Closed cnotin closed 5 years ago
I tried to change: https://github.com/rapid7/metasploit-framework/blob/015651dd088a0d9932d4ddb5386cd73c0f689d28/lib/msf/core/exploit/rdp.rb#L967 With:
ctx = OpenSSL::SSL::SSLContext.new(TLSv1)
It fixes the issues, however, in Wireshark I see that now only TLS1.0 is supported in the Client Hello which downgrades us to it (with no paramter, I see in Client Hello that TLS 1.2 and even TLS 1.3 are supported).
OpenSSL has a feature to define the minimum accepted level with SSL_CTX_set_min_proto_version
(https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set_min_proto_version.html) but it was added only with OpenSSL 1.1.0
I don't know how to express otherwise to OpenSSL that we accept everything up to the latest version, while still accepting TLS 1.0
Here is a suggested patch, thanks to min_version
https://ruby-doc.org/stdlib-2.5.1/libdoc/openssl/rdoc/OpenSSL/SSL/SSLContext.html#method-i-min_version-3D
Steps to reproduce
Expected behavior
As confirmed by the modified rdesktop scanner:
Current behavior
In Wireshark I see that Metasploit tries to negotiate TLS 1.2 whereas the server only supports TLS 1.0. This is normal as Windows 7, without any update, only supports TLS 1.0. Cf. https://support.microsoft.com/fr-fr/help/3080079/update-to-add-rds-support-for-tls-1-1-and-tls-1-2-in-windows-7-or-wind
System stuff
Metasploit version
I installed Metasploit with:
Source
OS
Kali