Innogen security

RECENT BLOG

Posted in Blog post

Just wanted to share the following script which has been amazingly helpful on recent tests in order to validate the ssl handshakes and use the output detail in the log file to go away and analyse for any know vulnerabilities.

NOTE: innogen did not write this and cant exactly remember who the original author was?
so if you know ping us and we will update the code to thank the author.

Shell Script:

#!/usr/bin/env bash
SERVER=SOMEDOMAINNAME_WITHOUT_HTTPS_PREFIX:443
DELAY=1
ciphers=$(openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g')
success_log=successful_ciphers.txt
echo Ciphers Accepted by Host: $SERVER > $success_log
echo -e ====================== >> $success_log
echo Obtaining cipher list from $(openssl version).
for cipher in ${ciphers[@]}
do
echo -n Testing $cipher...
result=$(echo -n | openssl s_client -cipher "$cipher" -connect $SERVER 2>&1)
if [[ "$result" =~ ":error:" ]] ; then
error=$(echo -n $result | cut -d':' -f6)
echo NO \($error\)
else
if [[ "$result" =~ "Cipher is ${cipher}" || "$result" =~ "Cipher :" ]] ; then
echo YES - SUCCESSFUL HANDSHAKE
echo -e $cipher - SUCCESSFUL HANDSHAKE >> $success_log
else
echo UNKNOWN RESPONSE
echo $result
fi
fi
sleep $DELAY
done

Results output of running the script:


Obtaining cipher list from OpenSSL 0.9.8zh 14 Jan 2016.
Testing ADH-SEED-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-SEED-SHA...NO (sslv3 alert handshake failure)
Testing DHE-DSS-SEED-SHA...NO (sslv3 alert handshake failure)
Testing SEED-SHA...YES - SUCCESSFUL HANDSHAKE
Testing ADH-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DHE-DSS-AES256-SHA...NO (sslv3 alert handshake failure)
Testing AES256-SHA...YES - SUCCESSFUL HANDSHAKE
Testing ADH-AES128-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES128-SHA...NO (sslv3 alert handshake failure)
Testing DHE-DSS-AES128-SHA...NO (sslv3 alert handshake failure)
Testing AES128-SHA...YES - SUCCESSFUL HANDSHAKE
Testing ADH-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing ADH-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EXP-ADH-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing ADH-RC4-MD5...NO (sslv3 alert handshake failure)
Testing EXP-ADH-RC4-MD5...NO (sslv3 alert handshake failure)
Testing EDH-RSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing EDH-RSA-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EXP-EDH-RSA-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EDH-DSS-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing EDH-DSS-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EXP-EDH-DSS-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing DES-CBC3-SHA...YES - SUCCESSFUL HANDSHAKE
Testing DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EXP-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EXP-RC2-CBC-MD5...NO (sslv3 alert handshake failure)
Testing RC4-SHA...YES - SUCCESSFUL HANDSHAKE
Testing RC4-MD5...YES - SUCCESSFUL HANDSHAKE
Testing EXP-RC4-MD5...NO (sslv3 alert handshake failure)
Testing DES-CBC3-MD5...NO (sslv3 alert handshake failure)
Testing DES-CBC-MD5...NO (sslv3 alert handshake failure)
Testing EXP-RC2-CBC-MD5...NO (sslv3 alert handshake failure)
Testing RC2-CBC-MD5...NO (sslv3 alert handshake failure)
Testing EXP-RC4-MD5...NO (sslv3 alert handshake failure)
Testing RC4-MD5...YES - SUCCESSFUL HANDSHAKE
Testing NULL-SHA...NO (sslv3 alert handshake failure)
Testing NULL-MD5...NO (sslv3 alert handshake failure)

Log file content:


cat successful_ciphers.txt
Ciphers Accepted by Host: thehost.com:443
===============================
SEED-SHA - SUCCESSFUL HANDSHAKE
AES256-SHA - SUCCESSFUL HANDSHAKE
AES128-SHA - SUCCESSFUL HANDSHAKE
DES-CBC3-SHA - SUCCESSFUL HANDSHAKE
RC4-SHA - SUCCESSFUL HANDSHAKE
RC4-MD5 - SUCCESSFUL HANDSHAKE
RC4-MD5 - SUCCESSFUL HANDSHAKE

Innogen security

RECENT BLOG

Exploiting Sudo 1.8.27 The following brief is a quick demonstration of the issue faced by cve-2019-14287. This issue is presented when the user is allowed to run a specified command as any user other than the root user account, specified …

17 Oct 2019

SMB LFI Exploitation The following outlines a very short overview of LFI using SMB in form of a crib sheet. Install Samba: apt-get install samba Remove default Samba config: rm -f /etc/samba/smb.conf Create New smb.conf: vi /etc/samba/smb.conf The following config …

13 Oct 2019

Linux reverse shell without python. During a recent application exploit into an interactive shell the typical path to spawn a reverse shell and upgrade it to tty was sought. It was found that the go to technologies such as python, …

19 Sep 2019