ssl3 </span><span class="pun">-</span><span class="pln">connect google</span><span class="pun">.</span><span class="pln">com</span><span class="pun">:</span><span class="lit">443</span><span class="pln">


CONNECTED</span><span class="pun">(</span><span class="lit">00000003</span><span class="pun">)</span><span class="pln">
depth</span><span class="pun">=</span><span class="lit">2</span> <span class="pun">/</span><span class="pln">C</span><span class="pun">=</span><span class="pln">US</span><span class="pun">/</span><span class="pln">O</span><span class="pun">=</span><span class="typ">GeoTrust</span> <span class="typ">Inc</span><span class="pun">./</span><span class="pln">CN</span><span class="pun">=</span><span class="typ">GeoTrust</span> <span class="typ">Global</span><span class="pln"> CA
verify error</span><span class="pun">:</span><span class="pln">num</span><span class="pun">=</span><span class="lit">20</span><span class="pun">:</span><span class="pln">unable to </span><span class="kwd">get</span> <span class="kwd">local</span><span class="pln"> issuer certificate
verify </span><span class="kwd">return</span><span class="pun">:</span><span class="lit">0</span>
<span class="pun">---</span>
<span class="typ">Certificate</span><span class="pln"> chain

</span><span class="pun">---</span> <span class="typ">Certificate</span><span class="pln"> details removed </span><span class="kwd">for</span><span class="pln"> brevity </span><span class="pun">---</span>
<span class="pun">---</span>
<span class="typ">New</span><span class="pun">,</span> <span class="typ">TLSv1</span><span class="pun">/</span><span class="typ">SSLv3</span><span class="pun">,</span> <span class="typ">Cipher</span> <span class="kwd">is</span><span class="pln"> RC4</span><span class="pun">-</span><span class="pln">SHA
</span><span class="typ">Server</span> <span class="kwd">public</span><span class="pln"> key </span><span class="kwd">is</span> <span class="lit">2048</span><span class="pln"> bit
</span><span class="typ">Secure</span> <span class="typ">Renegotiation</span><span class="pln"> IS supported
</span><span class="typ">Compression</span><span class="pun">:</span><span class="pln"> NONE
</span><span class="typ">Expansion</span><span class="pun">:</span><span class="pln"> NONE
SSL</span><span class="pun">-</span><span class="typ">Session</span><span class="pun">:</span>
    <span class="typ">Protocol</span>  <span class="pun">:</span> <span class="typ">SSLv3</span>
    <span class="typ">Cipher</span>    <span class="pun">:</span><span class="pln"> RC4</span><span class="pun">-</span><span class="pln">SHA
    </span><span class="typ">Session</span><span class="pun">-</span><span class="pln">ID</span><span class="pun">:</span> <span class="lit">6E461AEAD8C1516F9D8950A9B5E735F9882BFC6EA0838D81CFD41C01A3799A41</span>
    <span class="typ">Session</span><span class="pun">-</span><span class="pln">ID</span><span class="pun">-</span><span class="pln">ctx</span><span class="pun">:</span>
    <span class="typ">Master</span><span class="pun">-</span><span class="typ">Key</span><span class="pun">:</span> <span class="lit">7E7680640BB7E2C83CBE87342727E0D09AC10EEEB095A8C0A2501EAE80FA1C20D3F3FE4346B1234057D6D506420273FA</span>
    <span class="typ">Key</span><span class="pun">-</span><span class="typ">Arg</span>   <span class="pun">:</span> <span class="kwd">None</span>
    <span class="typ">Start</span> <span class="typ">Time</span><span class="pun">:</span> <span class="lit">1421296281</span>
    <span class="typ">Timeout</span>   <span class="pun">:</span> <span class="lit">7200</span> <span class="pun">(</span><span class="pln">sec</span><span class="pun">)</span>
    <span class="typ">Verify</span> <span class="kwd">return</span><span class="pln"> code</span><span class="pun">:</span> <span class="lit">0</span> <span class="pun">(</span><span class="pln">ok</span><span class="pun">)</span>
<span class="pun">---</span>

openssl s_client -ssl3 -connect google.com:443

CONNECTED(00000003)

depth=2 /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA

verify error:num=20:unable to get local issuer certificate

verify return:0

---

Certificate chain

--- Certificate details removed for brevity ---

---

Server public key is 2048 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

SSL-Session:

Protocol : SSLv3

Cipher : RC4-SHA

Session-ID: 6E461AEAD8C1516F9D8950A9B5E735F9882BFC6EA0838D81CFD41C01A3799A41

Session-ID-ctx:

Master-Key: 7E7680640BB7E2C83CBE87342727E0D09AC10EEEB095A8C0A2501EAE80FA1C20D3F3FE4346B1234057D6D506420273FA

Key-Arg : None

Start Time: 1421296281

Timeout : 7200 (sec)

Verify return code: 0 (ok)

---

3. ตรวจสอบ Cipher Suites

อันนี้เป็นการตรวจสอบว่า server ปลายทาง support การใช้งาน cipher suite อะไรบ้าง โดยยกตัวอย่างเช่น

TLS_RSA_WITH_AES_128_CBC_SHA

RSA คือ Key exchange algorithm
AES_128_CBC จะเป็นการเข้ารหัสที่ใช้ (AES ที่ใช้ 128 bit key ในรูปแบบของ Cipher-Block Chaining mode และใช้ SHA เป็น Message Authentication Code (MAC) นั่นเอง

เราสามารถใช้ Nmap และ NSE (Nmap Script Engine) ในการ scan ได้โดยใช้คำสั่ง

<span class="pln">nmap </span><span class="pun">--</span><span class="pln">script ssl</span><span class="pun">-</span><span class="kwd">enum</span><span class="pun">-</span><span class="pln">ciphers </span><span class="pun">-</span><span class="pln">p </span><span class="lit">443</span><span class="pln"> example</span><span class="pun">.</span><span class="pln">com</span>

nmap --script ssl-enum-ciphers -p 443 example.com

ยกตัวอย่างเช่น

nmap --script ssl-enum-ciphers -p 443 techsuii.com

Starting Nmap 7.70SVN ( https://nmap.org ) at 2019-05-14 16:27 +07
Nmap scan report for techsuii.com (45.76.187.195)
Host is up (0.0059s latency).
rDNS record for 45.76.187.195: 45.76.187.195.vultr.com

PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers: 
|   TLSv1.1: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|     compressors: 
|       NULL
|     cipher preference: server
|   TLSv1.2: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp384r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp384r1) - A
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp384r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|     compressors: 
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 3.72 seconds

nmap --script ssl-enum-ciphers -p 443 techsuii.com

Starting Nmap 7.70SVN ( https://nmap.org ) at 2019-05-14 16:27 +07

Nmap scan report for techsuii.com (45.76.187.195)

Host is up (0.0059s latency).

