เราทราบกันดีอยู่แล้วว่า ณ ปัจจุบันเว็บไซด์ส่วนใหญ่เป็น HTTPS ไปหมดแล้ว ซึ่ง HTTPS ที่ว่าคือการใช้งาน protocol ssl/tls นั่นเอง ซึ่งแน่นอนว่าเมื่อมีการใช้งาน protocol ที่แตกต่างจากเดิม ปัญหาที่อาจจะเกิดขึ้นนั้นก็ต้องทดสอบแตกต่างไปจากเดิมเช่นกัน โดยปกติตัวผมเองมักจะใช้ testssl.sh ในการทดสอบหาปัญหา (issue) ของ HTTPS ต่างๆ ซึ่งเราสามารถตรวจสอบผลที่ได้จาก testssl.sh ได้โดยทำตามแต่ละ issue ดังต่อไปนี้
*** หมายเหตุ 1# ข้อ 1,2 จะไม่สามารถทดสอบได้ด้วย openssl ตัวใหม่ๆ ต้องใช้ตัวเก่าๆหรือไม่ก็เครื่องมืออื่นในการทดสอบแทนครับ
1. SSLv2 Support
ปัญหานี้เราแค่ตรวจสอบเพื่อยืนยันว่ามีการใช้งาน sslv2 จริงหรือไม่โดยใช้คำสั่งเป็น
1 |
<span class="pln">openssl s_client </span><span class="pun">–</span><span class="pln">ssl2 </span><span class="pun">-</span><span class="pln">connect <TARGET></span><span class="pun">:</span><span class="lit"><PORT></span> |
หาก support ตัว server จะ response กลับมาด้วย certificate
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
<span class="pln">openssl s_client </span><span class="pun">-</span><span class="pln">ssl2 </span><span class="pun">-</span><span class="pln">connect </span><span class="lit">10.0</span><span class="pun">.</span><span class="lit">0.1</span><span class="pun">:</span><span class="lit">443</span><span class="pln"> CONNECTED</span><span class="pun">(</span><span class="lit">00000003</span><span class="pun">)</span><span class="pln"> depth</span><span class="pun">=</span><span class="lit">0</span> <span class="pun">/</span><span class="pln">C</span><span class="pun">=</span><span class="pln">AU</span><span class="pun">/</span><span class="pln">ST</span><span class="pun">=</span><span class="str">/L=/</span><span class="pln">O</span><span class="pun">=</span><span class="typ">Context</span><span class="pun">/</span><span class="pln">OU</span><span class="pun">=</span><span class="pln">context</span><span class="pun">/</span><span class="pln">CN</span><span class="pun">=</span><span class="pln">sslserver verify error</span><span class="pun">:</span><span class="pln">num</span><span class="pun">=</span><span class="lit">18</span><span class="pun">:</span><span class="kwd">self</span> <span class="kwd">signed</span><span class="pln"> certificate verify </span><span class="kwd">return</span><span class="pun">:</span><span class="lit">1</span><span class="pln"> depth</span><span class="pun">=</span><span class="lit">0</span> <span class="pun">/</span><span class="pln">C</span><span class="pun">=</span><span class="pln">AU</span><span class="pun">/</span><span class="pln">ST</span><span class="pun">=</span><span class="str">/L=/</span><span class="pln">O</span><span class="pun">=</span><span class="typ">Context</span><span class="pun">/</span><span class="pln">OU</span><span class="pun">=</span><span class="pln">context</span><span class="pun">/</span><span class="pln">CN</span><span class="pun">=</span><span class="pln">sslserver verify </span><span class="kwd">return</span><span class="pun">:</span><span class="lit">1</span> <span class="pun">---</span> <span class="typ">Server</span><span class="pln"> certificate </span><span class="pun">-----</span><span class="kwd">BEGIN</span><span class="pln"> CERTIFICATE</span><span class="pun">-----</span> <span class="typ">MIICnjCCAgugAwIBAgIJAPB2liVH7xRsMA0GCSqGSIb3DQEBBQUAMGwxCzAJBgNV</span> <span class="typ">BAYTAkFVMREwDwYDVQQIDAhWaWN0b3JpYTESMBAGA1UEBwwJTWVsYm91cm5lMRAw</span> <span class="typ">DgYDVQQKDAdDb250ZXh0MRAwDgYDVQQLDAdQbGF5cGVuMRIwEAYDVQQDDAlzc2xz</span><span class="pln"> ZXJ2ZXIwHhcNMTQwMTE3MDMwNjAxWhcNMTcxMDEzMDMwNjAxWjBsMQswCQYDVQQG </span><span class="typ">EwJBVTERMA8GA1UECAwIVmljdG9yaWExEjAQBgNVBAcMCU1lbGJvdXJuZTEQMA4G</span><span class="pln"> A1UECgwHQ29udGV4dDEQMA4GA1UECwwHUGxheXBlbjESMBAGA1UEAwwJc3Nsc2Vy dmVyMIGbMA0GCSqGSIb3DQEBAQUAA4GJADCBhQJ</span><span class="pun">+</span><span class="typ">AJdlQF95PWaFnmN0hQd5BYUf</span><span class="pln"> SALBHBDO</span><span class="pun">+</span><span class="typ">JkNIPj5evYEAoPql3Am6Uphv3Pxyd</span><span class="pun">+</span><span class="pln">scDowb7UrReH8dBltxfz0Id4V </span><span class="lit">3wpSJRdwo4Gx8xx27tLjDqbTaPKfSRWGpr0s2S2KJerr3XJvTDtWoiHN3zsx5kLU</span><span class="pln"> qvKTm</span><span class="pun">+</span><span class="lit">3LNHp7DgwNAgMBAAGjUDBOMB0GA1UdDgQWBBS5W</span><span class="pun">+</span><span class="pln">orwrw8K5LuFRykGg9w </span><span class="lit">1DCanzAfBgNVHSMEGDAWgBS5W</span><span class="pun">+</span><span class="pln">orwrw8K5LuFRykGg9w1DCanzAMBgNVHRMEBTAD AQH</span><span class="pun">/</span><span class="pln">MA0GCSqGSIb3DQEBBQUAA34AegQVwKLQseAu7krFdsrfL117Sfpk7BuucJXJ nNbg9WRKFk5raikmp1nc5zLRZ4c6waDSX</span><span class="pun">/</span><span class="pln">rrT2g06IXSAJXmv5d2NYU</span><span class="pun">+</span><span class="lit">5YECJnY5</span> <span class="typ">ApexOlQJvsunKXZdJvBC6FijyLGi8G9zbA5S</span><span class="pun">++</span><span class="typ">JQkXWtiiICPGF2afYI5ahBgGO2</span><span class="pln"> hgE</span><span class="pun">=</span> <span class="pun">-----</span><span class="kwd">END</span><span class="pln"> CERTIFICATE</span><span class="pun">-----</span><span class="pln"> subject</span><span class="pun">=</span><span class="str">/C=AU/</span><span class="pln">ST</span><span class="pun">=</span><span class="str">/L=/</span><span class="pln">O</span><span class="pun">=</span><span class="typ">Context</span><span class="pun">/</span><span class="pln">OU</span><span class="pun">=</span><span class="pln">context</span><span class="pun">/</span><span class="pln">CN</span><span class="pun">=</span><span class="pln">sslserver issuer</span><span class="pun">=</span><span class="str">/C=AU/</span><span class="pln">ST</span><span class="pun">=</span><span class="str">/L=/</span><span class="pln">O</span><span class="pun">=</span><span class="typ">Context</span><span class="pun">/</span><span class="pln">OU</span><span class="pun">=</span><span class="pln">context</span><span class="pun">/</span><span class="pln">CN</span><span class="pun">=</span><span class="pln">sslserver </span><span class="pun">---</span> <span class="typ">No</span><span