Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add more Metasploit JARM fingerprints #398

Merged
merged 1 commit into from
Jan 27, 2022
Merged

Add more Metasploit JARM fingerprints #398

merged 1 commit into from
Jan 27, 2022

Conversation

mkienow-r7
Copy link
Contributor

@mkienow-r7 mkienow-r7 commented Jan 26, 2022
edited
Loading

Description

Adds three more Metasploit JARM fingerprints.

Motivation and Context

Updates Metasploit JARM fingerprints to reflect different SSLVersion settings.

How Has This Been Tested?

  • metasploit-framework version:
Framework: 6.1.25-dev-f509e0955e
Console  : 6.1.25-dev-f509e0955e
  • Settings information:
msf6 exploit(multi/handler) > advanced
...
Payload advanced options (multi/meterpreter/reverse_https):
...

   HandlerSSLCert                                            no        Path to a SSL certificate in unified PEM format
                                                                       , ignored for HTTP transports
   ...
   SSLVersion                   Auto                         yes       Specify the version of SSL/TLS to be used (Auto
                                                                       , TLS and SSL23 are auto-negotiate) (Accepted:
                                                                       Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
  • Test SSLVersion TLS1:
msf6 > use exploit/multi/handler
[*] Using configured payload generic/shell_reverse_tcp
msf6 exploit(multi/handler) > set LHOST 0.0.0.0
LHOST => 0.0.0.0
msf6 exploit(multi/handler) > set LPORT 4443
LPORT => 4443
msf6 exploit(multi/handler) > set PAYLOAD payload/multi/meterpreter/reverse_https
PAYLOAD => multi/meterpreter/reverse_https
msf6 exploit(multi/handler) > set SSLVersion TLS1
SSLVersion => TLS1
msf6 exploit(multi/handler) > exploit

[*] Started HTTPS reverse handler on https://0.0.0.0:4443

JARM: 07b08b09b21b21b07b07b08b07b21b23aeefb38b723c523befb314af6e95ac
  • Test SSLVersion TLS1.1:
msf6 exploit(multi/handler) > set SSLVersion TLS1.1
SSLVersion => TLS1.1

JARM: 07c08c09c21c21c07c07c08c07c21c23aeefb38b723c523befb314af6e95ac
  • Test SSLVersion TLS1.2:
msf6 exploit(multi/handler) > set SSLVersion TLS1.2
SSLVersion => TLS1.2

JARM: 07d14d16d21d21d00007d14d07d21d0ae59125bcd90b8876b50928af8f6cd4
  • Test SSLVersion SSL3:
msf6 exploit(multi/handler) > set SSLVersion SSL3
SSLVersion => SSL3

JARM: 00000000000000000000000000000000000000000000000000000000000000
  • Test SSLVersion Auto, TLS, SSL23:
msf6 exploit(multi/handler) > set SSLVersion Auto
SSLVersion => Auto
...
msf6 exploit(multi/handler) > set SSLVersion TLS
SSLVersion => TLS
...
msf6 exploit(multi/handler) > set SSLVersion SSL23
SSLVersion => SSL23

Matches existing JARM fingerprint.

JARM: 07d14d16d21d21d07c42d43d000000f50d155305214cf247147c43c0f1a823

Types of changes

  • New feature (non-breaking change which adds functionality)

Checklist:

  • I have updated the documentation accordingly (or changes are not required).
  • I have added tests to cover my changes (or new tests are not required).
  • All new and existing tests passed.

@mkienow-r7 mkienow-r7 force-pushed the feature/add-metasploit-jarm branch from 19ab568 to 062283d Compare January 27, 2022 20:55
@mkienow-r7 mkienow-r7 merged commit 4c1de0c into rapid7:master Jan 27, 2022
@mkienow-r7 mkienow-r7 deleted the feature/add-metasploit-jarm branch January 27, 2022 21:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tsellers-r7 tsellers-r7 tsellers-r7 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mkienow-r7 @tsellers-r7