rDNS record for 45.76.187.195: 45.76.187.195.vultr.com

PORT STATE SERVICE

443/tcp open https

| ssl-enum-ciphers:

| TLSv1.1:

| ciphers:

| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A

| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A

| compressors:

| NULL

| cipher preference: server

| TLSv1.2:

| ciphers:

| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp384r1) - A

| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp384r1) - A

| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A

| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A

| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp384r1) - A

| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A

| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A

| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A

| compressors:

| NULL

| cipher preference: server

|_ least strength: A

Nmap done: 1 IP address (1 host up) scanned in 3.72 seconds

3. ตรวจสอบ Certificate

การตรวจสอบ Certificate นั้นเป็นการตรวจสอบว่า certificate นั้นน่าเชื่อถือหรือไม่

หากต้องการตรวจสอบ certificate เราสามารถทำได้โดยใช้คำสั่ง

<span class="pln">openssl s_client </span><span class="pun">-</span><span class="pln">connect techsuii</span><span class="pun">.</span><span class="pln">com</span><span class="pun">:</span><span class="lit">443</span> <span class="pun">|</span><span class="pln"> openssl x509 </span><span class="pun">-</span><span class="pln">noout </span><span class="pun">-</span><span class="pln">text</span>

openssl s_client -connect techsuii.com:443 | openssl x509 -noout -text

ตัวอย่างจาก techsuii.com

depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = www.techsuii.com
verify return:1
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:22:10:9a:9c:90:9c:87:4c:ee:e8:ae:f1:60:7a:c4:96:27
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Validity
            Not Before: Mar 21 02:40:13 2019 GMT
            Not After : Jun 19 02:40:13 2019 GMT
        Subject: CN = www.techsuii.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:47:70:07:07:1f:0c:22:27:d4:18:73:e5:64:
                    08:35:01:26:5e:e6:55:75:29:94:7f:90:71:ff:35:
                    48:f6:56:26:f4:7d:7c:e0:43:f1:ae:71:d5:57:6f:
                    18:b0:de:0a:42:c6:66:84:da:ea:0c:4f:5e:8c:c2:
                    f0:53:f9:56:7d:55:b2:c3:49:67:01:c3:1a:e7:4d:
                    7d:aa:dc:fb:eb:40:1e:d5:30:20:c8:35:65:ba:8f:
                    0e:40:ff:22:d7:90:1c:a5:fa:11:b8:56:45:4e:d0:
                    73:b3:12:7a:85:ef:ec:c4:2b:4f:12:cf:57:ec:0a:
                    3c:fe:01:af:26:b9:10:0a:c5:b1:0a:0c:8b:c7:d4:
                    75:51:0e:87:22:bb:b7:f7:7c:1b:13:f2:55:a9:c5:
                    47:dd:9d:66:7b:3b:40:8b:93:df:64:23:fc:4b:8c:
                    08:99:2e:a5:36:d7:3e:b9:3a:01:ea:6c:74:a2:23:
                    83:53:90:40:e4:a2:f0:db:84:66:52:15:c1:12:2c:
                    63:c7:36:f0:26:4c:18:e0:00:69:b9:a6:bb:4a:f2:
                    39:a1:4d:24:b9:0b:a1:4c:2e:c6:ce:cf:90:86:7d:
                    14:81:8b:a2:ce:bd:12:a1:f5:d3:95:7d:26:5a:fc:
                    1f:40:1c:69:95:3f:75:00:2d:cb:de:6f:9b:ca:fa:
                    a8:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                AA:39:BE:66:7B:FD:6A:91:B0:68:3A:B7:CD:11:14:25:30:EB:E1:AC
            X509v3 Authority Key Identifier: 
                keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1

            Authority Information Access: 
                OCSP - URI:http://ocsp.int-x3.letsencrypt.org
                CA Issuers - URI:http://cert.int-x3.letsencrypt.org/

            X509v3 Subject Alternative Name: 
                DNS:www.techsuii.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
                Policy: 1.3.6.1.4.1.44947.1.1.1
                  CPS: http://cps.letsencrypt.org

            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 74:7E:DA:83:31:AD:33:10:91:21:9C:CE:25:4F:42:70:
                                C2:BF:FD:5E:42:20:08:C6:37:35:79:E6:10:7B:CC:56
                    Timestamp : Mar 21 03:40:13.606 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:13:4A:8D:71:FC:EB:EC:C1:BD:D2:AA:BC:
                                66:7A:37:6A:90:F4:F1:D9:4B:12:A4:72:E8:A0:47:6C:
                                60:18:20:BE:02:21:00:B9:B9:55:4A:07:AF:46:25:3B:
                                F8:6A:14:7E:91:F9:C5:5A:05:98:94:1A:C3:60:60:FB:
                                BD:FC:B5:08:53:56:CF
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 29:3C:51:96:54:C8:39:65:BA:AA:50:FC:58:07:D4:B7:
                                6F:BF:58:7A:29:72:DC:A4:C3:0C:F4:E5:45:47:F4:78
                    Timestamp : Mar 21 03:40:14.109 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:59:D3:87:23:1C:E2:DE:81:16:A3:CE:17:
                                68:C4:C3:C9:E1:7F:04:33:D7:C0:7F:C8:4E:9B:BE:6D:
                                10:CD:D0:58:02:20:7F:76:BA:69:B9:90:9F:12:93:84:
                                E0:DB:37:41:A2:E6:58:3A:86:B2:C9:EF:87:15:EC:72:
                                95:A8:52:08:F2:51
    Signature Algorithm: sha256WithRSAEncryption
         55:e4:5e:9d:8a:ee:19:36:40:4a:bb:0e:f3:9b:d1:ef:17:cf:
         72:1f:ea:46:db:29:80:5b:d3:bb:b7:0e:bb:83:a4:ea:3b:cb:
         dc:38:29:a4:9a:a9:24:13:60:57:1b:15:82:8b:e0:e1:ef:ee:
         89:0b:12:17:21:95:bc:5c:6b:25:c8:14:48:91:0c:b6:c6:36:
         9d:f1:46:78:17:31:74:2d:4a:4e:04:52:69:ba:ce:15:e3:78:
         86:79:b1:cf:16:8c:01:b1:87:40:91:10:c5:f6:1b:18:98:30:
         00:e3:4e:35:75:43:e5:7a:93:0c:19:43:bf:82:56:65:ca:02:
         97:7d:de:52:38:87:86:58:18:0e:df:f8:a1:ab:b6:fe:11:a9:
         34:2c:e3:fa:d1:13:1b:3d:97:46:23:56:e4:47:e1:88:2a:0f:
         fe:e5:b4:9d:12:25:76:1e:85:b8:a1:6a:7d:7d:0e:6a:73:de:
         42:66:9a:0b:45:6f:2b:1f:c6:93:9f:ac:16:8d:c2:99:d6:15:
         ca:ad:8f:36:3f:73:7e:00:dd:71:7b:f8:97:b8:e7:53:4d:a1:
         f5:28:be:d7:b3:32:33:af:15:47:8b:86:f8:71:1d:90:c7:b9:
         c1:98:7f:af:6c:68:ec:c7:23:63:c9:19:fd:3c:8f:b4:ec:1f:
         3a:c6:14:c0

100

101

102

103

104

depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3

verify return:1

depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3

verify return:1

depth=0 CN = www.techsuii.com

verify return:1

Certificate:

Data:

Version: 3 (0x2)

Serial Number:

03:22:10:9a:9c:90:9c:87:4c:ee:e8:ae:f1:60:7a:c4:96:27

Signature Algorithm: sha256WithRSAEncryption

Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3

Validity

Not Before: Mar 21 02:40:13 2019 GMT

Not After : Jun 19 02:40:13 2019 GMT

Subject: CN = www.techsuii.com

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

RSA Public-Key: (2048 bit)

Modulus:

00:bb:47:70:07:07:1f:0c:22:27:d4:18:73:e5:64:

08:35:01:26:5e:e6:55:75:29:94:7f:90:71:ff:35:

48:f6:56:26:f4:7d:7c:e0:43:f1:ae:71:d5:57:6f:

18:b0:de:0a:42:c6:66:84:da:ea:0c:4f:5e:8c:c2:

f0:53:f9:56:7d:55:b2:c3:49:67:01:c3:1a:e7:4d:

