Browse Source

unify the SSLVersion fields between modules and mixins

Also actually handle the 'Auto' option that we had in the crawler and remove
hardcoded defaults in modules that do not need them.
Brent Cook 3 years ago
parent
commit
eea8fa86dc

+ 1
- 1
lib/msf/core/auxiliary/crawler.rb View File

@@ -44,7 +44,7 @@ module Auxiliary::HttpCrawler
44 44
         OptString.new('BasicAuthPass', [false, 'The HTTP password to specify for basic authentication']),
45 45
         OptString.new('HTTPAdditionalHeaders', [false, "A list of additional headers to send (separated by \\x01)"]),
46 46
         OptString.new('HTTPCookie', [false, "A HTTP cookie header to send with each request"]),
47
-        OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL that should be used', 'Auto', ['Auto', 'SSL2', 'SSL23', 'SSL3', 'TLS1']]),
47
+        Opt::SSLVersion
48 48
       ], self.class
49 49
     )
50 50
 

+ 1
- 1
lib/msf/core/exploit/http/client.rb View File

@@ -50,7 +50,7 @@ module Exploit::Remote::HttpClient
50 50
         OptString.new('USERNAME', [false, 'The HTTP username to specify for authentication', '']),
51 51
         OptString.new('PASSWORD', [false, 'The HTTP password to specify for authentication', '']),
52 52
         OptBool.new('DigestAuthIIS', [false, 'Conform to IIS, should work for most servers. Only set to false for non-IIS servers', true]),
53
-        OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL that should be used', 'Auto', ['Auto', 'SSL2', 'SSL3', 'TLS1']]),
53
+        Opt::SSLVersion,
54 54
         OptBool.new('FingerprintCheck', [ false, 'Conduct a pre-exploit fingerprint verification', true]),
55 55
         OptString.new('DOMAIN', [ true, 'The domain to use for windows authentification', 'WORKSTATION']),
56 56
         OptInt.new('HttpClientTimeout', [false, 'HTTP connection and receive timeout'])

+ 1
- 1
lib/msf/core/exploit/tcp.rb View File

@@ -64,7 +64,7 @@ module Exploit::Remote::Tcp
64 64
     register_advanced_options(
65 65
       [
66 66
         OptBool.new('SSL',        [ false, 'Negotiate SSL/TLS for outgoing connections', false]),
67
-        OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL/TLS to be used (TLS and SSL23 are auto-negotiate)', 'TLS1', ['SSL2', 'SSL3', 'SSL23', 'TLS', 'TLS1', 'TLS1.1', 'TLS1.2']]),
67
+        Opt::SSLVersion,
68 68
         OptEnum.new('SSLVerifyMode',  [ false, 'SSL verification method', 'PEER', %W{CLIENT_ONCE FAIL_IF_NO_PEER_CERT NONE PEER}]),
69 69
         OptString.new('SSLCipher',    [ false, 'String for SSL cipher - "DHE-RSA-AES256-SHA" or "ADH"']),
70 70
         Opt::Proxies,

+ 0
- 1
lib/msf/core/exploit/tcp_server.rb View File

@@ -19,7 +19,6 @@ module Exploit::Remote::TcpServer
19 19
       [
20 20
         OptBool.new('SSL',        [ false, 'Negotiate SSL for incoming connections', false]),
21 21
         # SSLVersion is currently unsupported for TCP servers (only supported by clients at the moment)
22
-        # OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL that should be used', 'TLS1', ['SSL2', 'SSL3', 'TLS1']]),
23 22
         OptPath.new('SSLCert',    [ false, 'Path to a custom SSL certificate (default is randomly generated)']),
24 23
         OptAddress.new('SRVHOST', [ true, "The local host to listen on. This must be an address on the local machine or 0.0.0.0", '0.0.0.0' ]),
25 24
         OptPort.new('SRVPORT',    [ true, "The local port to listen on.", 8080 ]),

+ 8
- 0
lib/msf/core/opt.rb View File

@@ -51,6 +51,13 @@ module Msf
51 51
       Msf::OptPort.new(__method__.to_s, [ required, desc, default ])
52 52
     end
53 53
 
54
+    # @return [OptEnum]
55
+    def self.SSLVersion
56
+      Msf::OptEnum.new('SSLVersion', [ false,
57
+        'Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate)', 'Auto',
58
+        ['Auto', 'SSL2', 'SSL3', 'SSL23', 'TLS', 'TLS1', 'TLS1.1', 'TLS1.2']])
59
+    end
60
+
54 61
     # These are unused but remain for historical reasons
55 62
     class << self
56 63
       alias builtin_chost CHOST
@@ -69,6 +76,7 @@ module Msf
69 76
     Proxies = Proxies()
70 77
     RHOST = RHOST()
71 78
     RPORT = RPORT()
79
+    SSLVersion = SSLVersion()
72 80
   end
73 81
 
74 82
 end

+ 1
- 1
lib/rex/socket/ssl_tcp.rb View File

@@ -65,7 +65,7 @@ begin
65 65
       when 'SSL2', :SSLv2
66 66
         version = :SSLv2
67 67
       # 'TLS' will be the new name for autonegotation with newer versions of OpenSSL
68
-      when 'SSL23', :SSLv23, 'TLS'
68
+      when 'SSL23', :SSLv23, 'TLS', 'Auto'
69 69
         version = :SSLv23
70 70
       when 'SSL3', :SSLv3
71 71
         version = :SSLv3

+ 0
- 1
modules/auxiliary/dos/http/f5_bigip_apm_max_sessions.rb View File

@@ -37,7 +37,6 @@ class Metasploit3 < Msf::Auxiliary
37 37
       'DefaultOptions' =>
38 38
         {
39 39
           'SSL' => true,
40
-          'SSLVersion' => 'TLS1',
41 40
           'RPORT' => 443
42 41
         }
43 42
     ))

