Skip to content

Commit ef815ca

Browse files
firefartfirefart
committed
Land rapid7#3288, Postgres support for Heartbleed scanner
2 parents e556997 + 8f65679 commit ef815ca

File tree

1 file changed

+21
-3
lines changed

1 file changed

+21
-3
lines changed

modules/auxiliary/scanner/ssl/openssl_heartbleed.rb

Lines changed: 21 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -80,7 +80,8 @@ class Metasploit3 < Msf::Auxiliary
8080
'IMAP' => :tls_imap,
8181
'JABBER' => :tls_jabber,
8282
'POP3' => :tls_pop3,
83-
'FTP' => :tls_ftp
83+
'FTP' => :tls_ftp,
84+
'POSTGRES' => :tls_postgres
8485
}
8586

8687
# See the discussion at https://github.com/rapid7/metasploit-framework/pull/3252
@@ -111,7 +112,8 @@ def initialize
111112
'Sebastiano Di Paola', # Msf module
112113
'Tom Sellers', # Msf module
113114
'jjarmoc', #Msf module; keydump, refactoring..
114-
'Ben Buchanan' #Msf module
115+
'Ben Buchanan', #Msf module
116+
'herself' #Msf module
115117
],
116118
'References' =>
117119
[
@@ -137,7 +139,7 @@ def initialize
137139
register_options(
138140
[
139141
Opt::RPORT(443),
140-
OptEnum.new('TLS_CALLBACK', [true, 'Protocol to use, "None" to use raw TLS sockets', 'None', [ 'None', 'SMTP', 'IMAP', 'JABBER', 'POP3', 'FTP' ]]),
142+
OptEnum.new('TLS_CALLBACK', [true, 'Protocol to use, "None" to use raw TLS sockets', 'None', [ 'None', 'SMTP', 'IMAP', 'JABBER', 'POP3', 'FTP', 'POSTGRES' ]]),
141143
OptEnum.new('TLS_VERSION', [true, 'TLS/SSL version to use', '1.0', ['SSLv3','1.0', '1.1', '1.2']]),
142144
OptInt.new('MAX_KEYTRIES', [true, 'Max tries to dump key', 10]),
143145
OptInt.new('STATUS_EVERY', [true, 'How many retries until status', 5]),
@@ -222,6 +224,22 @@ def tls_imap
222224
sock.get_once(-1, response_timeout)
223225
end
224226

227+
def tls_postgres
228+
# postgresql TLS - works with all modern pgsql versions - 8.0 - 9.3
229+
# http://www.postgresql.org/docs/9.3/static/protocol-message-formats.html
230+
sock.get_once
231+
# the postgres SSLRequest packet is a int32(8) followed by a int16(1234),
232+
# int16(5679) in network format
233+
psql_sslrequest = [8].pack('N')
234+
psql_sslrequest << [1234, 5679].pack('n*')
235+
sock.put(psql_sslrequest)
236+
res = sock.get_once
237+
unless res && res =~ /S/
238+
return nil
239+
end
240+
res
241+
end
242+
225243
def tls_pop3
226244
# http://tools.ietf.org/html/rfc2595
227245
sock.get_once(-1, response_timeout)

0 commit comments

Comments
 (0)