7d:aa:dc:fb:eb:40:1e:d5:30:20:c8:35:65:ba:8f:

0e:40:ff:22:d7:90:1c:a5:fa:11:b8:56:45:4e:d0:

73:b3:12:7a:85:ef:ec:c4:2b:4f:12:cf:57:ec:0a:

3c:fe:01:af:26:b9:10:0a:c5:b1:0a:0c:8b:c7:d4:

75:51:0e:87:22:bb:b7:f7:7c:1b:13:f2:55:a9:c5:

47:dd:9d:66:7b:3b:40:8b:93:df:64:23:fc:4b:8c:

08:99:2e:a5:36:d7:3e:b9:3a:01:ea:6c:74:a2:23:

83:53:90:40:e4:a2:f0:db:84:66:52:15:c1:12:2c:

63:c7:36:f0:26:4c:18:e0:00:69:b9:a6:bb:4a:f2:

39:a1:4d:24:b9:0b:a1:4c:2e:c6:ce:cf:90:86:7d:

14:81:8b:a2:ce:bd:12:a1:f5:d3:95:7d:26:5a:fc:

1f:40:1c:69:95:3f:75:00:2d:cb:de:6f:9b:ca:fa:

a8:eb

Exponent: 65537 (0x10001)

X509v3 extensions:

X509v3 Key Usage: critical

Digital Signature, Key Encipherment

X509v3 Extended Key Usage:

TLS Web Server Authentication, TLS Web Client Authentication

X509v3 Basic Constraints: critical

CA:FALSE

X509v3 Subject Key Identifier:

AA:39:BE:66:7B:FD:6A:91:B0:68:3A:B7:CD:11:14:25:30:EB:E1:AC

X509v3 Authority Key Identifier:

keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1

Authority Information Access:

OCSP - URI:http://ocsp.int-x3.letsencrypt.org

CA Issuers - URI:http://cert.int-x3.letsencrypt.org/

X509v3 Subject Alternative Name:

DNS:www.techsuii.com

X509v3 Certificate Policies:

Policy: 2.23.140.1.2.1

Policy: 1.3.6.1.4.1.44947.1.1.1

CPS: http://cps.letsencrypt.org

CT Precertificate SCTs:

Signed Certificate Timestamp:

Version : v1 (0x0)

Log ID : 74:7E:DA:83:31:AD:33:10:91:21:9C:CE:25:4F:42:70:

C2:BF:FD:5E:42:20:08:C6:37:35:79:E6:10:7B:CC:56

Timestamp : Mar 21 03:40:13.606 2019 GMT

Extensions: none

Signature : ecdsa-with-SHA256

30:45:02:20:13:4A:8D:71:FC:EB:EC:C1:BD:D2:AA:BC:

66:7A:37:6A:90:F4:F1:D9:4B:12:A4:72:E8:A0:47:6C:

60:18:20:BE:02:21:00:B9:B9:55:4A:07:AF:46:25:3B:

F8:6A:14:7E:91:F9:C5:5A:05:98:94:1A:C3:60:60:FB:

BD:FC:B5:08:53:56:CF

Signed Certificate Timestamp:

Version : v1 (0x0)

Log ID : 29:3C:51:96:54:C8:39:65:BA:AA:50:FC:58:07:D4:B7:

6F:BF:58:7A:29:72:DC:A4:C3:0C:F4:E5:45:47:F4:78

Timestamp : Mar 21 03:40:14.109 2019 GMT

Extensions: none

Signature : ecdsa-with-SHA256

30:44:02:20:59:D3:87:23:1C:E2:DE:81:16:A3:CE:17:

68:C4:C3:C9:E1:7F:04:33:D7:C0:7F:C8:4E:9B:BE:6D:

10:CD:D0:58:02:20:7F:76:BA:69:B9:90:9F:12:93:84:

E0:DB:37:41:A2:E6:58:3A:86:B2:C9:EF:87:15:EC:72:

95:A8:52:08:F2:51

Signature Algorithm: sha256WithRSAEncryption

55:e4:5e:9d:8a:ee:19:36:40:4a:bb:0e:f3:9b:d1:ef:17:cf:

72:1f:ea:46:db:29:80:5b:d3:bb:b7:0e:bb:83:a4:ea:3b:cb:

dc:38:29:a4:9a:a9:24:13:60:57:1b:15:82:8b:e0:e1:ef:ee:

89:0b:12:17:21:95:bc:5c:6b:25:c8:14:48:91:0c:b6:c6:36:

9d:f1:46:78:17:31:74:2d:4a:4e:04:52:69:ba:ce:15:e3:78:

86:79:b1:cf:16:8c:01:b1:87:40:91:10:c5:f6:1b:18:98:30:

00:e3:4e:35:75:43:e5:7a:93:0c:19:43:bf:82:56:65:ca:02:

97:7d:de:52:38:87:86:58:18:0e:df:f8:a1:ab:b6:fe:11:a9:

34:2c:e3:fa:d1:13:1b:3d:97:46:23:56:e4:47:e1:88:2a:0f:

fe:e5:b4:9d:12:25:76:1e:85:b8:a1:6a:7d:7d:0e:6a:73:de:

42:66:9a:0b:45:6f:2b:1f:c6:93:9f:ac:16:8d:c2:99:d6:15:

ca:ad:8f:36:3f:73:7e:00:dd:71:7b:f8:97:b8:e7:53:4d:a1:

f5:28:be:d7:b3:32:33:af:15:47:8b:86:f8:71:1d:90:c7:b9:

c1:98:7f:af:6c:68:ec:c7:23:63:c9:19:fd:3c:8f:b4:ec:1f:

3a:c6:14:c0

4. ตรวจสอบ Renegotiation

SSL/TLS Protocol อนุญาตให้ client และ server สามารถทำการตกลงแลกเปลี่ยน encryption ของ key ใหม่ได้ระหว่าง session ซึ่งเป็นช่องโหว่ในปี 2009 ซึ่งทำให้ attacker สามารถที่จะ inject content เข้าไปในส่วน start session ได้ ซึ่งส่งผลให้สามารถเข้าไปแก้ไขความถูกต้องของ session ได้ ซึ่งแน่นอนว่าการตรวจสอบในลักษณะของ openssl command อาจจะได้แค่การเช็คว่า server รองรับการ renegotiation เท่านั้นก็เป็นได้ ไม่ได้บ่งบอกถึงว่ามีช่องโหว่แต่อย่างใด เพราะช่องโหว่ดังกล่าวขึ้นอยู่กับ ssl library ที่ใช้อีกด้วยนั่นเอง

เราตรวจสอบการรองรับ renegotiation ได้โดยใช้คำสั่ง

<span class="pln">openssl s_client </span><span class="pun">-</span><span class="pln">connect example</span><span class="pun">.</span><span class="pln">com</span><span class="pun">:</span><span class="lit">443</span>

1	<span class="pln">openssl s_client </span><span class="pun">-</span><span class="pln">connect example</span><span class="pun">.</span><span class="pln">com</span><span class="pun">:</span><span class="lit">443</span>

หากไม่ support จะแสดงผลลัพธ์ส่วนการ Renegotiation ว่า “Secure Renegotiation is not supported”

