[SSL: UNEXPECTED_MESSAGE] unexpected message

[zeronito]

Hi,

Thanks for sharing. I'm going to test but I always got the SSLError:

Traceback (most recent call last):
  File "/root/CVE-2024-23113/POC-CVE-2024-23113.py", line 63, in <module>
    main()
  File "/root/CVE-2024-23113/POC-CVE-2024-23113.py", line 55, in main
    is_vulnerable = check_vulnerability(hostname)
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/root/CVE-2024-23113/POC-CVE-2024-23113.py", line 20, in check_vulnerability
    with context.wrap_socket(sock, server_hostname=hostname) as ssock:
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/ssl.py", line 455, in wrap_socket
    return self.sslsocket_class._create(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/ssl.py", line 1042, in _create
    self.do_handshake()
  File "/usr/lib/python3.12/ssl.py", line 1320, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: UNEXPECTED_MESSAGE] unexpected message (_ssl.c:1000)

where is the problem? How can I solve the issue?

thanks.

[p33d]

Hi i just update the code you can try to use thanks for report

[o4time]

I still get SSL error using the lastest version .I have tried TLSv1_1,TLSv1_2,TLSv1 but none of them suceed. SSL: UNEXPECTED_MESSAGE] unexpected message (_ssl.c:1145)

[p33d]

did you check if the server uses SSL/TLS? In any case, I changed the code and added the suppress_ragged_eofs=True parameter to avoid connection problems if the server suddenly closes the connection before the package is finished

[zeronito]

did you have any plan to improve it from detection to rce PoC?

[p33d]

I do it mainly for fun. If I see progress, there was a greater demand from more people, I will try

[o4time]

did you check if the server uses SSL/TLS? In any case, I changed the code and added the suppress_ragged_eofs=True parameter to avoid connection problems if the server suddenly closes the connection before the package is finished

I set up a virtual environment with a vulnerable version, but the script always prompts a connection timeout when running. The 541 port is open and can return "get auth" and other information when establishing a connection. Why is this

[zeronito]

I do it mainly for fun. If I see progress, there was a greater demand from more people, I will try

can you provide more details with some hint to achieve rce? I'm looking for working poc for this vulnerability.

[o4time]

I do it mainly for fun. If I see progress, there was a greater demand from more people, I will try

can you provide more details with some hint to achieve rce? I'm looking for working poc for this vulnerability.

Are you testing in a virtualized environment? Is there anything to pay attention to when setting up the testing environment, or is it just a 541 port

[zeronito]

any advice to execute id or any other system command via this PoC would be greatful...

[stickybit001]

Anyone could reach the padding payload to execute RCE dm me please @everyone @p33d

[radoslavatanasov1]

Hey @p33d could you help me implement the checker to RCE POC? i have a working script that executes commands to find the vuln servers PID for the current Proccess, but i cannot inject other commands?

[radoslavatanasov1]

did you check if the server uses SSL/TLS? In any case, I changed the code and added the suppress_ragged_eofs=True parameter to avoid connection problems if the server suddenly closes the connection before the package is finished

I set up a virtual environment with a vulnerable version, but the script always prompts a connection timeout when running. The 541 port is open and can return "get auth" and other information when establishing a connection. Why is this

If you have access to old Version of software contact me we can continue working on the Checker > RCE, but please note i will disclose anything we find to the correct deparments !