+ 0
- 1
modules/auxiliary/gather/f5_bigip_cookie_disclosure.rb View File

@@ -32,7 +32,6 @@ class Metasploit3 < Msf::Auxiliary
32 32
       'License'        => MSF_LICENSE,
33 33
       'DefaultOptions' =>
34 34
         {
35
-          'SSLVersion' => 'TLS1',
36 35
           'SSL'        => true
37 36
         }
38 37
     ))

+ 1
- 2
modules/auxiliary/gather/ssllabs_scan.rb View File

@@ -31,7 +31,7 @@ class Metasploit3 < Msf::Auxiliary
31 31
 
32 32
       name = name.to_s.camelize(:lower)
33 33
       uri = api_path + name
34
-      cli = Rex::Proto::Http::Client.new(api_host, api_port, {}, true, 'TLS1')
34
+      cli = Rex::Proto::Http::Client.new(api_host, api_port, {}, true, 'TLS')
35 35
       cli.connect
36 36
       req = cli.request_cgi({
37 37
           'uri' => uri,
@@ -430,7 +430,6 @@ class Metasploit3 < Msf::Auxiliary
430 430
           {
431 431
             'RPORT'      => 443,
432 432
             'SSL'        => true,
433
-            'SSLVersion' => 'TLS1'
434 433
           }
435 434
     ))
436 435
     register_options(

+ 0
- 1
modules/auxiliary/scanner/http/chef_webui_login.rb View File

@@ -30,7 +30,6 @@ class Metasploit3 < Msf::Auxiliary
30 30
       'DefaultOptions' =>
31 31
       {
32 32
         'SSL'         => true,
33
-        'SSLVersion'  => 'TLS1'
34 33
       }
35 34
     )
36 35
 

+ 0
- 1
modules/auxiliary/scanner/http/f5_mgmt_scanner.rb View File

@@ -26,7 +26,6 @@ class Metasploit3 < Msf::Auxiliary
26 26
       'DefaultOptions' =>
27 27
         {
28 28
           'SSL' => true,
29
-          'SSLVersion' => 'TLS1',
30 29
           'RPORT' => 443
31 30
         }
32 31
     ))

+ 1
- 2
modules/auxiliary/scanner/http/ssl_version.rb View File

@@ -30,7 +30,6 @@ class Metasploit3 < Msf::Auxiliary
30 30
       {
31 31
         'SSL' => true,
32 32
         'RPORT' => 443,
33
-        'SSLVersion' => 'SSL3'
34 33
       },
35 34
       'References'  =>
36 35
       [
@@ -43,7 +42,7 @@ class Metasploit3 < Msf::Auxiliary
43 42
 
44 43
     register_options(
45 44
       [
46
-        OptEnum.new('SSLVersion', [true, 'Specify the version of SSL that should be used', 'SSL3', ['SSL2', 'SSL3', 'TLS1']])
45
+        Opt::SSLVersion
47 46
       ]
48 47
     )
49 48
 

+ 0
- 1
modules/auxiliary/scanner/http/symantec_web_gateway_login.rb View File

@@ -26,7 +26,6 @@ class Metasploit3 < Msf::Auxiliary
26 26
         {
27 27
           'RPORT'      => 443,
28 28
           'SSL'        => true,
29
-          'SSLVersion' => 'TLS1'
30 29
         }
31 30
     ))
32 31
   end

+ 0
- 1
modules/auxiliary/scanner/nessus/nessus_rest_login.rb View File

@@ -25,7 +25,6 @@ class Metasploit3 < Msf::Auxiliary
25 25
       'DefaultOptions' =>
26 26
       {
27 27
         'SSL'        => true,
28
-        'SSLVersion' => 'TLS1'
29 28
       }
30 29
     ))
31 30
     register_options(

+ 0
- 1
modules/exploits/linux/http/symantec_web_gateway_restore.rb View File

@@ -47,7 +47,6 @@ class Metasploit3 < Msf::Exploit::Remote
47 47
       'DefaultOptions' => {
48 48
         'RPORT'      => 443,
49 49
         'SSL'        => true,
50
-        'SSLVersion' => 'TLS1'
51 50
       },
52 51
       'Platform'       => ['unix'],
53 52
       'Arch'           => ARCH_CMD,

+ 0
- 1
modules/exploits/windows/misc/hp_loadrunner_magentproc.rb View File

@@ -35,7 +35,6 @@ class Metasploit3 < Msf::Exploit::Remote
35 35
       'DefaultOptions' =>
36 36
         {
37 37
           'SSL' => true,
38
-          'SSLVersion' => 'SSL3',
39 38
           'PrependMigrate' => true
40 39
         },
41 40
       'Payload'        =>

+ 0
- 1
modules/exploits/windows/misc/hp_magentservice.rb View File

@@ -37,7 +37,6 @@ class Metasploit3 < Msf::Exploit::Remote
37 37
         {
38 38
           'EXITFUNC' => 'seh',
39 39
           'SSL' => true,
40
-          'SSLVersion' => 'SSL3'
41 40
         },
42 41
       'Payload'        =>
43 42
         {

+ 0
- 1
modules/exploits/windows/misc/ibm_cognos_tm1admsd_bof.rb View File

@@ -38,7 +38,6 @@ class Metasploit3 < Msf::Exploit::Remote
38 38
       'DefaultOptions' =>
39 39
         {
40 40
           'SSL' => true,
41
-          'SSLVersion' => 'TLS1'
42 41
         },
43 42
       'Payload'        =>
44 43
         {

Loading…
Cancel
Save