<span class="pln">CONNECTED</span><span class="pun">(</span><span class="lit">00000003</span><span class="pun">)</span>
<span class="lit">139677333890704</span><span class="pun">:</span><span class="pln">error</span><span class="pun">:</span><span class="lit">1407F0E5</span><span class="pun">:</span><span class="pln">SSL routines</span><span class="pun">:</span><span class="pln">SSL2_WRITE</span><span class="pun">:</span><span class="pln">ssl handshake failure</span><span class="pun">:</span><span class="pln">s2_pkt</span><span class="pun">.</span><span class="pln">c</span><span class="pun">:</span><span class="lit">429</span><span class="pun">:</span>
<span class="pun">---</span>
<span class="kwd">no</span><span class="pln"> peer certificate available
</span><span class="pun">---</span>
<span class="typ">No</span><span class="pln"> client certificate CA names sent
</span><span class="pun">---</span><span class="pln">
SSL handshake has read </span><span class="lit">0</span><span class="pln"> bytes </span><span class="kwd">and</span><span class="pln"> written </span><span class="lit">36</span><span class="pln"> bytes
</span><span class="pun">---</span>
<span class="typ">New</span><span class="pun">,</span> <span class="pun">(</span><span class="pln">NONE</span><span class="pun">),</span> <span class="typ">Cipher</span> <span class="kwd">is</span> <span class="pun">(</span><span class="pln">NONE</span><span class="pun">)</span>
<span class="typ">Secure</span> <span class="typ">Renegotiation</span><span class="pln"> IS NOT supported
</span><span class="typ">Compression</span><span class="pun">:</span><span class="pln"> NONE
</span><span class="typ">Expansion</span><span class="pun">:</span><span class="pln"> NONE
SSL</span><span class="pun">-</span><span class="typ">Session</span><span class="pun">:</span>
    <span class="typ">Protocol</span>  <span class="pun">:</span> <span class="typ">SSLv2</span>
    <span class="typ">Cipher</span>    <span class="pun">:</span> <span class="lit">0000</span>
    <span class="typ">Session</span><span class="pun">-</span><span class="pln">ID</span><span class="pun">:</span> 
    <span class="typ">Session</span><span class="pun">-</span><span class="pln">ID</span><span class="pun">-</span><span class="pln">ctx</span><span class="pun">:</span> 
    <span class="typ">Master</span><span class="pun">-</span><span class="typ">Key</span><span class="pun">:</span> 
    <span class="typ">Key</span><span class="pun">-</span><span class="typ">Arg</span>   <span class="pun">:</span> <span class="kwd">None</span><span class="pln">
    PSK identity</span><span class="pun">:</span> <span class="kwd">None</span><span class="pln">
    PSK identity hint</span><span class="pun">:</span> <span class="kwd">None</span><span class="pln">
    SRP username</span><span class="pun">:</span> <span class="kwd">None</span>
    <span class="typ">Start</span> <span class="typ">Time</span><span class="pun">:</span> <span class="lit">1428910482</span>
    <span class="typ">Timeout</span>   <span class="pun">:</span> <span class="lit">300</span> <span class="pun">(</span><span class="pln">sec</span><span class="pun">)</span>
    <span class="typ">Verify</span> <span class="kwd">return</span><span class="pln"> code</span><span class="pun">:</span> <span class="lit">0</span> <span class="pun">(</span><span class="pln">ok</span><span class="pun">)</span>
<span class="pun">---</span>

CONNECTED(00000003)

139677333890704:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:429:

---

no peer certificate available

---

No client certificate CA names sent

---

SSL handshake has read 0 bytes and written 36 bytes

---

New, (NONE), Cipher is (NONE)

Secure Renegotiation IS NOT supported

Compression: NONE

Expansion: NONE

SSL-Session:

Protocol : SSLv2

Cipher : 0000

Session-ID:

Session-ID-ctx:

Master-Key:

Key-Arg : None

PSK identity: None

PSK identity hint: None

SRP username: None

Start Time: 1428910482

Timeout : 300 (sec)

---

5. ตรวจสอบ CLIENT INITIATED RENEGOTIATION

ส่วนการตรวจสอบต่อจากข้อ 4 คือ CLIENT INITIATED RENEGOTIATION จะกระทำโดย

<span class="pln">openssl s_client </span><span class="pun">-</span><span class="pln">connect example</span><span class="pun">.</span><span class="pln">com</span><span class="pun">:</span><span class="lit">443</span>

1	<span class="pln">openssl s_client </span><span class="pun">-</span><span class="pln">connect example</span><span class="pun">.</span><span class="pln">com</span><span class="pun">:</span><span class="lit">443</span>

เมื่อสร้าง connection ได้แล้ว server จะรอรับการ input ต่อไปของเรา เราสามารถเขียน เป็น

<span class="pln">openssl s_client </span><span class="pun">-</span><span class="pln">connect host</span><span class="pun">:</span><span class="pln">port
HEAD </span><span class="pun">/</span><span class="pln"> HTTP</span><span class="pun">/</span><span class="lit">1.0</span><span class="pln">
R
</span><span class="pun">&lt;</span><span class="typ">Enter</span> <span class="kwd">or</span> <span class="typ">Return</span><span class="pln"> key</span><span class="pun">&gt;</span>

openssl s_client -connect host:port

HEAD / HTTP/1.0

หาก server support ตัว connection จะยัง active ต่อไป

หาก Server ไม่ support feature นี้จะขึ้นเป็น

<span class="pln">RENEGOTIATING
write</span><span class="pun">:</span><span class="pln">errno</span><span class="pun">=</span><span class="lit">104</span>

1 2	<span class="pln">RENEGOTIATING write</span><span class="pun">:</span><span class="pln">errno</span><span class="pun">=</span><span class="lit">104</span>

6. การตรวจสอบเรื่อง Compression

การ compression จะเกี่ยวโยงไปยัง 2 ช่องโหว่ดังคือ CRIME และ BREACH โดยเราสามารถตรวจสอบได้ว่า server นั้นรองรับการ compression ได้หรือไม่ โดยใช้คำสั่ง

<span class="pln">openssl s_client </span><span class="pun">-</span><span class="pln">connect example</span><span class="pun">.</span><span class="pln">com</span><span class="pun">:</span><span class="lit">443</span>

1	<span class="pln">openssl s_client </span><span class="pun">-</span><span class="pln">connect example</span><span class="pun">.</span><span class="pln">com</span><span class="pun">:</span><span class="lit">443</span>

หาก server support compression ผลการ response จะคล้ายๆกับตามผลด้านล่างนี้ โดยมีการเขียนว่า “Compression: zlib compression” และ “Compression: 1 (zlib compression)” ซึ่งจะบ่งบอกว่ามีช่องโหว่ CRIME attack และ

