Cómo ejecutar Metasploit WMAP en el sitio que requiere SNI

Question

Cómo ejecutar Metasploit WMAP en el sitio que requiere SNI

1

Disculpas si esta es una pregunta obvia, la documentación parece ser un poco delgada en el terreno. Estoy intentando escanear (con permiso) un sitio que redirige a su versión https y requiere acceso a SNI. WMAP convierte el FQDN en una dirección IP y parece deshacerse del nombre de host. Esto parece hacer que el escaneo falle. Transcripción redactada a continuación.

msf > db_status 
[*] postgresql connected to msf
msf > load wmap

.-.-.-..-.-.-..---..---.
| | | || | | || | || |-'
'-----''-'-'-''-^-''-'
[WMAP 1.5.1] ===  et [  ] metasploit.com 2012
[*] Successfully loaded plugin: wmap
msf > wmap_sites -a http://example.com/
[*] Site created.
msf > wmap_sites -l
[*] Available sites
===============

     Id  Host           Vhost          Port  Proto  # Pages  # Forms
     --  ----           -----          ----  -----  -------  -------
     0   1.2.3.4  1.2.3.4  443   https  0        0


[*] Available sites
===============

     Id  Host           Vhost          Port  Proto  # Pages  # Forms
     --  ----           -----          ----  -----  -------  -------
     0   1.2.3.4  1.2.3.4  443   https  0        0


msf > wmap_targets -t https://1.2.3.4/login
msf > wmap_run -e
[*] Using ALL wmap enabled modules.
[-] NO WMAP NODES DEFINED. Executing local modules
[*] Testing target:
[*]     Site: 1.2.3.4 (1.2.3.4)
[*]     Port: 443 SSL: true
============================================================
[*] Testing started. 2018-10-15 18:42:22 +0200
[*] 
=[ SSL testing ]=
============================================================
[*] Module auxiliary/scanner/http/cert
[*] Module auxiliary/scanner/http/ssl

