OpenSSL vulnerabilities appear regularly. Sometimes it is difficult to find out whether your vulnerability scanner can effectively detect specific vulnerability.
In fact, the only way to find this out is to scan a vulnerable host. Without this knowledge, it is dangerous to start a huge network scanning. You never know, the scanner did not find a vulnerability, because the infrastructure is safe or it wasn’t able to do it.
Let’s make the simplest stand: CentOS host with Apache and a self-signed OpenSSL certificate.
1. Take the oldest CentOS iso (now it is 6.7) from http://mirror.centos.org/centos/. Do not install updates during installation or after.
2. Install Apache HTTP Server. Run as root:
yum install httpd
yum install mod_ssl
3. Make and install certificte. Run as root:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt
[You can just press enter during the configuration]
4. Edit file /etc/httpd/conf.d/ssl.conf
In section that begins with <VirtualHost _default_:443> uncomment the line
And make sure that this lines exist in the section:
SSLEngine on SSLCertificateFile /etc/httpd/ssl/apache.crt SSLCertificateKeyFile /etc/httpd/ssl/apache.key
5*. If you want to help scanner in banner detection, make sure that /etc/httpd/conf/httpd.conf contains lines:
ServerTokens Full ServerSignature On
6. Start web server. Run as root:
service httpd start
7. Stop firewall. Run as root:
service iptables stop
or add port in iptables. Run as root
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
service iptables restart
Check the https://<host_ip>/ and you can use it in vulnerability scanning.
And don’t forget to switch off the host after your scan is finished. 😉