class="pln"> client certificate CA names sent </span><span class="pun">---</span> <span class="typ">Ciphers</span><span class="pln"> common between both SSL endpoints</span><span class="pun">:</span><span class="pln"> RC4</span><span class="pun">-</span><span class="pln">MD5 EXP</span><span class="pun">-</span><span class="pln">RC4</span><span class="pun">-</span><span class="pln">MD5 RC2</span><span class="pun">-</span><span class="pln">CBC</span><span class="pun">-</span><span class="pln">MD5 EXP</span><span class="pun">-</span><span class="pln">RC2</span><span class="pun">-</span><span class="pln">CBC</span><span class="pun">-</span><span class="pln">MD5 DES</span><span class="pun">-</span><span class="pln">CBC</span><span class="pun">-</span><span class="pln">MD5 DES</span><span class="pun">-</span><span class="pln">CBC3</span><span class="pun">-</span><span class="pln">MD5 </span><span class="pun">---</span><span class="pln"> SSL handshake has read </span><span class="lit">807</span><span class="pln"> bytes </span><span class="kwd">and</span><span class="pln"> written </span><span class="lit">233</span><span class="pln"> bytes </span><span class="pun">---</span> <span class="typ">New</span><span class="pun">,</span> <span class="typ">SSLv2</span><span class="pun">,</span> <span class="typ">Cipher</span> <span class="kwd">is</span><span class="pln"> DES</span><span class="pun">-</span><span class="pln">CBC3</span><span class="pun">-</span><span class="pln">MD5 </span><span class="typ">Server</span> <span class="kwd">public</span><span class="pln"> key </span><span class="kwd">is</span> <span class="lit">1000</span><span class="pln"> bit </span><span class="typ">Secure</span> <span class="typ">Renegotiation</span><span class="pln"> IS NOT supported </span><span class="typ">Compression</span><span class="pun">:</span><span class="pln"> NONE </span><span class="typ">Expansion</span><span class="pun">:</span><span class="pln"> NONE SSL</span><span class="pun">-</span><span class="typ">Session</span><span class="pun">:</span> <span class="typ">Protocol</span> <span class="pun">:</span> <span class="typ">SSLv2</span> <span class="typ">Cipher</span> <span class="pun">:</span><span class="pln"> DES</span><span class="pun">-</span><span class="pln">CBC3</span><span class="pun">-</span><span class="pln">MD5 </span><span class="typ">Session</span><span class="pun">-</span><span class="pln">ID</span><span class="pun">:</span> <span class="lit">3BD641677102DBE9BDADF9B990D2D716</span> <span class="typ">Session</span><span class="pun">-</span><span class="pln">ID</span><span class="pun">-</span><span class="pln">ctx</span><span class="pun">:</span> <span class="typ">Master</span><span class="pun">-</span><span class="typ">Key</span><span class="pun">:</span><span class="pln"> D2AAB3751263EB53BAD83453D26A09DA1F700059FD16B510 </span><span class="typ">Key</span><span class="pun">-</span><span class="typ">Arg</span> <span class="pun">:</span><span class="pln"> DB92A6A80BF4CA4A </span><span class="typ">Start</span> <span class="typ">Time</span><span class="pun">:</span> <span class="lit">1390178607</span> <span class="typ">Timeout</span> <span class="pun">:</span> <span class="lit">300</span> <span class="pun">(</span><span class="pln">sec</span><span class="pun">)</span> <span class="typ">Verify</span> <span class="kwd">return</span><span class="pln"> code</span><span class="pun">:</span> <span class="lit">18</span> <span class="pun">(</span><span class="kwd">self</span> <span class="kwd">signed</span><span class="pln"> certificate</span><span class="pun">)</span> |
หากไม่ support จะขึ้นเป็น
1 2 |
<span class="pln">CONNECTED</span><span class="pun">(</span><span class="lit">00000003</span><span class="pun">)</span> <span class="lit">458</span><span class="pun">:</span><span class="pln">error</span><span class="pun">:</span><span class="lit">1407F0E5</span><span class="pun">:</span><span class="pln">SSL routines</span><span class="pun">:</span><span class="pln">SSL2_WRITE</span><span class="pun">:</span><span class="pln">ssl handshake failure</span><span class="pun">:</span><span class="pln">s2_pkt</span><span class="pun">.</span><span class="pln">c</span><span class="pun">:</span><span class="lit">428</span><span class="pun">:</span> |
2. SSLv3 Support
อันนี้จะคล้ายๆกับ sslv3 ว่า server ปลายทาง support หรือไม่ไม่โดยใช้คำสั่งเป็น
1 |
<span class="pln">openssl s_client </span><span class="pun">–</span><span class="pln">ssl3 </span><span class="pun">-</span><span class="pln">connect <TARGET></span><span class="pun">:</span><span class="lit"><PORT></span> |
หากสำเร็จ จะได้ผลลัพธ์ออกมาเป็น
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
<span class="pln">openssl s_client </span><span class="pun">-</span><span class="pln">ssl3 </span><span class="pun">-</span><span class="pln">connect google</span><span class="pun">.</span><span class="pln">com</span><span class="pun">:</span><span class="lit">443</span><span class="pln"> CONNECTED</span><span class="pun">(</span><span class="lit">00000003</span><span class="pun">)</span><span class="pln"> depth</span><span class="pun">=</span><span class="lit">2</span> <span class="pun">/</span><span class="pln">C</span><span class="pun">=</span><span class="pln">US</span><span class="pun">/</span><span class="pln">O</span><span class="pun">=</span><span class="typ">GeoTrust</span> <span class="typ">Inc</span><span class="pun">./</span><span class="pln">CN</span><span class="pun">=</span><span class="typ">GeoTrust</span> <span class="typ">Global</span><span class="pln"> CA verify error</span><span class="pun">:</span><span class="pln">num</span><span class="pun">=</span><span class="lit">20</span><span class="pun">:</span><span class="pln">unable to </span><span class="kwd">get</span> <span class="kwd">local</span><span class="pln"> issuer certificate verify </span><span class="kwd">return</span><span class="pun">:</span><span class="lit">0</span> <span class="pun">---</span> <span class="typ">Certificate</span><span class="pln"> chain </span><span class="pun">---</span> <span