[*] Error: 1.2.3.4: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert internal error
[*] 
=[ Web Server testing ]=
============================================================
[*] Module auxiliary/scanner/http/http_version
[*] Error: 1.2.3.4: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert internal error
[*] Module auxiliary/scanner/http/open_proxy
[*] Error: 1.2.3.4: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert internal error
[*] Module auxiliary/admin/http/tomcat_administration
[*] Error: 1.2.3.4: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert internal error
[*] Module auxiliary/admin/http/tomcat_utf8_traversal
[*] Attempting to connect to 1.2.3.4:443
[*] Error: 1.2.3.4: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert internal error
[*] Module auxiliary/scanner/http/drupal_views_user_enum
[*] Error: 1.2.3.4: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert internal error
[*] Module auxiliary/scanner/http/frontpage_login
[*] Error: 1.2.3.4: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert internal error
[*] Module auxiliary/scanner/http/host_header_injection
[*] Error: 1.2.3.4: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert internal error
[*] Module auxiliary/scanner/http/options
[*] Error: 1.2.3.4: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert internal error
[*] Module auxiliary/scanner/http/robots_txt
[*] Error: 1.2.3.4: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert internal error
[*] Module auxiliary/scanner/http/scraper
[*] Error: 1.2.3.4: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert internal error
[*] Module auxiliary/scanner/http/svn_scanner
[*] Error: 1.2.3.4: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert internal error
[*] Module auxiliary/scanner/http/trace
[*] Error: 1.2.3.4: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert internal error
[*] Module auxiliary/scanner/http/vhost_scanner
[*]  >> Exception during launch from auxiliary/scanner/http/vhost_scanner: The following options failed to validate: DOMAIN.
[*] Module auxiliary/scanner/http/webdav_internal_ip
[*] Error: 1.2.3.4: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert internal error
[*] Module auxiliary/scanner/http/webdav_scanner
[*] Error: 1.2.3.4: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert internal error
[*] Module auxiliary/scanner/http/webdav_website_content
[*] Error: 1.2.3.4: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert internal error
[*] 
=[ File/Dir testing ]=
============================================================
[*] Module auxiliary/scanner/http/backup_file
[*] Module auxiliary/scanner/http/brute_dirs
[*] Path: /
[*] Error: 1.2.3.4: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert internal error
[*] Module auxiliary/scanner/http/copy_of_file
[*] Module auxiliary/scanner/http/dir_listing
[*] Path: /
[*] Error: 1.2.3.4: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert internal error
[*] Module auxiliary/scanner/http/dir_scanner
[*] Path: /
[*] Detecting error code
[*] Error: 1.2.3.4: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert internal error
[*] Module auxiliary/scanner/http/dir_webdav_unicode_bypass
[*] Path: /
[*] Error: 1.2.3.4: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert internal error
[*] Module auxiliary/scanner/http/file_same_name_dir
[*] Path: /
[-] Blank or default PATH set.
[*] Module auxiliary/scanner/http/files_dir
[*] Path: /
[*] Error: 1.2.3.4: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert internal error
[*] Module auxiliary/scanner/http/http_put
[*] Path: /
[-] 1.2.3.4: Error: SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert internal error
[-] 1.2.3.4: File doesn't seem to exist. The upload probably failed
[*] Module auxiliary/scanner/http/ms09_020_webdav_unicode_bypass
[*] Path: /
[-] Auxiliary failed: NameError uninitialized constant Errno::E877PIPE
[-] Call stack:
[-]   /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/http/ms09_020_webdav_unicode_bypass.rb:113:in 'rescue in run_host'
[-]   /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/http/ms09_020_webdav_unicode_bypass.rb:55:in 'run_host'
[-]   /opt/metasploit-framework/embedded/framework/lib/msf/core/auxiliary/scanner.rb:135:in 'block (2 levels) in run'
[-]   /opt/metasploit-framework/embedded/framework/lib/msf/core/thread_manager.rb:100:in 'block in spawn'
[*] Module auxiliary/scanner/http/prev_dir_same_name_file
[*] Path: /
[-] Blank or default PATH set.
[*] Module auxiliary/scanner/http/replace_ext
[*] Module auxiliary/scanner/http/soap_xml
[*] Path: /
[*] Starting scan with 0ms delay between requests
[*] Error: 1.2.3.4: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert internal error
[*] Module auxiliary/scanner/http/trace_axd
[*] Path: /
[*] Error: 1.2.3.4: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert internal error
[*] Module auxiliary/scanner/http/verb_auth_bypass
[*] 
=[ Unique Query testing ]=
============================================================
[*] Module auxiliary/scanner/http/blind_sql_query
[*] Module auxiliary/scanner/http/error_sql_injection
[*] Module auxiliary/scanner/http/http_traversal
[*] Module auxiliary/scanner/http/rails_mass_assignment
[*] Module exploit/multi/http/lcms_php_exec
[*] 
=[ Query testing ]=
============================================================
[*] 
=[ General testing ]=
============================================================
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Launch completed in 10.537943124771118 seconds.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[*] Done.

¿Me he perdido algo obvio o es una limitación de Metasploit? En caso de que haga una diferencia, estoy ejecutando la última compilación nocturna de la versión de código abierto de Metasploit en Ubuntu 18.04. Gracias de antemano por cualquier consejo.

EDITAR: Solo para aclarar, no puedo agregar el objetivo a través de su nombre de dominio. Si lo hace, se produce un error:

msf > wmap_targets -t http://example.com/login
[-] Error while running command wmap_targets: PG::InvalidTextRepresentation: ERROR:  invalid input syntax for type inet: "example.com"
: SELECT  "hosts".* FROM "hosts" WHERE "hosts"."workspace_id" = $1 AND "hosts"."address" = $2 LIMIT 1

Solo lo agrega exitosamente como objetivo si paso la dirección IP, como se indica por wmap_sites -l , a wmap_targets en lugar del dominio.

tls penetration-test metasploit

pregunta Kitserve 15.10.2018 - 20:24

fuente

0 respuestas

Lea otras preguntas en las etiquetas tls penetration-test metasploit

Cómo crear un keygen [cerrado] Generando nuevas subclaves E y S para una clave que se ha movido a la tarjeta