iT邦幫忙

2021 iThome 鐵人賽

DAY 8
2
Security

Kali Linux 工具筆記系列 第 8

Day 8 情報收集 - Information Gathering (SSL Analysis)

談到資安,一定繞不開常聽到的安全協定SSLTLS,透過安全協定建立起的連線,在交換資料時保證通訊雙方不被竊聽及竄改,但隨著時代演進,這些安全協定在整個發展歷史中,也有了新舊版本的交替。而即使是套用了最新規範的協定,在實作上都還是可能會發現能被利用的漏洞,更何況已被淘汰的舊協定,所以今天要介紹的工具就是用來偵測目標主機是否還支援舊版協定,或是一些已被證實了不安全的加密方法。

工具介紹

  1. sslscan
    最簡單的使用方式,就是直接給定目標域名,如果要指定非預設的443埠,也可以用冒號另外指定
sslscan www.example.com

從結果可以看到目標網站支援的協定版本、支援的Ciphers,還有網站的憑證資訊,對自己架站做基本的檢測很是方便。

Version: 2.0.10-static
OpenSSL 1.1.1l-dev  xx XXX xxxx

Connected to 93.184.216.34

Testing SSL server www.example.com on port 443 using SNI name www.example.com

  SSL/TLS Protocols:
SSLv2     disabled
SSLv3     disabled
TLSv1.0   enabled
TLSv1.1   enabled
TLSv1.2   enabled
TLSv1.3   enabled

  TLS Fallback SCSV:
Server supports TLS Fallback SCSV

  TLS renegotiation:
Secure session renegotiation supported

  TLS Compression:
Compression disabled

  Heartbleed:
TLSv1.3 not vulnerable to heartbleed
TLSv1.2 not vulnerable to heartbleed
TLSv1.1 not vulnerable to heartbleed
TLSv1.0 not vulnerable to heartbleed

  Supported Server Cipher(s):
Preferred TLSv1.3  256 bits  TLS_AES_256_GCM_SHA384        Curve P-256 DHE 256
Accepted  TLSv1.3  256 bits  TLS_CHACHA20_POLY1305_SHA256  Curve P-256 DHE 256
Accepted  TLSv1.3  128 bits  TLS_AES_128_GCM_SHA256        Curve P-256 DHE 256
Preferred TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-GCM-SHA256     DHE 2048 bits
Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-GCM-SHA384     DHE 2048 bits
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA256       Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA384       Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-SHA256         DHE 2048 bits
Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-SHA            DHE 2048 bits
Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-SHA256         DHE 2048 bits
Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-SHA            DHE 2048 bits
Accepted  TLSv1.2  128 bits  AES128-GCM-SHA256            
Accepted  TLSv1.2  256 bits  DHE-RSA-CAMELLIA256-SHA       DHE 2048 bits
Accepted  TLSv1.2  128 bits  DHE-RSA-CAMELLIA128-SHA       DHE 2048 bits
Accepted  TLSv1.2  256 bits  AES256-SHA                   
Accepted  TLSv1.2  256 bits  CAMELLIA256-SHA              
Accepted  TLSv1.2  128 bits  AES128-SHA                   
Accepted  TLSv1.2  128 bits  CAMELLIA128-SHA              
Accepted  TLSv1.2  128 bits  DHE-RSA-SEED-SHA              DHE 2048 bits
Accepted  TLSv1.2  128 bits  SEED-SHA                     
Preferred TLSv1.1  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.1  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.1  128 bits  DHE-RSA-AES128-SHA            DHE 2048 bits
Accepted  TLSv1.1  256 bits  DHE-RSA-AES256-SHA            DHE 2048 bits
Accepted  TLSv1.1  256 bits  DHE-RSA-CAMELLIA256-SHA       DHE 2048 bits
Accepted  TLSv1.1  128 bits  DHE-RSA-CAMELLIA128-SHA       DHE 2048 bits
Accepted  TLSv1.1  256 bits  AES256-SHA                   
Accepted  TLSv1.1  256 bits  CAMELLIA256-SHA              
Accepted  TLSv1.1  128 bits  AES128-SHA                   
Accepted  TLSv1.1  128 bits  CAMELLIA128-SHA              
Accepted  TLSv1.1  128 bits  DHE-RSA-SEED-SHA              DHE 2048 bits
Accepted  TLSv1.1  128 bits  SEED-SHA                     
Preferred TLSv1.0  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.0  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.0  128 bits  DHE-RSA-AES128-SHA            DHE 2048 bits
Accepted  TLSv1.0  256 bits  DHE-RSA-AES256-SHA            DHE 2048 bits
Accepted  TLSv1.0  256 bits  DHE-RSA-CAMELLIA256-SHA       DHE 2048 bits
Accepted  TLSv1.0  128 bits  DHE-RSA-CAMELLIA128-SHA       DHE 2048 bits
Accepted  TLSv1.0  256 bits  AES256-SHA                   
Accepted  TLSv1.0  256 bits  CAMELLIA256-SHA              
Accepted  TLSv1.0  128 bits  AES128-SHA                   
Accepted  TLSv1.0  128 bits  CAMELLIA128-SHA              
Accepted  TLSv1.0  128 bits  DHE-RSA-SEED-SHA              DHE 2048 bits
Accepted  TLSv1.0  128 bits  SEED-SHA                     