class="typ">Certificate</span><span class="pln"> details removed </span><span class="kwd">for</span><span class="pln"> brevity </span><span class="pun">---</span> <span class="pun">---</span> <span class="typ">New</span><span class="pun">,</span> <span class="typ">TLSv1</span><span class="pun">/</span><span class="typ">SSLv3</span><span class="pun">,</span> <span class="typ">Cipher</span> <span class="kwd">is</span><span class="pln"> RC4</span><span class="pun">-</span><span class="pln">SHA </span><span class="typ">Server</span> <span class="kwd">public</span><span class="pln"> key </span><span class="kwd">is</span> <span class="lit">2048</span><span class="pln"> bit </span><span class="typ">Secure</span> <span class="typ">Renegotiation</span><span class="pln"> IS supported </span><span class="typ">Compression</span><span class="pun">:</span><span class="pln"> NONE </span><span class="typ">Expansion</span><span class="pun">:</span><span class="pln"> NONE SSL</span><span class="pun">-</span><span class="typ">Session</span><span class="pun">:</span> <span class="typ">Protocol</span> <span class="pun">:</span> <span class="typ">SSLv3</span> <span class="typ">Cipher</span> <span class="pun">:</span><span class="pln"> RC4</span><span class="pun">-</span><span class="pln">SHA </span><span class="typ">Session</span><span class="pun">-</span><span class="pln">ID</span><span class="pun">:</span> <span class="lit">6E461AEAD8C1516F9D8950A9B5E735F9882BFC6EA0838D81CFD41C01A3799A41</span> <span class="typ">Session</span><span class="pun">-</span><span class="pln">ID</span><span class="pun">-</span><span class="pln">ctx</span><span class="pun">:</span> <span class="typ">Master</span><span class="pun">-</span><span class="typ">Key</span><span class="pun">:</span> <span class="lit">7E7680640BB7E2C83CBE87342727E0D09AC10EEEB095A8C0A2501EAE80FA1C20D3F3FE4346B1234057D6D506420273FA</span> <span class="typ">Key</span><span class="pun">-</span><span class="typ">Arg</span> <span class="pun">:</span> <span class="kwd">None</span> <span class="typ">Start</span> <span class="typ">Time</span><span class="pun">:</span> <span class="lit">1421296281</span> <span class="typ">Timeout</span> <span class="pun">:</span> <span class="lit">7200</span> <span class="pun">(</span><span class="pln">sec</span><span class="pun">)</span> <span class="typ">Verify</span> <span class="kwd">return</span><span class="pln"> code</span><span class="pun">:</span> <span class="lit">0</span> <span class="pun">(</span><span class="pln">ok</span><span class="pun">)</span> <span class="pun">---</span> |
3. ตรวจสอบ Cipher Suites
อันนี้เป็นการตรวจสอบว่า server ปลายทาง support การใช้งาน cipher suite อะไรบ้าง โดยยกตัวอย่างเช่น
TLS_RSA_WITH_AES_128_CBC_SHA
- RSA คือ Key exchange algorithm
- AES_128_CBC จะเป็นการเข้ารหัสที่ใช้ (AES ที่ใช้ 128 bit key ในรูปแบบของ Cipher-Block Chaining mode และใช้ SHA เป็น Message Authentication Code (MAC) นั่นเอง
เราสามารถใช้ Nmap และ NSE (Nmap Script Engine) ในการ scan ได้โดยใช้คำสั่ง
1 |
<span class="pln">nmap </span><span class="pun">--</span><span class="pln">script ssl</span><span class="pun">-</span><span class="kwd">enum</span><span class="pun">-</span><span class="pln">ciphers </span><span class="pun">-</span><span class="pln">p </span><span class="lit">443</span><span class="pln"> example</span><span class="pun">.</span><span class="pln">com</span> |
ยกตัวอย่างเช่น
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
nmap --script ssl-enum-ciphers -p 443 techsuii.com Starting Nmap 7.70SVN ( https://nmap.org ) at 2019-05-14 16:27 +07 Nmap scan report for techsuii.com (45.76.187.195) Host is up (0.0059s latency). rDNS record for 45.76.187.195: 45.76.187.195.vultr.com PORT STATE SERVICE 443/tcp open https | ssl-enum-ciphers: | TLSv1.1: | ciphers: | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A | compressors: | NULL | cipher preference: server | TLSv1.2: | ciphers: | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp384r1) - A | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp384r1) - A | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp384r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A | compressors: | NULL | cipher preference: server |_ least strength: A Nmap done: 1 IP address (1 host up) scanned in 3.72 seconds |
3. ตรวจสอบ Certificate
การตรวจสอบ Certificate นั้นเป็นการตรวจสอบว่า certificate นั้นน่าเชื่อถือหรือไม่
หากต้องการตรวจสอบ certificate เราสามารถทำได้โดยใช้คำสั่ง
1 |
<span class="pln">openssl s_client </span><span class="pun">-</span><span class="pln">connect techsuii</span><span class="pun">.</span><span class="pln">com</span><span class="pun">:</span><span class="lit">443</span> <span class="pun">|</span><span class="pln"> openssl x509 </span><span class="pun">-</span><span class="pln">noout </span><span class="pun">-</span><span class="pln">text</span> |
ตัวอย่างจาก techsuii.com
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 |
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify return:1 depth=0 CN = www.techsuii.com verify return:1 Certificate: Data: Version: 3 (0x2) Serial Number: 03:22:10:9a:9c:90:9c:87:4c:ee:e8:ae:f1:60:7a:c4:96:27 Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 Validity Not Before: Mar 21 02:40:13 2019 GMT Not After : Jun 19 02:40:13 2019 GMT Subject: CN = www.techsuii.