OpenSSL vulnerabilities appear regularly. Sometimes it is difficult to find out whether your vulnerability scanner can effectively detect specific vulnerability.
In fact, the only way to find this out is to scan a vulnerable host. Without this knowledge, it is dangerous to start a huge network scanning. You never know, the scanner did not find a vulnerability, because the infrastructure is safe or it wasn’t able to do it.
Let’s make the simplest stand: CentOS host with Apache and a self-signed OpenSSL certificate.
1. Take the oldest CentOS iso (now it is 6.7) from http://mirror.centos.org/centos/. Do not install updates during installation or after.
2. Install Apache HTTP Server. Run as root:
yum install httpd
yum install mod_ssl
3. Make and install certificte. Run as root:
mkdir /etc/httpd/ssl
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt
[You can just press enter during the configuration]
4. Edit file /etc/httpd/conf.d/ssl.conf
In section that begins with <VirtualHost _default_:443> uncomment the line
ServerName example.com:443
And make sure that this lines exist in the section:
SSLEngine on SSLCertificateFile /etc/httpd/ssl/apache.crt SSLCertificateKeyFile /etc/httpd/ssl/apache.key
5*. If you want to help scanner in banner detection, make sure that /etc/httpd/conf/httpd.conf contains lines:
ServerTokens Full ServerSignature On
6. Start web server. Run as root:
service httpd start
7. Stop firewall. Run as root:
service iptables stop
or add port in iptables. Run as root
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
service iptables restart
Check the https://<host_ip>/ and you can use it in vulnerability scanning.
And don’t forget to switch off the host after your scan is finished. 😉
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.
Pingback: Export anything to Splunk with HTTP Event Collector | Alexander V. Leonov