<span class="pun">---</span>
<span class="typ">New</span><span class="pun">,</span> <span class="typ">TLSv1</span><span class="pun">/</span><span class="typ">SSLv3</span><span class="pun">,</span> <span class="typ">Cipher</span> <span class="kwd">is</span><span class="pln"> DHE</span><span class="pun">-</span><span class="pln">RSA</span><span class="pun">-</span><span class="pln">AES256</span><span class="pun">-</span><span class="pln">SHA
</span><span class="typ">Server</span> <span class="kwd">public</span><span class="pln"> key </span><span class="kwd">is</span> <span class="lit">2048</span><span class="pln"> bit
</span><span class="typ">Secure</span> <span class="typ">Renegotiation</span><span class="pln"> IS supported
</span><span class="typ">Compression</span><span class="pun">:</span><span class="pln"> zlib compression
</span><span class="typ">Expansion</span><span class="pun">:</span><span class="pln"> zlib compression
SSL</span><span class="pun">-</span><span class="typ">Session</span><span class="pun">:</span>
    <span class="typ">Protocol</span>  <span class="pun">:</span> <span class="typ">TLSv1</span><span class="pun">.</span><span class="lit">1</span>
    <span class="typ">Cipher</span>    <span class="pun">:</span><span class="pln"> DHE</span><span class="pun">-</span><span class="pln">RSA</span><span class="pun">-</span><span class="pln">AES256</span><span class="pun">-</span><span class="pln">SHA
    </span><span class="typ">Session</span><span class="pun">-</span><span class="pln">ID</span><span class="pun">:</span> <span class="lit">50791A02E03E42F8983344B25C8ED4598620518D5C917A3388239AAACE991858</span>
    <span class="typ">Session</span><span class="pun">-</span><span class="pln">ID</span><span class="pun">-</span><span class="pln">ctx</span><span class="pun">:</span> 
    <span class="typ">Master</span><span class="pun">-</span><span class="typ">Key</span><span class="pun">:</span> <span class="lit">9FEDB91F439775B49A5C49342FF53C3DD7384E4AFC33F9C6AFB64EA3D639CA57253AD7D059BA54E01581AD3A73306342</span>
    <span class="typ">Key</span><span class="pun">-</span><span class="typ">Arg</span>   <span class="pun">:</span> <span class="kwd">None</span><span class="pln">
    PSK identity</span><span class="pun">:</span> <span class="kwd">None</span><span class="pln">
    PSK identity hint</span><span class="pun">:</span> <span class="kwd">None</span><span class="pln">
    SRP username</span><span class="pun">:</span> <span class="kwd">None</span><span class="pln">
    TLS session ticket lifetime hint</span><span class="pun">:</span> <span class="lit">300</span> <span class="pun">(</span><span class="pln">seconds</span><span class="pun">)</span><span class="pln">
    TLS session ticket</span><span class="pun">:</span>
    <span class="lit">0000</span> <span class="pun">-</span> <span class="lit">34</span> <span class="lit">38</span> <span class="lit">24</span> <span class="lit">70</span> <span class="lit">35</span> <span class="lit">88</span> <span class="lit">4a</span> <span class="lit">68</span><span class="pun">-</span><span class="lit">0c</span> <span class="lit">80</span><span class="pln"> e6 c5 </span><span class="lit">76</span><span class="pln"> a1 </span><span class="lit">0e</span><span class="pln"> ee   </span><span class="lit">48</span><span class="pln">$p5</span><span class="pun">.</span><span class="typ">Jh</span><span class="pun">....</span><span class="pln">v</span><span class="pun">...</span>
    <span class="lit">0010</span> <span class="pun">-</span> <span class="lit">14</span> <span class="lit">2e</span><span class="pln"> fb ef fa </span><span class="lit">42</span><span class="pln"> f0 c1</span><span class="pun">-</span><span class="lit">58</span><span class="pln"> ee </span><span class="lit">70</span> <span class="lit">02</span> <span class="lit">90</span> <span class="lit">45</span><span class="pln"> f4 </span><span class="lit">8c</span>   <span class="pun">.....</span><span class="pln">B</span><span class="pun">..</span><span class="pln">X</span><span class="pun">.</span><span class="pln">p</span><span class="pun">..</span><span class="pln">E</span><span class="pun">..</span>
    <span class="lit">0020</span> <span class="pun">-</span> <span class="lit">7d</span> <span class="lit">0b</span> <span class="lit">2e</span> <span class="lit">1e</span> <span class="lit">71</span> <span class="lit">70</span><span class="pln"> b0 a2</span><span class="pun">-</span><span class="pln">cc </span><span class="lit">27</span> <span class="lit">1b</span> <span class="lit">13</span> <span class="lit">29</span><span class="pln"> cc f5 ee   </span><span class="pun">}...</span><span class="pln">qp</span><span class="pun">...</span><span class="str">'..)...
    0030 - 84 43 98 fa b1 ae 83 dc-ff 6d aa 07 9f 7a 95 4f   .C.......m...z.O
    0040 - 44 68 63 21 72 d7 b9 18-97 d8 8e d7 61 7d 71 6f   Dhc!r.......a}qo
    0050 - a7 16 85 79 f9 a2 80 2a-b4 bc f9 47 78 6a b7 08   ...y...*...Gxj..
    0060 - f6 4f 09 96 7b e8 d4 9b-26 2d 1a fd 55 fe 6a ab   .O..{...&amp;-..U.j.
    0070 - fc 8d 6d 87 7a 13 e1 a9-0a 05 09 d9 ce ea fe 70   ..m.z..........p
    0080 - 09 c9 5f 33 3c 5f 28 4e-20 3b 3a 10 75 c4 86 45   .._3&lt;_(N ;:.u..E
    0090 - 1d 8b c8 a5 21 89 a1 12-59 b6 0f 55 e3 48 8f 91   ....!...Y..U.H..
    00a0 - 01 af 53 b6                                       ..S.

    Compression: 1 (zlib compression)
    Start Time: 1348073759
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---</span>

---

New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA

Server public key is 2048 bit

Secure Renegotiation IS supported

Compression: zlib compression

Expansion: zlib compression

SSL-Session:

Protocol : TLSv1.1

Cipher : DHE-RSA-AES256-SHA

Session-ID: 50791A02E03E42F8983344B25C8ED4598620518D5C917A3388239AAACE991858

Session-ID-ctx:

Master-Key: 9FEDB91F439775B49A5C49342FF53C3DD7384E4AFC33F9C6AFB64EA3D639CA57253AD7D059BA54E01581AD3A73306342

Key-Arg : None

PSK identity: None

PSK identity hint: None

SRP username: None

TLS session ticket lifetime hint: 300 (seconds)

TLS session ticket:

0000 - 34 38 24 70 35 88 4a 68-0c 80 e6 c5 76 a1 0e ee 48$p5.Jh....v...

0010 - 14 2e fb ef fa 42 f0 c1-58 ee 70 02 90 45 f4 8c .....B..X.p..E..

0020 - 7d 0b 2e 1e 71 70 b0 a2-cc 27 1b 13 29 cc f5 ee }...qp...'..)...

0030 - 84 43 98 fa b1 ae 83 dc-ff 6d aa 07 9f 7a 95 4f .C.......m...z.O

0040 - 44 68 63 21 72 d7 b9 18-97 d8 8e d7 61 7d 71 6f Dhc!r.......a}qo

0050 - a7 16 85 79 f9 a2 80 2a-b4 bc f9 47 78 6a b7 08 ...y...*...Gxj..

0060 - f6 4f 09 96 7b e8 d4 9b-26 2d 1a fd 55 fe 6a ab .O..{...&-..U.j.

0070 - fc 8d 6d 87 7a 13 e1 a9-0a 05 09 d9 ce ea fe 70 ..m.z..........p

0080 - 09 c9 5f 33 3c 5f 28 4e-20 3b 3a 10 75 c4 86 45 .._3<_(N ;:.u..E

0090 - 1d 8b c8 a5 21 89 a1 12-59 b6 0f 55 e3 48 8f 91 ....!...Y..U.H..

00a0 - 01 af 53 b6 ..S.

Compression: 1 (zlib compression)

Start Time: 1348073759

Timeout : 300 (sec)

Verify return code: 20 (unable to get local issuer certificate)

---

หากไม่ support จะแสดงออกมาเป็น “Compression: NONE”.