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:bb:47:70:07:07:1f:0c:22:27:d4:18:73:e5:64: 08:35:01:26:5e:e6:55:75:29:94:7f:90:71:ff:35: 48:f6:56:26:f4:7d:7c:e0:43:f1:ae:71:d5:57:6f: 18:b0:de:0a:42:c6:66:84:da:ea:0c:4f:5e:8c:c2: f0:53:f9:56:7d:55:b2:c3:49:67:01:c3:1a:e7:4d: 7d:aa:dc:fb:eb:40:1e:d5:30:20:c8:35:65:ba:8f: 0e:40:ff:22:d7:90:1c:a5:fa:11:b8:56:45:4e:d0: 73:b3:12:7a:85:ef:ec:c4:2b:4f:12:cf:57:ec:0a: 3c:fe:01:af:26:b9:10:0a:c5:b1:0a:0c:8b:c7:d4: 75:51:0e:87:22:bb:b7:f7:7c:1b:13:f2:55:a9:c5: 47:dd:9d:66:7b:3b:40:8b:93:df:64:23:fc:4b:8c: 08:99:2e:a5:36:d7:3e:b9:3a:01:ea:6c:74:a2:23: 83:53:90:40:e4:a2:f0:db:84:66:52:15:c1:12:2c: 63:c7:36:f0:26:4c:18:e0:00:69:b9:a6:bb:4a:f2: 39:a1:4d:24:b9:0b:a1:4c:2e:c6:ce:cf:90:86:7d: 14:81:8b:a2:ce:bd:12:a1:f5:d3:95:7d:26:5a:fc: 1f:40:1c:69:95:3f:75:00:2d:cb:de:6f:9b:ca:fa: a8:eb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: AA:39:BE:66:7B:FD:6A:91:B0:68:3A:B7:CD:11:14:25:30:EB:E1:AC X509v3 Authority Key Identifier: keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1 Authority Information Access: OCSP - URI:http://ocsp.int-x3.letsencrypt.org CA Issuers - URI:http://cert.int-x3.letsencrypt.org/ X509v3 Subject Alternative Name: DNS:www.techsuii.com X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 74:7E:DA:83:31:AD:33:10:91:21:9C:CE:25:4F:42:70: C2:BF:FD:5E:42:20:08:C6:37:35:79:E6:10:7B:CC:56 Timestamp : Mar 21 03:40:13.606 2019 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:13:4A:8D:71:FC:EB:EC:C1:BD:D2:AA:BC: 66:7A:37:6A:90:F4:F1:D9:4B:12:A4:72:E8:A0:47:6C: 60:18:20:BE:02:21:00:B9:B9:55:4A:07:AF:46:25:3B: F8:6A:14:7E:91:F9:C5:5A:05:98:94:1A:C3:60:60:FB: BD:FC:B5:08:53:56:CF Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 29:3C:51:96:54:C8:39:65:BA:AA:50:FC:58:07:D4:B7: 6F:BF:58:7A:29:72:DC:A4:C3:0C:F4:E5:45:47:F4:78 Timestamp : Mar 21 03:40:14.109 2019 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:59:D3:87:23:1C:E2:DE:81:16:A3:CE:17: 68:C4:C3:C9:E1:7F:04:33:D7:C0:7F:C8:4E:9B:BE:6D: 10:CD:D0:58:02:20:7F:76:BA:69:B9:90:9F:12:93:84: E0:DB:37:41:A2:E6:58:3A:86:B2:C9:EF:87:15:EC:72: 95:A8:52:08:F2:51 Signature Algorithm: sha256WithRSAEncryption 55:e4:5e:9d:8a:ee:19:36:40:4a:bb:0e:f3:9b:d1:ef:17:cf: 72:1f:ea:46:db:29:80:5b:d3:bb:b7:0e:bb:83:a4:ea:3b:cb: dc:38:29:a4:9a:a9:24:13:60:57:1b:15:82:8b:e0:e1:ef:ee: 89:0b:12:17:21:95:bc:5c:6b:25:c8:14:48:91:0c:b6:c6:36: 9d:f1:46:78:17:31:74:2d:4a:4e:04:52:69:ba:ce:15:e3:78: 86:79:b1:cf:16:8c:01:b1:87:40:91:10:c5:f6:1b:18:98:30: 00:e3:4e:35:75:43:e5:7a:93:0c:19:43:bf:82:56:65:ca:02: 97:7d:de:52:38:87:86:58:18:0e:df:f8:a1:ab:b6:fe:11:a9: 34:2c:e3:fa:d1:13:1b:3d:97:46:23:56:e4:47:e1:88:2a:0f: fe:e5:b4:9d:12:25:76:1e:85:b8:a1:6a:7d:7d:0e:6a:73:de: 42:66:9a:0b:45:6f:2b:1f:c6:93:9f:ac:16:8d:c2:99:d6:15: ca:ad:8f:36:3f:73:7e:00:dd:71:7b:f8:97:b8:e7:53:4d:a1: f5:28:be:d7:b3:32:33:af:15:47:8b:86:f8:71:1d:90:c7:b9: c1:98:7f:af:6c:68:ec:c7:23:63:c9:19:fd:3c:8f:b4:ec:1f: 3a:c6:14:c0 |
4. ตรวจสอบ Renegotiation
SSL/TLS Protocol อนุญาตให้ client และ server สามารถทำการตกลงแลกเปลี่ยน encryption ของ key ใหม่ได้ระหว่าง session ซึ่งเป็นช่องโหว่ในปี 2009 ซึ่งทำให้ attacker สามารถที่จะ inject content เข้าไปในส่วน start session ได้ ซึ่งส่งผลให้สามารถเข้าไปแก้ไขความถูกต้องของ session ได้ ซึ่งแน่นอนว่าการตรวจสอบในลักษณะของ openssl command อาจจะได้แค่การเช็คว่า server รองรับการ renegotiation เท่านั้นก็เป็นได้ ไม่ได้บ่งบอกถึงว่ามีช่องโหว่แต่อย่างใด เพราะช่องโหว่ดังกล่าวขึ้นอยู่กับ ssl library ที่ใช้อีกด้วยนั่นเอง
เราตรวจสอบการรองรับ renegotiation ได้โดยใช้คำสั่ง
1 |
<span class="pln">openssl s_client </span><span class="pun">-</span><span class="pln">connect example</span><span class="pun">.</span><span class="pln">com</span><span class="pun">:</span><span class="lit">443</span> |
หากไม่ support จะแสดงผลลัพธ์ส่วนการ Renegotiation ว่า “Secure Renegotiation is not supported”
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
<span class="pln">CONNECTED</span><span class="pun">(</span><span class="lit">00000003</span><span class="pun">)</span> <span class="lit">139677333890704</span><span class="pun">:</span><span class="pln">error</span><span class="pun">:</span><span class="lit">1407F0E5</span><span class="pun">:</span><span class="pln">SSL routines</span><span class="pun">:</span><span class="pln">SSL2_WRITE</span><span class="pun">:</span><span class="pln">ssl handshake failure</span><span class="pun">:</span><span class="pln">s2_pkt</span><span class="pun">.</span><span class="pln">c</span><span class="pun">:</span><span class="lit">429</span><span class="pun">:</span> <span class="pun">---</span> <span class="kwd">no</span><span class="pln"> peer certificate available </span><span class="pun">---</span> <span class="typ">No</span><span class="pln"> client certificate CA names sent </span><span class="pun">---</span><span class="pln"> SSL handshake has read </span><span class="lit">0</span><span class="pln"> bytes </span><span class="kwd">and</span><span class="pln"> written </span><span class="lit">36</span><span class="pln"> bytes </span><span class="pun">---</span> <span class="typ">New</span><span class="pun">,</span> <span class="pun">(</span><span class="pln">NONE</span><span class="pun">),</span> <span class="typ">Cipher</span> <span class="kwd">is</span> <span class="pun">(</span><span class="pln">NONE</span><span class="pun">)</span> <span class="typ">Secure</span> <span class="typ">Renegotiation</span><span class="pln"> IS NOT supported </span><span class="typ">Compression</span><span class="pun">:</span><span class="pln"> NONE </span><span class="typ">Expansion</span><span class="pun">:</span><span class="pln"> NONE SSL</span><span class="pun">-</span><span class="typ">Session</span><span class="pun">:</span> <span class="typ">Protocol</span> <span class="pun">:</span> <span class="typ">SSLv2</span> <span class="typ">Cipher</span> <span class="pun">:</span> <span class="lit">0000</span> <span class="typ">Session</span><span class="pun">-</span><span class="pln">ID</span><span class="pun">:</span> <span class="typ">Session</span><span class="pun">-</span><span class="pln">ID</span><span class="pun">-</span><span class="pln">ctx</span><span class="pun">:</span> <span class="typ">Master</span><span class="pun">-</span><span class="typ">Key</span><span class="pun">:</span> <span class="typ">Key</span><span class="pun">-</span><span class="typ">Arg</span> <span class="pun">:</span> <span class="kwd">None</span><span class="pln"> PSK identity</span><span class="pun">:</span> <span class="kwd">None</span><span class="pln"> PSK identity hint</span><span class="pun">:</span> <span class="kwd">None</span><span class="pln"> SRP username</span><span class="pun">:</span> <span class="kwd">None</span> <span class="typ">Start</span> <span class="typ">Time</span><span class="pun">:</span> <span class="lit">1428910482</span> <span class="typ">Timeout</span> <span class="pun">:</span> <span class="lit">300</span> <span class="pun">(</span><span class="pln">sec</span><span class="pun">)</span> <span class="typ">Verify</span> <span class="kwd">return</span><span class="pln"> code</span><span class="pun">:</span> <span class="lit">0</span> <span class="pun">(</span><span class="pln">ok</span><span class="pun">)</span> <span class="pun">---</span> |