  Server Key Exchange Group(s):
TLSv1.3  128 bits  secp256r1 (NIST P-256)
TLSv1.2  128 bits  secp256r1 (NIST P-256)

  SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength:    2048

Subject:  www.example.org
Altnames: DNS:www.example.org, DNS:example.com, DNS:example.edu, DNS:example.net, DNS:example.org, DNS:www.example.com, DNS:www.example.edu, DNS:www.example.net
Issuer:   DigiCert TLS RSA SHA256 2020 CA1

Not valid before: Nov 24 00:00:00 2020 GMT
Not valid after:  Dec 25 23:59:59 2021 GMT
  1. testssl
    這裡另外介紹一個Kali沒有內建的開源工具testssl.sh,覺得他特別好用的地方是測試自己的網站時,可以先跑個完整的掃描測試,然後之後一邊修正,一邊用工具提供的分項測試工具來驗證是否把漏洞給補上了。

安裝方式,可以透過git取得

git clone --depth 1 https://github.com/drwetter/testssl.sh.git

載下來後會有個testlssl.sh資料夾,可以先進去直接執行看看有什麼功能

cd testssl.sh #進入資料夾
./testssl.sh  #直接執行腳本看看使用方式

使用方式很簡單,就是給定參數,並帶上目標主機就可以了,這邊節錄使用-U來測試可能有的漏洞

Testing vulnerabilities 

 Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension
 CCS (CVE-2014-0224)                       not vulnerable (OK)
 Ticketbleed (CVE-2016-9244), experiment.  not vulnerable (OK)
 ROBOT                                     not vulnerable (OK)
 Secure Renegotiation (RFC 5746)           supported (OK)
 Secure Client-Initiated Renegotiation     not vulnerable (OK)
 CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
 BREACH (CVE-2013-3587)                    potentially NOT ok, "gzip deflate" HTTP compression detected. - only supplied "/" tested                       
                                           Can be ignored for static pages or if no secrets in the page
 POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
 TLS_FALLBACK_SCSV (RFC 7507)              Downgrade attack prevention supported (OK)                                                                     
 SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)
 FREAK (CVE-2015-0204)                     not vulnerable (OK)
 DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)                                                                      
                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services
                                           https://censys.io/ipv4?q=200DCAFA767C8450ECE644879C062A0CDF52240FE05BB7EB284611C3AEF3EC2E could help you to find out
 LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK): no DH EXPORT ciphers, no common prime detected
 BEAST (CVE-2011-3389)                     TLS1: ECDHE-RSA-AES128-SHA
                                                 ECDHE-RSA-AES256-SHA        
                                                 DHE-RSA-AES128-SHA          
                                                 DHE-RSA-AES256-SHA          
                                                 DHE-RSA-CAMELLIA256-SHA     
                                                 DHE-RSA-CAMELLIA128-SHA     
                                                 AES256-SHA CAMELLIA256-SHA  
                                                 AES128-SHA CAMELLIA128-SHA  
                                                 DHE-RSA-SEED-SHA SEED-SHA   
                                           VULNERABLE -- but also supports higher protocols  TLSv1.1 TLSv1.2 (likely mitigated)
 LUCKY13 (CVE-2013-0169), experimental     potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches
 Winshock (CVE-2014-6321), experimental    not vulnerable (OK)
 RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)

另外也可以將結果輸出成各種格式,--csv--html--json,檔名是預設的,大家可以自己試試看。
有個滿有趣的地方是,如果完整的掃描網站,會在最後有個簡單的評分機制,還會附上評級的原因。

 Rating (experimental) 

 Rating specs (not complete)  SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)
 Specification documentation  https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide
 Protocol Support (weighted)  95 (28)
 Key Exchange     (weighted)  90 (27)
 Cipher Strength  (weighted)  90 (36)
 Final Score                  91
 Overall Grade                B
 Grade cap reasons            Grade capped to B. TLS 1.1 offered
                              Grade capped to B. TLS 1.0 offered
                              Grade capped to A. HSTS is not offered

結語

今天介紹兩個很實用的工具可以幫助我們來確認網站的安全協定,也可以讓我們透過各種測項來了解各種漏洞,對網站安全性的掌握度更高,只是總覺得...學海無涯阿。


上一篇
Day 7 情報收集 - Information Gathering (Network & Port scanners)
下一篇
Day 9 情報收集 - Information Gathering (netmask)
系列文
Kali Linux 工具筆記31

尚未有邦友留言

立即登入留言