top of page

Nmap vulns 指令與參數:ssl-dh-params 檢測SSL/TLS服務的弱暫時性Diffie-Hellman參數


指令摘要


檢測SSL/TLS服務的弱暫時性Diffie-Hellman參數。


該腳本模擬使用擁有暫時性Diffie-Hellman作為密鑰交換算法的密碼套件的SSL/TLS握手。

提取並分析Diffie-Hellman MODP群組參數,以檢測對Logjam(CVE 2015-4000)和其他弱點的脆弱性。


在支持它們的服務上建立機會性的STARTTLS會話。


指令參數


tls.servername

參見tls庫的文檔。

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

參見smbauth庫的文檔。

mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only, mssql.timeout, mssql.username

參見mssql庫的文檔。

smtp.domain

參見smtp庫的文檔。

randomseed, smbbasic, smbport, smbsign

參見smb庫的文檔。

vulns.short, vulns.showall

參見vulns庫的文檔。


指令範例


nmap --script ssl-dh-params <target>

指令輸出

Host script results:
| ssl-dh-params:
|   VULNERABLE:
|   Transport Layer Security (TLS) Protocol DHE_EXPORT Ciphers Downgrade MitM (Logjam)
|     State: VULNERABLE
|     IDs:  BID:74733  CVE:CVE-2015-4000
|       The Transport Layer Security (TLS) protocol contains a flaw that is triggered
|       when handling Diffie-Hellman key exchanges defined with the DHE_EXPORT cipher.
|       This may allow a man-in-the-middle attacker to downgrade the security of a TLS
|       session to 512-bit export-grade cryptography, which is significantly weaker,
|       allowing the attacker to more easily break the encryption and monitor or tamper
|       with the encrypted stream.
|     Disclosure date: 2015-5-19
|     Check results:
|       EXPORT-GRADE DH GROUP 1
|         Ciphersuite: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
|         Modulus Type: Non-safe prime
|         Modulus Source: sun.security.provider/512-bit DSA group with 160-bit prime order subgroup
|         Modulus Length: 512 bits
|         Generator Length: 512 bits
|         Public Key Length: 512 bits
|     References:
|       https://weakdh.org
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
|       https://www.securityfocus.com/bid/74733
|
|   Diffie-Hellman Key Exchange Insufficient Diffie-Hellman Group Strength
|     State: VULNERABLE
|       Transport Layer Security (TLS) services that use Diffie-Hellman groups of
|       insuffficient strength, especially those using one of a few commonly shared
|       groups, may be susceptible to passive eavesdropping attacks.
|     Check results:
|       WEAK DH GROUP 1
|         Ciphersuite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
|         Modulus Type: Safe prime
|         Modulus Source: Unknown/Custom-generated
|         Modulus Length: 512 bits
|         Generator Length: 8 bits
|         Public Key Length: 512 bits
|     References:
|       https://weakdh.org
|
|   Diffie-Hellman Key Exchange Potentially Unsafe Group Parameters
|     State: VULNERABLE
|       This TLS service appears to be using a modulus that is not a safe prime and does
|       not correspond to any well-known DSA group for Diffie-Hellman key exchange.
|       These parameters MAY be secure if:
|       - They were generated according to the procedure described in FIPS 186-4 for
|         DSA Domain Parameter Generation, or
|       - The generator g generates a subgroup of large prime order
|       Additional testing may be required to verify the security of these parameters.
|     Check results:
|       NON-SAFE DH GROUP 1
|         Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
|         Modulus Type: Non-safe prime
|         Modulus Source: Unknown/Custom-generated
|         Modulus Length: 1024 bits
|         Generator Length: 1024 bits
|         Public Key Length: 1024 bits
|     References:
|_      https://weakdh.org

作者:

Jacob Gajek

License: Same as Nmap--See https://nmap.org/book/man-legal.html


隨選即看研討會


延伸閱讀

CyberScope Nmap 滲透測試手持式網路分析儀,整合了 Nmap 功能,為站點存取層提供全面的網路安全風險評估、分析、和報告——包括所有的端點和網路探索、有線與無線網路安全、漏洞評估 (Nmap) 以及網段和設定驗證;IT 人員透過單一工具以及單一介面,即可快速且即時的掌握企業或組織的各種混合式網路環境 (有線、無線、PoE)、各種連網終端裝置的拓樸、架構、設定、網段、效能、直到網路安全評估。


Комментарии


歡迎 訂閱翔宇科技主題式電子報 >,您將可同步掌握最新的產業新訊以及技術文章。
bottom of page