5. ตรวจสอบ CLIENT INITIATED RENEGOTIATION
ส่วนการตรวจสอบต่อจากข้อ 4 คือ CLIENT INITIATED RENEGOTIATION จะกระทำโดย
1 |
<span class="pln">openssl s_client </span><span class="pun">-</span><span class="pln">connect example</span><span class="pun">.</span><span class="pln">com</span><span class="pun">:</span><span class="lit">443</span> |
เมื่อสร้าง connection ได้แล้ว server จะรอรับการ input ต่อไปของเรา เราสามารถเขียน เป็น
1 2 3 4 |
<span class="pln">openssl s_client </span><span class="pun">-</span><span class="pln">connect host</span><span class="pun">:</span><span class="pln">port HEAD </span><span class="pun">/</span><span class="pln"> HTTP</span><span class="pun">/</span><span class="lit">1.0</span><span class="pln"> R </span><span class="pun"><</span><span class="typ">Enter</span> <span class="kwd">or</span> <span class="typ">Return</span><span class="pln"> key</span><span class="pun">></span> |
หาก server support ตัว connection จะยัง active ต่อไป
หาก Server ไม่ support feature นี้จะขึ้นเป็น
1 2 |
<span class="pln">RENEGOTIATING write</span><span class="pun">:</span><span class="pln">errno</span><span class="pun">=</span><span class="lit">104</span> |
6. การตรวจสอบเรื่อง Compression
การ compression จะเกี่ยวโยงไปยัง 2 ช่องโหว่ดังคือ CRIME และ BREACH โดยเราสามารถตรวจสอบได้ว่า server นั้นรองรับการ compression ได้หรือไม่ โดยใช้คำสั่ง
1 |
<span class="pln">openssl s_client </span><span class="pun">-</span><span class="pln">connect example</span><span class="pun">.</span><span class="pln">com</span><span class="pun">:</span><span class="lit">443</span> |
หาก server support compression ผลการ response จะคล้ายๆกับตามผลด้านล่างนี้ โดยมีการเขียนว่า “Compression: zlib compression” และ “Compression: 1 (zlib compression)” ซึ่งจะบ่งบอกว่ามีช่องโหว่ CRIME attack และ
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
<span class="pun">---</span> <span class="typ">New</span><span class="pun">,</span> <span class="typ">TLSv1</span><span class="pun">/</span><span class="typ">SSLv3</span><span class="pun">,</span> <span class="typ">Cipher</span> <span class="kwd">is</span><span class="pln"> DHE</span><span class="pun">-</span><span class="pln">RSA</span><span class="pun">-</span><span class="pln">AES256</span><span class="pun">-</span><span class="pln">SHA </span><span class="typ">Server</span> <span class="kwd">public</span><span class="pln"> key </span><span class="kwd">is</span> <span class="lit">2048</span><span class="pln"> bit </span><span class="typ">Secure</span> <span class="typ">Renegotiation</span><span class="pln"> IS supported </span><span class="typ">Compression</span><span class="pun">:</span><span class="pln"> zlib compression </span><span class="typ">Expansion</span><span class="pun">:</span><span class="pln"> zlib compression SSL</span><span class="pun">-</span><span class="typ">Session</span><span class="pun">:</span> <span class="typ">Protocol</span> <span class="pun">:</span> <span class="typ">TLSv1</span><span class="pun">.</span><span class="lit">1</span> <span class="typ">Cipher</span> <span class="pun">:</span><span class="pln"> DHE</span><span class="pun">-</span><span class="pln">RSA</span><span class="pun">-</span><span class="pln">AES256</span><span class="pun">-</span><span class="pln">SHA </span><span class="typ">Session</span><span class="pun">-</span><span class="pln">ID</span><span class="pun">:</span> <span class="lit">50791A02E03E42F8983344B25C8ED4598620518D5C917A3388239AAACE991858</span> <span class="typ">Session</span><span class="pun">-</span><span class="pln">ID</span><span class="pun">-</span><span class="pln">ctx</span><span class="pun">:</span> <span class="typ">Master</span><span class="pun">-</span><span class="typ">Key</span><span class="pun">:</span> <span class="lit">9FEDB91F439775B49A5C49342FF53C3DD7384E4AFC33F9C6AFB64EA3D639CA57253AD7D059BA54E01581AD3A73306342</span> <span class="typ">Key</span><span class="pun">-</span><span class="typ">Arg</span> <span class="pun">:</span> <span class="kwd">None</span><span class="pln"> PSK identity</span><span class="pun">:</span> <span class="kwd">None</span><span class="pln"> PSK identity hint</span><span class="pun">:</span> <span class="kwd">None</span><span class="pln"> SRP username</span><span class="pun">:</span> <span class="kwd">None</span><span class="pln"> TLS session ticket lifetime hint</span><span class="pun">:</span> <span class="lit">300</span> <span class="pun">(</span><span class="pln">seconds</span><span class="pun">)</span><span class="pln"> TLS session ticket</span><span class="pun">:</span> <span class="lit">0000</span> <span class="pun">-</span> <span class="lit">34</span> <span class="lit">38</span> <span class="lit">24</span> <span class="lit">70</span> <span class="lit">35</span> <span class="lit">88</span> <span class="lit">4a</span> <span class="lit">68</span><span class="pun">-</span><span class="lit">0c</span> <span class="lit">80</span><span class="pln"> e6 c5 </span><span class="lit">76</span><span class="pln"> a1 </span><span class="lit">0e</span><span class="pln"> ee </span><span class="lit">48</span><span class="pln">$p5</span><span class="pun">.</span><span class="typ">Jh</span><span class="pun">....</span><span class="pln">v</span><span class="pun">...</span> <span class="lit">0010</span> <span class="pun">-</span> <span class="lit">14</span> <span class="lit">2e</span><span class="pln"> fb ef fa </span><span class="lit">42</span><span class="pln"> f0 c1</span><span class="pun">-</span><span class="lit">58</span><span class="pln"> ee </span><span class="lit">70</span> <span class="lit">02</span> <span class="lit">90</span> <span class="lit">45</span><span class="pln"> f4 </span><span class="lit">8c</span> <span class="pun">.....