Land rapid7#6012, Use SSLVerifyMode and SSLCipher from the Exploit::Remote::Tcp

Brent Cook · Brent Cook · commit 2445c1fa32fc · 2015-10-02T15:27:47.000-05:00
diff --git a/lib/msf/core/exploit/tcp.rb b/lib/msf/core/exploit/tcp.rb
@@ -64,7 +64,7 @@ def initialize(info = {})
     register_advanced_options(
       [
         OptBool.new('SSL',        [ false, 'Negotiate SSL for outgoing connections', false]),
-        OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL that should be used', 'TLS1', ['SSL2', 'SSL3', 'TLS1']]),
+        OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL/TLS to be used (TLS and SSL23 are auto-negotiate)', 'TLS1', ['SSL2', 'SSL3', 'SSL23', 'TLS', 'TLS1', 'TLS1.1', 'TLS1.2']]),
         OptEnum.new('SSLVerifyMode',  [ false, 'SSL verification method', 'PEER', %W{CLIENT_ONCE FAIL_IF_NO_PEER_CERT NONE PEER}]),
         OptString.new('SSLCipher',    [ false, 'String for SSL cipher - "DHE-RSA-AES256-SHA" or "ADH"']),
         Opt::Proxies,
@@ -100,15 +100,17 @@ def connect(global = true, opts={})
     end
 
     nsock = Rex::Socket::Tcp.create(
-      'PeerHost'   =>  opts['RHOST'] || rhost,
-      'PeerPort'   => (opts['RPORT'] || rport).to_i,
-      'LocalHost'  =>  opts['CHOST'] || chost || "0.0.0.0",
-      'LocalPort'  => (opts['CPORT'] || cport || 0).to_i,
-      'SSL'        =>  dossl,
-      'SSLVersion' =>  opts['SSLVersion'] || ssl_version,
-      'Proxies'    => proxies,
-      'Timeout'    => (opts['ConnectTimeout'] || connect_timeout || 10).to_i,
-      'Context'    =>
+      'PeerHost'      =>  opts['RHOST'] || rhost,
+      'PeerPort'      => (opts['RPORT'] || rport).to_i,
+      'LocalHost'     =>  opts['CHOST'] || chost || "0.0.0.0",
+      'LocalPort'     => (opts['CPORT'] || cport || 0).to_i,
+      'SSL'           =>  dossl,
+      'SSLVersion'    =>  opts['SSLVersion'] || ssl_version,
+      'SSLVerifyMode' =>  opts['SSLVerifyMode'] || ssl_verify_mode,
+      'SSLCipher'     =>  opts['SSLCipher'] || ssl_cipher,
+      'Proxies'       => proxies,
+      'Timeout'       => (opts['ConnectTimeout'] || connect_timeout || 10).to_i,
+      'Context'       =>
         {
           'Msf'        => framework,
           'MsfExploit' => self,
@@ -269,6 +271,20 @@ def connect_timeout
     datastore['ConnectTimeout']
   end
 
+  #
+  # Returns the SSL certification verification mechanism
+  #
+  def ssl_verify_mode
+    datastore['SSLVerifyMode']
+  end
+
+  #
+  # Returns the SSL cipher to use for the context
+  #
+  def ssl_cipher
+    datastore['SSLCipher']
+  end
+
 protected
 
   attr_accessor :sock
diff --git a/lib/rex/socket/ssl_tcp.rb b/lib/rex/socket/ssl_tcp.rb
@@ -64,7 +64,8 @@ def initsock(params = nil)
       case params.ssl_version
       when 'SSL2', :SSLv2
         version = :SSLv2
-      when 'SSL23', :SSLv23
+      # 'TLS' will be the new name for autonegotation with newer versions of OpenSSL
+      when 'SSL23', :SSLv23, 'TLS'
         version = :SSLv23
       when 'SSL3', :SSLv3
         version = :SSLv3
