指令類型:portrule
指令摘要
檢測服務器是否容易受到F5 Ticketbleed漏洞(CVE-2016-9244)的影響。
額外資訊:
指令參數
tls-ticketbleed.protocols
(默認嘗試所有)TLSv1.0, TLSv1.1, 或 TLSv1.2
tls.servername
參見tls庫的文檔。
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
參見smbauth庫的文檔。
mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only, mssql.timeout, mssql.username
參見mssql庫的文檔。
smtp.domain
參見smtp庫的文檔。
randomseed, smbbasic, smbport, smbsign
參見smb庫的文檔。
vulns.short, vulns.showall
參見vulns庫的文檔。
指令範例
nmap -p 443 --script tls-ticketbleed <target>
指令輸出
| tls-ticketbleed:
| VULNERABLE:
| Ticketbleed is a serious issue in products manufactured by F5, a popular
vendor of TLS load-balancers. The issue allows for stealing information from
the load balancer
| State: VULNERABLE (Exploitable)
| Risk factor: High
| Ticketbleed is vulnerability in the implementation of the TLS
SessionTicket extension found in some F5 products. It allows the leakage
("bleeding") of up to 31 bytes of data from uninitialized memory. This is
caused by the TLS stack padding a Session ID, passed from the client, with
data to make it 32-bits long.
| Exploit results:
| 2ab2ea6a4c167fbe8bf0b36c7d9ed6d3
| *..jL......l}...
| References:
| https://filippo.io/Ticketbleed/
| https://blog.filippo.io/finding-ticketbleed/
|_ https://support.f5.com/csp/article/K05121675
作者:
Mak Kolybabi <mak@kolybabi.com>
License: Same as Nmap--See https://nmap.org/book/man-legal.html
隨選即看研討會
延伸閱讀
CyberScope Nmap 滲透測試手持式網路分析儀,整合了 Nmap 功能,為站點存取層提供全面的網路安全風險評估、分析、和報告——包括所有的端點和網路探索、有線與無線網路安全、漏洞評估 (Nmap) 以及網段和設定驗證;IT 人員透過單一工具以及單一介面,即可快速且即時的掌握企業或組織的各種混合式網路環境 (有線、無線、PoE)、各種連網終端裝置的拓樸、架構、設定、網段、效能、直到網路安全評估。
Comments