</span><span class="pln">B</span><span class="pun">..</span><span class="pln">X</span><span class="pun">.</span><span class="pln">p</span><span class="pun">..</span><span class="pln">E</span><span class="pun">..</span> <span class="lit">0020</span> <span class="pun">-</span> <span class="lit">7d</span> <span class="lit">0b</span> <span class="lit">2e</span> <span class="lit">1e</span> <span class="lit">71</span> <span class="lit">70</span><span class="pln"> b0 a2</span><span class="pun">-</span><span class="pln">cc </span><span class="lit">27</span> <span class="lit">1b</span> <span class="lit">13</span> <span class="lit">29</span><span class="pln"> cc f5 ee </span><span class="pun">}...</span><span class="pln">qp</span><span class="pun">...</span><span class="str">'..)... 0030 - 84 43 98 fa b1 ae 83 dc-ff 6d aa 07 9f 7a 95 4f .C.......m...z.O 0040 - 44 68 63 21 72 d7 b9 18-97 d8 8e d7 61 7d 71 6f Dhc!r.......a}qo 0050 - a7 16 85 79 f9 a2 80 2a-b4 bc f9 47 78 6a b7 08 ...y...*...Gxj.. 0060 - f6 4f 09 96 7b e8 d4 9b-26 2d 1a fd 55 fe 6a ab .O..{...&-..U.j. 0070 - fc 8d 6d 87 7a 13 e1 a9-0a 05 09 d9 ce ea fe 70 ..m.z..........p 0080 - 09 c9 5f 33 3c 5f 28 4e-20 3b 3a 10 75 c4 86 45 .._3<_(N ;:.u..E 0090 - 1d 8b c8 a5 21 89 a1 12-59 b6 0f 55 e3 48 8f 91 ....!...Y..U.H.. 00a0 - 01 af 53 b6 ..S. Compression: 1 (zlib compression) Start Time: 1348073759 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) ---</span> |
หากไม่ support จะแสดงออกมาเป็น “Compression: NONE”.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
<span class="pun">---</span> <span class="typ">New</span><span class="pun">,</span> <span class="typ">TLSv1</span><span class="pun">/</span><span class="typ">SSLv3</span><span class="pun">,</span> <span class="typ">Cipher</span> <span class="kwd">is</span><span class="pln"> ECDHE</span><span class="pun">-</span><span class="pln">RSA</span><span class="pun">-</span><span class="pln">AES128</span><span class="pun">-</span><span class="pln">GCM</span><span class="pun">-</span><span class="pln">SHA256 </span><span class="typ">Server</span> <span class="kwd">public</span><span class="pln"> key </span><span class="kwd">is</span> <span class="lit">2048</span><span class="pln"> bit </span><span class="typ">Secure</span> <span class="typ">Renegotiation</span><span class="pln"> IS supported </span><span class="typ">Compression</span><span class="pun">:</span><span class="pln"> NONE </span><span class="typ">Expansion</span><span class="pun">:</span><span class="pln"> NONE SSL</span><span class="pun">-</span><span class="typ">Session</span><span class="pun">:</span> <span class="typ">Protocol</span> <span class="pun">:</span> <span class="typ">TLSv1</span><span class="pun">.</span><span class="lit">2</span> <span class="typ">Cipher</span> <span class="pun">:</span><span class="pln"> ECDHE</span><span class="pun">-</span><span class="pln">RSA</span><span class="pun">-</span><span class="pln">AES128</span><span class="pun">-</span><span class="pln">GCM</span><span class="pun">-</span><span class="pln">SHA256 </span><span class="typ">Session</span><span class="pun">-</span><span class="pln">ID</span><span class="pun">:</span> <span class="lit">7E49EA6457B200B441A26C05F1AE9634AAF97284AC7A12EC58F69CEF5470B052</span> <span class="typ">Session</span><span class="pun">-</span><span class="pln">ID</span><span class="pun">-</span><span class="pln">ctx</span><span class="pun">:</span> <span class="typ">Master</span><span class="pun">-</span><span class="typ">Key</span><span class="pun">:</span><span class="pln"> E035F082F5545424373A546A1F76D77673E8AEE018B3F0A3AFD7A3545746013664C18E6BB69F08BFAECA6C7FB3010C9C </span><span class="typ">Key</span><span class="pun">-</span><span class="typ">Arg</span> <span class="pun">:</span> <span class="kwd">None</span><span class="pln"> PSK identity</span><span class="pun">:</span> <span class="kwd">None</span><span class="pln"> PSK identity hint</span><span class="pun">:</span> <span class="kwd">None</span><span class="pln"> SRP username</span><span class="pun">:</span> <span class="kwd">None</span><span class="pln"> TLS session ticket lifetime hint</span><span class="pun">:</span> <span class="lit">100800</span> <span class="pun">(</span><span class="pln">seconds</span><span class="pun">)</span><span class="pln"> TLS session ticket</span><span class="pun">:</span> <span class="lit">0000</span> <span class="pun">-</span> <span class="lit">66</span> <span class="lit">72</span> <span class="lit">6f</span> <span class="lit">6e</span> <span class="lit">74</span> <span class="lit">70</span> <span class="lit">61</span> <span class="lit">67</span><span class="pun">-</span><span class="lit">65</span> <span class="lit">61</span> <span class="lit">61</span> <span class="lit">61</span> <span class="lit">61</span> <span class="lit">61</span> <span class="lit">61</span> <span class="lit">61</span><span class="pln"> frontpageaaaaaaa </span><span class="lit">0010</span> <span class="pun">-</span> <span class="lit">89</span> <span class="lit">55</span><span class="pln"> c6 </span><span class="lit">6a</span> <span class="lit">92</span><span class="pln"> c3 </span><span class="lit">28</span> <span class="lit">85</span><span class="pun">-</span><span class="lit">86</span><span class="pln"> b0 ff c3 </span><span class="lit">08</span> <span class="lit">12</span> <span class="lit">5a</span><span class="pln"> a8 </span><span class="pun">.</span><span class="pln">U</span><span class="pun">.</span><span class="pln">j</span><span class="pun">..(.......</span><span class="pln">Z</span><span class="pun">.</span> <span class="lit">0020</span> <span class="pun">-</span><span class="pln"> f2 ec f8 </span><span class="lit">56</span> <span class="lit">6d</span><span class="pln"> d3 </span><span class="lit">29</span> <span class="lit">99</span><span class="pun">-</span><span class="lit">7b</span> <span class="lit">98</span> <span class="lit">90</span><span class="pln"> ef </span><span class="lit">57</span><span class="pln"> fd c6 </span><span class="lit">15</span> <span class="pun">...