Skip to content

Commit 3a034ba

Browse files
adfoster-r7adfoster-r7
authored
Merge pull request #20362 from sjanusz-r7/improve-bleichenbacher-oracle-python-version-detection
Fix Bleichenbacher Oracle module on hosts with Python 2
2 parents 65faeb4 + 41b83b7 commit 3a034ba

File tree

1 file changed

+15
-13
lines changed

1 file changed

+15
-13
lines changed

modules/auxiliary/scanner/ssl/bleichenbacher_oracle.py

Lines changed: 15 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -153,9 +153,11 @@ def oracle(target, pms, cke_2nd_prefix, cipher_handshake=ch_def, messageflow=Fal
153153
return "ConnectionResetError"
154154
except socket.timeout:
155155
return ("Timeout waiting for alert")
156-
s.close()
157156
except Exception as e:
158157
return str(e)
158+
finally:
159+
if 's' in locals():
160+
s.close()
159161

160162

161163
def run(args):
@@ -172,14 +174,14 @@ def run(args):
172174
N, e = get_rsa_from_server(target, timeout)
173175

174176
if not N:
175-
module.log("{}:{} - Cannot establish SSL connection: {}".format(*target, e), level='error')
177+
module.log("{}:{} - Cannot establish SSL connection: {error}".format(*target, error=e), level='error')
176178
return
177179

178180
modulus_bits = int(math.ceil(math.log(N, 2)))
179181
modulus_bytes = (modulus_bits + 7) // 8
180-
module.log("{}:{} - RSA N: {}".format(*target, hex(N)), level='debug')
181-
module.log("{}:{} - RSA e: {}".format(*target, hex(e)), level='debug')
182-
module.log("{}:{} - Modulus size: {} bits, {} bytes".format(*target, modulus_bits, modulus_bytes), level='debug')
182+
module.log("{}:{} - RSA N: {rsa_n}".format(*target, rsa_n=hex(N)), level='debug')
183+
module.log("{}:{} - RSA e: {rsa_e}".format(*target, rsa_e=hex(e)), level='debug')
184+
module.log("{}:{} - Modulus size: {modulus_bits} bits, {modulus_bytes} bytes".format(*target, modulus_bits=modulus_bits, modulus_bytes=modulus_bytes), level='debug')
183185

184186
cke_2nd_prefix = bytearray.fromhex("{0:0{1}x}".format(modulus_bytes + 6, 4) + "10" + "{0:0{1}x}".format(modulus_bytes + 2, 6) + "{0:0{1}x}".format(modulus_bytes, 4))
185187
# pad_len is length in hex chars, so bytelen * 2
@@ -210,14 +212,14 @@ def run(args):
210212
oracle_bad4 = oracle(target, pms_bad4, cke_2nd_prefix, cipher_handshake, messageflow=False, timeout=timeout)
211213

212214
if (oracle_good == oracle_bad1 == oracle_bad2 == oracle_bad3 == oracle_bad4):
213-
module.log("{}:{} - Identical results ({}), retrying with changed messageflow".format(*target, oracle_good), level='info')
215+
module.log("{}:{} - Identical results ({oracle_good}), retrying with changed messageflow".format(*target, oracle_good=oracle_good), level='info')
214216
oracle_good = oracle(target, pms_good, cke_2nd_prefix, cipher_handshake, messageflow=True, timeout=timeout)
215217
oracle_bad1 = oracle(target, pms_bad1, cke_2nd_prefix, cipher_handshake, messageflow=True, timeout=timeout)
216218
oracle_bad2 = oracle(target, pms_bad2, cke_2nd_prefix, cipher_handshake, messageflow=True, timeout=timeout)
217219
oracle_bad3 = oracle(target, pms_bad3, cke_2nd_prefix, cipher_handshake, messageflow=True, timeout=timeout)
218220
oracle_bad4 = oracle(target, pms_bad4, cke_2nd_prefix, cipher_handshake, messageflow=True, timeout=timeout)
219221
if (oracle_good == oracle_bad1 == oracle_bad2 == oracle_bad3 == oracle_bad4):
220-
module.log("{}:{} - Identical results ({}), no working oracle found".format(*target, oracle_good), level='info')
222+
module.log("{}:{} - Identical results ({oracle_good}), no working oracle found".format(*target, oracle_good=oracle_good), level='info')
221223
return
222224
else:
223225
flow = True
@@ -265,13 +267,13 @@ def run(args):
265267
tlsver = "TLS raw version %i/%i" % (cke_version[0], cke_version[1])
266268

267269
module.report_vuln(target[0], 'Bleichenbacher Oracle', port=target[1])
268-
module.log("{}:{} - Vulnerable: ({}) oracle found {} with {} message flow".format(*target, oracle_strength, tlsver, flowt), level='good')
270+
module.log("{}:{} - Vulnerable: ({oracle_strength}) oracle found {tlsver} with {flowt} message flow".format(*target, oracle_strength=oracle_strength, tlsver=tlsver, flowt=flowt), level='good')
269271

270-
module.log("{}:{} - Result of good request: {}".format(*target, oracle_good), level='debug')
271-
module.log("{}:{} - Result of bad request 1 (wrong first bytes): {}".format(*target, oracle_bad1), level='debug')
272-
module.log("{}:{} - Result of bad request 2 (wrong 0x00 position): {}".format(*target, oracle_bad2), level='debug')
273-
module.log("{}:{} - Result of bad request 3 (missing 0x00): {}".format(*target, oracle_bad3), level='debug')
274-
module.log("{}:{} - Result of bad request 4 (bad TLS version): {}".format(*target, oracle_bad4), level='debug')
272+
module.log("{}:{} - Result of good request: {oracle_bad}".format(*target, oracle_bad=oracle_good), level='debug')
273+
module.log("{}:{} - Result of bad request 1 (wrong first bytes): {oracle_bad}".format(*target, oracle_bad=oracle_bad1), level='debug')
274+
module.log("{}:{} - Result of bad request 2 (wrong 0x00 position): {oracle_bad}".format(*target, oracle_bad=oracle_bad2), level='debug')
275+
module.log("{}:{} - Result of bad request 3 (missing 0x00): {oracle_bad}".format(*target, oracle_bad=oracle_bad3), level='debug')
276+
module.log("{}:{} - Result of bad request 4 (bad TLS version): {oracle_bad}".format(*target, oracle_bad=oracle_bad4), level='debug')
275277

276278

277279
if __name__ == "__main__":

0 commit comments

Comments
 (0)