<span class="pun">---</span>
<span class="typ">New</span><span class="pun">,</span> <span class="typ">TLSv1</span><span class="pun">/</span><span class="typ">SSLv3</span><span class="pun">,</span> <span class="typ">Cipher</span> <span class="kwd">is</span><span class="pln"> ECDHE</span><span class="pun">-</span><span class="pln">RSA</span><span class="pun">-</span><span class="pln">AES128</span><span class="pun">-</span><span class="pln">GCM</span><span class="pun">-</span><span class="pln">SHA256
</span><span class="typ">Server</span> <span class="kwd">public</span><span class="pln"> key </span><span class="kwd">is</span> <span class="lit">2048</span><span class="pln"> bit
</span><span class="typ">Secure</span> <span class="typ">Renegotiation</span><span class="pln"> IS supported
</span><span class="typ">Compression</span><span class="pun">:</span><span class="pln"> NONE
</span><span class="typ">Expansion</span><span class="pun">:</span><span class="pln"> NONE
SSL</span><span class="pun">-</span><span class="typ">Session</span><span class="pun">:</span>
    <span class="typ">Protocol</span>  <span class="pun">:</span> <span class="typ">TLSv1</span><span class="pun">.</span><span class="lit">2</span>
    <span class="typ">Cipher</span>    <span class="pun">:</span><span class="pln"> ECDHE</span><span class="pun">-</span><span class="pln">RSA</span><span class="pun">-</span><span class="pln">AES128</span><span class="pun">-</span><span class="pln">GCM</span><span class="pun">-</span><span class="pln">SHA256
    </span><span class="typ">Session</span><span class="pun">-</span><span class="pln">ID</span><span class="pun">:</span> <span class="lit">7E49EA6457B200B441A26C05F1AE9634AAF97284AC7A12EC58F69CEF5470B052</span>
    <span class="typ">Session</span><span class="pun">-</span><span class="pln">ID</span><span class="pun">-</span><span class="pln">ctx</span><span class="pun">:</span> 
    <span class="typ">Master</span><span class="pun">-</span><span class="typ">Key</span><span class="pun">:</span><span class="pln"> E035F082F5545424373A546A1F76D77673E8AEE018B3F0A3AFD7A3545746013664C18E6BB69F08BFAECA6C7FB3010C9C
    </span><span class="typ">Key</span><span class="pun">-</span><span class="typ">Arg</span>   <span class="pun">:</span> <span class="kwd">None</span><span class="pln">
    PSK identity</span><span class="pun">:</span> <span class="kwd">None</span><span class="pln">
    PSK identity hint</span><span class="pun">:</span> <span class="kwd">None</span><span class="pln">
    SRP username</span><span class="pun">:</span> <span class="kwd">None</span><span class="pln">
    TLS session ticket lifetime hint</span><span class="pun">:</span> <span class="lit">100800</span> <span class="pun">(</span><span class="pln">seconds</span><span class="pun">)</span><span class="pln">
    TLS session ticket</span><span class="pun">:</span>
    <span class="lit">0000</span> <span class="pun">-</span> <span class="lit">66</span> <span class="lit">72</span> <span class="lit">6f</span> <span class="lit">6e</span> <span class="lit">74</span> <span class="lit">70</span> <span class="lit">61</span> <span class="lit">67</span><span class="pun">-</span><span class="lit">65</span> <span class="lit">61</span> <span class="lit">61</span> <span class="lit">61</span> <span class="lit">61</span> <span class="lit">61</span> <span class="lit">61</span> <span class="lit">61</span><span class="pln">   frontpageaaaaaaa
    </span><span class="lit">0010</span> <span class="pun">-</span> <span class="lit">89</span> <span class="lit">55</span><span class="pln"> c6 </span><span class="lit">6a</span> <span class="lit">92</span><span class="pln"> c3 </span><span class="lit">28</span> <span class="lit">85</span><span class="pun">-</span><span class="lit">86</span><span class="pln"> b0 ff c3 </span><span class="lit">08</span> <span class="lit">12</span> <span class="lit">5a</span><span class="pln"> a8   </span><span class="pun">.</span><span class="pln">U</span><span class="pun">.</span><span class="pln">j</span><span class="pun">..(.......</span><span class="pln">Z</span><span class="pun">.</span>
    <span class="lit">0020</span> <span class="pun">-</span><span class="pln"> f2 ec f8 </span><span class="lit">56</span> <span class="lit">6d</span><span class="pln"> d3 </span><span class="lit">29</span> <span class="lit">99</span><span class="pun">-</span><span class="lit">7b</span> <span class="lit">98</span> <span class="lit">90</span><span class="pln"> ef </span><span class="lit">57</span><span class="pln"> fd c6 </span><span class="lit">15</span>   <span class="pun">...</span><span class="typ">Vm</span><span class="pun">.).{...</span><span class="pln">W</span><span class="pun">...</span>
    <span class="lit">0030</span> <span class="pun">-</span><span class="pln"> ee a2 </span><span class="lit">53</span> <span class="lit">4b</span> <span class="lit">43</span><span class="pln"> ef </span><span class="lit">19</span><span class="pln"> ee</span><span class="pun">-</span><span class="lit">41</span> <span class="lit">25</span> <span class="lit">1f</span> <span class="lit">76</span> <span class="lit">28</span> <span class="lit">37</span> <span class="lit">68</span><span class="pln"> b6   </span><span class="pun">..</span><span class="pln">SKC</span><span class="pun">...</span><span class="pln">A</span><span class="pun">%.</span><span class="pln">v</span><span class="pun">(</span><span class="lit">7h</span><span class="pun">.</span>
    <span class="lit">0040</span> <span class="pun">-</span> <span class="lit">64</span><span class="pln"> ca e7 </span><span class="lit">3f</span> <span class="lit">71</span> <span class="lit">01</span> <span class="lit">70</span> <span class="lit">30</span><span class="pun">-</span><span class="lit">35</span> <span class="lit">91</span><span class="pln"> ef bc d8 </span><span class="lit">19</span> <span class="lit">20</span> <span class="lit">4f</span><span class="pln">   d</span><span class="pun">..?</span><span class="pln">q</span><span class="pun">.</span><span class="pln">p05</span><span class="pun">.....</span><span class="pln"> O
    </span><span class="lit">0050</span> <span class="pun">-</span> <span class="lit">9d</span> <span class="lit">9e</span> <span class="lit">2c</span><span class="pln"> ab </span><span class="lit">3f</span> <span class="lit">35</span> <span class="lit">5c</span> <span class="lit">3f</span><span class="pun">-</span><span class="lit">65</span><span class="pln"> f8 c6 </span><span class="lit">9a</span><span class="pln"> a9 </span><span class="lit">90</span><span class="pln"> fa </span><span class="lit">60</span>   <span class="pun">..,.?</span><span class="lit">5</span><span class="pln">\?e</span><span class="pun">......</span><span class="str">`
    0060 - 4d 53 a1 b8 49 8c e7 61-e4 6c e1 51 8e 83 b5 25   MS..I..a.l.Q...%
    0070 - bc 9a 32 d8 fa be 16 a1-ae 3d 8c 0b e3 9e e4 78   ..2......=.....x
    0080 - 77 d7 91 6b a9 a0 01 2b-e1 98 33 d4 2c eb b3 84   w..k...+..3.,...
    0090 - f9 da 0f fa 77 df ac d6-08 b6 34 97 07 d9 b2 58   ....w.....4....X

    Start Time: 1428988675
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---</span>

---

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256

Server public key is 2048 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

SSL-Session:

Protocol : TLSv1.2

Cipher : ECDHE-RSA-AES128-GCM-SHA256

Session-ID: 7E49EA6457B200B441A26C05F1AE9634AAF97284AC7A12EC58F69CEF5470B052

Session-ID-ctx:

Master-Key: E035F082F5545424373A546A1F76D77673E8AEE018B3F0A3AFD7A3545746013664C18E6BB69F08BFAECA6C7FB3010C9C

Key-Arg : None

PSK identity: None

PSK identity hint: None

SRP username: None

TLS session ticket lifetime hint: 100800 (seconds)

TLS session ticket:

0000 - 66 72 6f 6e 74 70 61 67-65 61 61 61 61 61 61 61 frontpageaaaaaaa

0010 - 89 55 c6 6a 92 c3 28 85-86 b0 ff c3 08 12 5a a8 .U.j..(.......Z.