</span><span class="typ">Vm</span><span class="pun">.).{...</span><span class="pln">W</span><span class="pun">...</span> <span class="lit">0030</span> <span class="pun">-</span><span class="pln"> ee a2 </span><span class="lit">53</span> <span class="lit">4b</span> <span class="lit">43</span><span class="pln"> ef </span><span class="lit">19</span><span class="pln"> ee</span><span class="pun">-</span><span class="lit">41</span> <span class="lit">25</span> <span class="lit">1f</span> <span class="lit">76</span> <span class="lit">28</span> <span class="lit">37</span> <span class="lit">68</span><span class="pln"> b6 </span><span class="pun">..</span><span class="pln">SKC</span><span class="pun">...</span><span class="pln">A</span><span class="pun">%.</span><span class="pln">v</span><span class="pun">(</span><span class="lit">7h</span><span class="pun">.</span> <span class="lit">0040</span> <span class="pun">-</span> <span class="lit">64</span><span class="pln"> ca e7 </span><span class="lit">3f</span> <span class="lit">71</span> <span class="lit">01</span> <span class="lit">70</span> <span class="lit">30</span><span class="pun">-</span><span class="lit">35</span> <span class="lit">91</span><span class="pln"> ef bc d8 </span><span class="lit">19</span> <span class="lit">20</span> <span class="lit">4f</span><span class="pln"> d</span><span class="pun">..?</span><span class="pln">q</span><span class="pun">.</span><span class="pln">p05</span><span class="pun">.....</span><span class="pln"> O </span><span class="lit">0050</span> <span class="pun">-</span> <span class="lit">9d</span> <span class="lit">9e</span> <span class="lit">2c</span><span class="pln"> ab </span><span class="lit">3f</span> <span class="lit">35</span> <span class="lit">5c</span> <span class="lit">3f</span><span class="pun">-</span><span class="lit">65</span><span class="pln"> f8 c6 </span><span class="lit">9a</span><span class="pln"> a9 </span><span class="lit">90</span><span class="pln"> fa </span><span class="lit">60</span> <span class="pun">..,.?</span><span class="lit">5</span><span class="pln">\?e</span><span class="pun">......</span><span class="str">` 0060 - 4d 53 a1 b8 49 8c e7 61-e4 6c e1 51 8e 83 b5 25 MS..I..a.l.Q...% 0070 - bc 9a 32 d8 fa be 16 a1-ae 3d 8c 0b e3 9e e4 78 ..2......=.....x 0080 - 77 d7 91 6b a9 a0 01 2b-e1 98 33 d4 2c eb b3 84 w..k...+..3.,... 0090 - f9 da 0f fa 77 df ac d6-08 b6 34 97 07 d9 b2 58 ....w.....4....X Start Time: 1428988675 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) ---</span> |
หากต้องการตรวจสอบ BREACH ให้ทำการเชื่อมต่อแบบเดิมแบบที่ทำตามข้างต้นแล้วใช้คำสั่งเป็น
1 2 3 |
<span class="pln">GET </span><span class="pun">/</span><span class="pln"> HTTP</span><span class="pun">/</span><span class="lit">1.1</span> <span class="typ">Host</span><span class="pun">:</span><span class="pln"> example</span><span class="pun">.</span><span class="pln">com </span><span class="typ">Accept</span><span class="pun">-</span><span class="typ">Encoding</span><span class="pun">:</span><span class="pln"> compress</span><span class="pun">,</span><span class="pln"> gzip</span> |
หากมีการ response เป็น encoded data กลับมา ก็จะแสดงว่า support HTTP compression ซึ่งนั่นบ่งบอกถึงว่าปลายทางได้รับผลกระทบจาก BREACH ไปด้วย
7. HEARTBLEED
Heartbleed เป็นช่องโหว่ที่ดังมากใน OpenSSL. ทำให้เราสามารถเข้าไปดึง memory contents ของเครื่องออกมาได้ โดย OpenSSL ที่ได้รับผลกระทบคือ
• OpenSSL 1.0.1 – 1.0.1f (inclusive)
ตัวที่ไม่ได้รับผลกระทบคือ
• OpenSSL 1.0.1g
• OpenSSL 1.0.0 branch
• OpenSSL 0.9.8 branch
เราสามารถใช้ nmap ในการตรวจสอบได้โดยใช้คำสั่ง
1 |
<span class="pln">nmap </span><span class="pun">-</span><span class="pln">p </span><span class="lit">443</span> <span class="pun">--</span><span class="pln">script ssl</span><span class="pun">-</span><span class="pln">heartbleed </span><span class="pun">--</span><span class="pln">script</span><span class="pun">-</span><span class="pln">args vulns</span><span class="pun">.</span><span class="pln">showall example</span><span class="pun">.</span><span class="pln">com</span> |
จะได้ผลลัพธ์ออกมาเป็น
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
<span class="pln">PORT STATE SERVICE </span><span class="lit">443</span><span class="pun">/</span><span class="pln">tcp open https </span><span class="pun">|</span><span class="pln"> ssl</span><span class="pun">-</span><span class="pln">heartbleed</span><span class="pun">:</span> <span class="pun">|</span><span class="pln"> VULNERABLE</span><span class="pun">:</span> <span class="pun">|</span> <span class="typ">The</span> <span class="typ">Heartbleed</span> <span class="typ">Bug</span> <span class="kwd">is</span><span class="pln"> a serious vulnerability </span><span class="kwd">in</span><span class="pln"> the popular </span><span class="typ">OpenSSL</span><span class="pln"> cryptographic software library</span><span class="pun">.</span> <span class="typ">It</span><span class="pln"> allows </span><span class="kwd">for</span><span class="pln"> stealing information intended to be </span><span class="kwd">protected</span> <span class="kwd">by</span><span class="pln"> SSL</span><span class="pun">/</span><span class="pln">TLS encryption</span><span class="pun">.</span> <span class="pun">|</span> <span class="typ">State</span><span class="pun">:</span><span class="pln"> VULNERABLE </span><span class="pun">|</span> <span class="typ">Risk</span><span class="pln"> factor</span><span class="pun">:</span> <span class="typ">High</span> <span class="pun">|</span> <span class="typ">Description</span><span class="pun">:</span> <span class="pun">|</span> <span class="typ">OpenSSL</span><span class="pln"> versions </span><span class="lit">1.0</span><span class="pun">.</span><span class="lit">1</span> <span class="kwd">and</span> <span class="lit">1.0</span><span class="pun">.</span><span class="lit">2</span><span class="pun">-</span><span class="pln">beta releases </span><span class="pun">(</span><span class="pln">including </span><span class="lit">1.0</span><span class="pun">.</span><span class="lit">1f</span> <span class="kwd">and</span> <span class="lit">1.0</span><span class="pun">.