Categories: vuln, safe
Detects whether a server is vulnerable to the SSL/TLS "CCS Injection" vulnerability (CVE-2014-0224), first discovered by Masashi Kikuchi. The script is based on the ccsinjection.c code authored by Ramon de C Valle (https://gist.github.com/rcvalle/71f4b027d61a78c42607)
In order to exploit the vulnerablity, a MITM attacker would effectively do the following:
o Wait for a new TLS connection, followed by the ClientHello ServerHello handshake messages.
o Issue a CCS packet in both the directions, which causes the OpenSSL code to use a zero length pre master secret key. The packet is sent to both ends of the connection. Session Keys are derived using a zero length pre master secret key, and future session keys also share this weakness.
o Renegotiate the handshake parameters.
o The attacker is now able to decrypt or even modify the packets in transit.
The script works by sending a 'ChangeCipherSpec' message out of order and checking whether the server returns an 'UNEXPECTED_MESSAGE' alert record or not. Since a non-patched server would simply accept this message, the CCS packet is sent twice, in order to force an alert from the server. If the alert type is different than 'UNEXPECTED_MESSAGE', we can conclude the server is vulnerable.
mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only, mssql.timeout, mssql.usernameSee the documentation for the mssql library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusernameSee the documentation for the smbauth library.
smtp.domainSee the documentation for the smtp library.
randomseed, smbbasic, smbport, smbsignSee the documentation for the smb library.
vulns.short, vulns.showallSee the documentation for the vulns library.
nmap -p 443 --script ssl-ccs-injection <target>
PORT STATE SERVICE 443/tcp open https | ssl-ccs-injection: | VULNERABLE: | SSL/TLS MITM vulnerability (CCS Injection) | State: VULNERABLE | Risk factor: High | Description: | OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before | 1.0.1h does not properly restrict processing of ChangeCipherSpec | messages, which allows man-in-the-middle attackers to trigger use | of a zero-length master key in certain OpenSSL-to-OpenSSL | communications, and consequently hijack sessions or obtain | sensitive information, via a crafted TLS handshake, aka the | "CCS Injection" vulnerability. | | References: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 | http://www.cvedetails.com/cve/2014-0224 |_ http://www.openssl.org/news/secadv_20140605.txt
License: Same as Nmap--See https://nmap.org/book/man-legal.html