0020 - f2 ec f8 56 6d d3 29 99-7b 98 90 ef 57 fd c6 15 ...Vm.).{...W...

0030 - ee a2 53 4b 43 ef 19 ee-41 25 1f 76 28 37 68 b6 ..SKC...A%.v(7h.

0040 - 64 ca e7 3f 71 01 70 30-35 91 ef bc d8 19 20 4f d..?q.p05..... O

0050 - 9d 9e 2c ab 3f 35 5c 3f-65 f8 c6 9a a9 90 fa 60 ..,.?5\?e......`

0060 - 4d 53 a1 b8 49 8c e7 61-e4 6c e1 51 8e 83 b5 25 MS..I..a.l.Q...%

0070 - bc 9a 32 d8 fa be 16 a1-ae 3d 8c 0b e3 9e e4 78 ..2......=.....x

0080 - 77 d7 91 6b a9 a0 01 2b-e1 98 33 d4 2c eb b3 84 w..k...+..3.,...

0090 - f9 da 0f fa 77 df ac d6-08 b6 34 97 07 d9 b2 58 ....w.....4....X

Start Time: 1428988675

Timeout : 300 (sec)

Verify return code: 20 (unable to get local issuer certificate)

---

หากต้องการตรวจสอบ BREACH ให้ทำการเชื่อมต่อแบบเดิมแบบที่ทำตามข้างต้นแล้วใช้คำสั่งเป็น

<span class="pln">GET </span><span class="pun">/</span><span class="pln"> HTTP</span><span class="pun">/</span><span class="lit">1.1</span>
<span class="typ">Host</span><span class="pun">:</span><span class="pln"> example</span><span class="pun">.</span><span class="pln">com
</span><span class="typ">Accept</span><span class="pun">-</span><span class="typ">Encoding</span><span class="pun">:</span><span class="pln"> compress</span><span class="pun">,</span><span class="pln"> gzip</span>

GET / HTTP/1.1

Host: example.com

Accept-Encoding: compress, gzip

หากมีการ response เป็น encoded data กลับมา ก็จะแสดงว่า support HTTP compression ซึ่งนั่นบ่งบอกถึงว่าปลายทางได้รับผลกระทบจาก BREACH ไปด้วย

7. HEARTBLEED

Heartbleed เป็นช่องโหว่ที่ดังมากใน OpenSSL. ทำให้เราสามารถเข้าไปดึง memory contents ของเครื่องออกมาได้ โดย OpenSSL ที่ได้รับผลกระทบคือ

• OpenSSL 1.0.1 – 1.0.1f (inclusive)

ตัวที่ไม่ได้รับผลกระทบคือ

• OpenSSL 1.0.1g

• OpenSSL 1.0.0 branch

• OpenSSL 0.9.8 branch

เราสามารถใช้ nmap ในการตรวจสอบได้โดยใช้คำสั่ง

<span class="pln">nmap </span><span class="pun">-</span><span class="pln">p </span><span class="lit">443</span> <span class="pun">--</span><span class="pln">script ssl</span><span class="pun">-</span><span class="pln">heartbleed </span><span class="pun">--</span><span class="pln">script</span><span class="pun">-</span><span class="pln">args vulns</span><span class="pun">.</span><span class="pln">showall example</span><span class="pun">.</span><span class="pln">com</span>

nmap -p 443 --script ssl-heartbleed --script-args vulns.showall example.com

จะได้ผลลัพธ์ออกมาเป็น

<span class="pln">PORT    STATE SERVICE
</span><span class="lit">443</span><span class="pun">/</span><span class="pln">tcp open  https
</span><span class="pun">|</span><span class="pln"> ssl</span><span class="pun">-</span><span class="pln">heartbleed</span><span class="pun">:</span>
<span class="pun">|</span><span class="pln">   VULNERABLE</span><span class="pun">:</span>
<span class="pun">|</span>   <span class="typ">The</span> <span class="typ">Heartbleed</span> <span class="typ">Bug</span> <span class="kwd">is</span><span class="pln"> a serious vulnerability </span><span class="kwd">in</span><span class="pln"> the popular </span><span class="typ">OpenSSL</span><span class="pln"> cryptographic software library</span><span class="pun">.</span> <span class="typ">It</span><span class="pln"> allows </span><span class="kwd">for</span><span class="pln"> stealing information intended to be </span><span class="kwd">protected</span> <span class="kwd">by</span><span class="pln"> SSL</span><span class="pun">/</span><span class="pln">TLS encryption</span><span class="pun">.</span>
<span class="pun">|</span>     <span class="typ">State</span><span class="pun">:</span><span class="pln"> VULNERABLE
</span><span class="pun">|</span>     <span class="typ">Risk</span><span class="pln"> factor</span><span class="pun">:</span> <span class="typ">High</span>
<span class="pun">|</span>     <span class="typ">Description</span><span class="pun">:</span>
<span class="pun">|</span>       <span class="typ">OpenSSL</span><span class="pln"> versions </span><span class="lit">1.0</span><span class="pun">.</span><span class="lit">1</span> <span class="kwd">and</span> <span class="lit">1.0</span><span class="pun">.</span><span class="lit">2</span><span class="pun">-</span><span class="pln">beta releases </span><span class="pun">(</span><span class="pln">including </span><span class="lit">1.0</span><span class="pun">.</span><span class="lit">1f</span> <span class="kwd">and</span> <span class="lit">1.0</span><span class="pun">.</span><span class="lit">2</span><span class="pun">-</span><span class="pln">beta1</span><span class="pun">)</span><span class="pln"> of </span><span class="typ">OpenSSL</span><span class="pln"> are affected </span><span class="kwd">by</span><span class="pln"> the </span><span class="typ">Heartbleed</span><span class="pln"> bug</span><span class="pun">.</span> <span class="typ">The</span><span class="pln"> bug allows </span><span class="kwd">for</span><span class="pln"> reading memory of systems </span><span class="kwd">protected</span> <span class="kwd">by</span><span class="pln"> the vulnerable </span><span class="typ">OpenSSL</span><span class="pln"> versions </span><span class="kwd">and</span><span class="pln"> could allow </span><span class="kwd">for</span><span class="pln"> disclosure of otherwise encrypted confidential information </span><span class="kwd">as</span><span class="pln"> well </span><span class="kwd">as</span><span class="pln"> the encryption keys themselves</span><span class="pun">.</span>
<span class="pun">|</span>
<span class="pun">|</span>     <span class="typ">References</span><span class="pun">:</span>
<span class="pun">|</span><span class="pln">       https</span><span class="pun">:</span><span class="com">//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160</span>
<span class="pun">|</span><span class="pln">       http</span><span class="pun">:</span><span class="com">//www.openssl.org/news/secadv_20140407.txt</span>
<span class="pun">|</span><span class="pln">_      http</span><span class="pun">:</span><span class="com">//cvedetails.com/cve/2014-0160/</span>