</span><span class="lit">2</span><span class="pun">-</span><span class="pln">beta1</span><span class="pun">)</span><span class="pln"> of </span><span class="typ">OpenSSL</span><span class="pln"> are affected </span><span class="kwd">by</span><span class="pln"> the </span><span class="typ">Heartbleed</span><span class="pln"> bug</span><span class="pun">.</span> <span class="typ">The</span><span class="pln"> bug allows </span><span class="kwd">for</span><span class="pln"> reading memory of systems </span><span class="kwd">protected</span> <span class="kwd">by</span><span class="pln"> the vulnerable </span><span class="typ">OpenSSL</span><span class="pln"> versions </span><span class="kwd">and</span><span class="pln"> could allow </span><span class="kwd">for</span><span class="pln"> disclosure of otherwise encrypted confidential information </span><span class="kwd">as</span><span class="pln"> well </span><span class="kwd">as</span><span class="pln"> the encryption keys themselves</span><span class="pun">.</span> <span class="pun">|</span> <span class="pun">|</span> <span class="typ">References</span><span class="pun">:</span> <span class="pun">|</span><span class="pln"> https</span><span class="pun">:</span><span class="com">//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160</span> <span class="pun">|</span><span class="pln"> http</span><span class="pun">:</span><span class="com">//www.openssl.org/news/secadv_20140407.txt</span> <span class="pun">|</span><span class="pln">_ http</span><span class="pun">:</span><span class="com">//cvedetails.com/cve/2014-0160/</span> |
8. CHANGE CIPHER SPEC INJECTION
อันนี้เป็นจุดอ่อนที่เกิดขึ้นใน OpenSSL โดยเกิดใน
• OpenSSL 1.0.1 – 1.0.1g
• OpenSSL 1.0.0 – 1.0.0l
• OpenSSL version ก่อนหน้า 0.9.8y
เราสามารถทดสอบได้โดยการ download NSE script จาก https://nmap.org/nsedoc/scripts/ssl-ccs-injection.html. แล้วใช้คำสั่ง
1 |
<span class="pln">nmap </span><span class="pun">-</span><span class="pln">p </span><span class="lit">443</span> <span class="pun">--</span><span class="pln">script ssl</span><span class="pun">-</span><span class="pln">ccs</span><span class="pun">-</span><span class="pln">injection example</span><span class="pun">.</span><span class="pln">com</span> |
ผลลัพธ์ที่ได้
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
<span class="pln">PORT STATE SERVICE </span><span class="lit">443</span><span class="pun">/</span><span class="pln">tcp open https </span><span class="pun">|</span><span class="pln"> ssl</span><span class="pun">-</span><span class="pln">ccs</span><span class="pun">-</span><span class="pln">injection</span><span class="pun">:</span> <span class="pun">|</span><span class="pln"> VULNERABLE</span><span class="pun">:</span> <span class="pun">|</span><span class="pln"> SSL</span><span class="pun">/</span><span class="pln">TLS MITM vulnerability </span><span class="pun">(</span><span class="pln">CCS </span><span class="typ">Injection</span><span class="pun">)</span> <span class="pun">|</span> <span class="typ">State</span><span class="pun">:</span><span class="pln"> VULNERABLE </span><span class="pun">|</span> <span class="typ">Risk</span><span class="pln"> factor</span><span class="pun">:</span> <span class="typ">High</span> <span class="pun">|</span> <span class="typ">Description</span><span class="pun">:</span> <span class="pun">|</span> <span class="typ">OpenSSL</span><span class="pln"> before </span><span class="lit">0.9</span><span class="pun">.</span><span class="lit">8za</span><span class="pun">,</span> <span class="lit">1.0</span><span class="pun">.</span><span class="lit">0</span><span class="pln"> before </span><span class="lit">1.0</span><span class="pun">.</span><span class="lit">0m</span><span class="pun">,</span> <span class="kwd">and</span> <span class="lit">1.0</span><span class="pun">.</span><span class="lit">1</span><span class="pln"> before </span><span class="pun">|</span> <span class="lit">1.0</span><span class="pun">.</span><span class="lit">1h</span><span class="pln"> does </span><span class="kwd">not</span><span class="pln"> properly </span><span class="kwd">restrict</span><span class="pln"> processing of </span><span class="typ">ChangeCipherSpec</span> <span class="pun">|</span><span class="pln"> messages</span><span class="pun">,</span><span class="pln"> which allows man</span><span class="pun">-</span><span class="kwd">in</span><span class="pun">-</span><span class="pln">the</span><span class="pun">-</span><span class="pln">middle attackers to trigger </span><span class="kwd">use</span> <span class="pun">|</span><span class="pln"> of a zero</span><span class="pun">-</span><span class="pln">length master key </span><span class="kwd">in</span><span class="pln"> certain </span><span class="typ">OpenSSL</span><span class="pun">-</span><span class="pln">to</span><span class="pun">-</span><span class="typ">OpenSSL</span> <span class="pun">|</span><span class="pln"> communications</span><span class="pun">,</span> <span class="kwd">and</span><span class="pln"> consequently hijack sessions </span><span class="kwd">or</span><span class="pln"> obtain </span><span class="pun">|</span><span class="pln"> sensitive information</span><span class="pun">,</span><span class="pln"> via a crafted TLS handshake</span><span class="pun">,</span><span class="pln"> aka the </span><span class="pun">|</span> <span class="str">"CCS Injection"</span><span class="pln"> vulnerability</span><span class="pun">.</span> <span class="pun">|</span> <span class="pun">|</span> <span class="typ">References</span><span class="pun">:</span> <span class="pun">|</span><span class="pln"> https</span><span class="pun">:</span><span class="com">//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224</span> <span class="pun">|</span><span class="pln"> http</span><span class="pun">:</span><span class="com">//www.cvedetails.com/cve/2014-0224</span> <span class="pun">|</span><span class="pln">_ http</span><span class="pun">:</span><span class="com">//www.openssl.org/news/secadv_20140605.txt</span> |