PORT STATE SERVICE

443/tcp open https

| ssl-heartbleed:

| VULNERABLE:

| The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.

| State: VULNERABLE

| Risk factor: High

| Description:

| OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.

|

| References:

| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

| http://www.openssl.org/news/secadv_20140407.txt

|_ http://cvedetails.com/cve/2014-0160/

8. CHANGE CIPHER SPEC INJECTION

อันนี้เป็นจุดอ่อนที่เกิดขึ้นใน OpenSSL โดยเกิดใน

• OpenSSL 1.0.1 – 1.0.1g

• OpenSSL 1.0.0 – 1.0.0l

• OpenSSL version ก่อนหน้า 0.9.8y

เราสามารถทดสอบได้โดยการ download NSE script จาก https://nmap.org/nsedoc/scripts/ssl-ccs-injection.html. แล้วใช้คำสั่ง

<span class="pln">nmap </span><span class="pun">-</span><span class="pln">p </span><span class="lit">443</span> <span class="pun">--</span><span class="pln">script ssl</span><span class="pun">-</span><span class="pln">ccs</span><span class="pun">-</span><span class="pln">injection example</span><span class="pun">.</span><span class="pln">com</span>

nmap -p 443 --script ssl-ccs-injection example.com

ผลลัพธ์ที่ได้

<span class="pln">PORT    STATE SERVICE
</span><span class="lit">443</span><span class="pun">/</span><span class="pln">tcp open  https
</span><span class="pun">|</span><span class="pln"> ssl</span><span class="pun">-</span><span class="pln">ccs</span><span class="pun">-</span><span class="pln">injection</span><span class="pun">:</span>
<span class="pun">|</span><span class="pln">   VULNERABLE</span><span class="pun">:</span>
<span class="pun">|</span><span class="pln">   SSL</span><span class="pun">/</span><span class="pln">TLS MITM vulnerability </span><span class="pun">(</span><span class="pln">CCS </span><span class="typ">Injection</span><span class="pun">)</span>
<span class="pun">|</span>     <span class="typ">State</span><span class="pun">:</span><span class="pln"> VULNERABLE
</span><span class="pun">|</span>     <span class="typ">Risk</span><span class="pln"> factor</span><span class="pun">:</span> <span class="typ">High</span>
<span class="pun">|</span>     <span class="typ">Description</span><span class="pun">:</span>
<span class="pun">|</span>       <span class="typ">OpenSSL</span><span class="pln"> before </span><span class="lit">0.9</span><span class="pun">.</span><span class="lit">8za</span><span class="pun">,</span> <span class="lit">1.0</span><span class="pun">.</span><span class="lit">0</span><span class="pln"> before </span><span class="lit">1.0</span><span class="pun">.</span><span class="lit">0m</span><span class="pun">,</span> <span class="kwd">and</span> <span class="lit">1.0</span><span class="pun">.</span><span class="lit">1</span><span class="pln"> before
</span><span class="pun">|</span>       <span class="lit">1.0</span><span class="pun">.</span><span class="lit">1h</span><span class="pln"> does </span><span class="kwd">not</span><span class="pln"> properly </span><span class="kwd">restrict</span><span class="pln"> processing of </span><span class="typ">ChangeCipherSpec</span>
<span class="pun">|</span><span class="pln">       messages</span><span class="pun">,</span><span class="pln"> which allows man</span><span class="pun">-</span><span class="kwd">in</span><span class="pun">-</span><span class="pln">the</span><span class="pun">-</span><span class="pln">middle attackers to trigger </span><span class="kwd">use</span>
<span class="pun">|</span><span class="pln">       of a zero</span><span class="pun">-</span><span class="pln">length master key </span><span class="kwd">in</span><span class="pln"> certain </span><span class="typ">OpenSSL</span><span class="pun">-</span><span class="pln">to</span><span class="pun">-</span><span class="typ">OpenSSL</span>
<span class="pun">|</span><span class="pln">       communications</span><span class="pun">,</span> <span class="kwd">and</span><span class="pln"> consequently hijack sessions </span><span class="kwd">or</span><span class="pln"> obtain
</span><span class="pun">|</span><span class="pln">       sensitive information</span><span class="pun">,</span><span class="pln"> via a crafted TLS handshake</span><span class="pun">,</span><span class="pln"> aka the
</span><span class="pun">|</span>       <span class="str">"CCS Injection"</span><span class="pln"> vulnerability</span><span class="pun">.</span>
<span class="pun">|</span>
<span class="pun">|</span>     <span class="typ">References</span><span class="pun">:</span>
<span class="pun">|</span><span class="pln">       https</span><span class="pun">:</span><span class="com">//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224</span>
<span class="pun">|</span><span class="pln">       http</span><span class="pun">:</span><span class="com">//www.cvedetails.com/cve/2014-0224</span>
<span class="pun">|</span><span class="pln">_      http</span><span class="pun">:</span><span class="com">//www.openssl.org/news/secadv_20140605.txt</span>

PORT STATE SERVICE

443/tcp open https

| ssl-ccs-injection:

| VULNERABLE:

| SSL/TLS MITM vulnerability (CCS Injection)

| State: VULNERABLE

| Risk factor: High

| Description:

| OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before

| 1.0.1h does not properly restrict processing of ChangeCipherSpec

| messages, which allows man-in-the-middle attackers to trigger use

| of a zero-length master key in certain OpenSSL-to-OpenSSL

| communications, and consequently hijack sessions or obtain

| sensitive information, via a crafted TLS handshake, aka the

| "CCS Injection" vulnerability.

|

| References:

| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

| http://www.cvedetails.com/cve/2014-0224

|_ http://www.openssl.org/news/secadv_20140605.txt

Source

https://www.contextis.com/en/blog/manually-testing-ssl-tls-weaknesses

ตรวจสอบ SSL issue

1. SSLv2 Support

2. SSLv3 Support

3. ตรวจสอบ Cipher Suites

3. ตรวจสอบ Certificate

4. ตรวจสอบ Renegotiation

5. ตรวจสอบ CLIENT INITIATED RENEGOTIATION

6. การตรวจสอบเรื่อง Compression

7. HEARTBLEED

8. CHANGE CIPHER SPEC INJECTION

Source

techsuii-admin

Leave a Reply Cancel reply

Security References

LINE@Techsuii.com

Facebook

Recent Posts

Recent Comments

Archives

Categories

Meta

Creative Common

Facebook

Latest News

Cyber Security and Privacy Foundation ออก course สอนการเขียน code อย่างไรให้ปลอดภัย

Alien Vault ออกเอกสารการคอย monitor security ให้กับ AWS

VDO: OWASP AppSecUSA 2018

VDO: Malware Analysis จาก University of Cincinnati Computer Science department.

StatCounter ถูกแฮ็คเพื่อใช้โจมตี Cryptocurrency Exchange

ตรวจสอบ SSL issue

1. SSLv2 Support

2. SSLv3 Support

3. ตรวจสอบ Cipher Suites

3. ตรวจสอบ Certificate

4. ตรวจสอบ Renegotiation

5. ตรวจสอบ CLIENT INITIATED RENEGOTIATION

6. การตรวจสอบเรื่อง Compression

7. HEARTBLEED

8. CHANGE CIPHER SPEC INJECTION

Source

ว่าด้วยเรื่อง Vulnerability Assessment และ Penetration Test

Howto: แก้ไข systemd เมื่อ upgrade Ubuntu 18.04

You May also Like

Leave a Reply Cancel reply

Security References

LINE@Techsuii.com

Facebook

Recent Posts

Recent Comments

Archives

Categories

Meta