Making vulnerable OpenSSL scanning target

OpenSSL vulnerabilities appear regularly. Sometimes it is difficult to find out whether your vulnerability scanner can effectively detect specific vulnerability.

In fact, the only way to find this out is to scan a vulnerable host. Without this knowledge, it is dangerous to start a huge network scanning. You never know, the scanner did not find a vulnerability, because the infrastructure is safe or it wasn’t able to do it.

Let’s make the simplest stand: CentOS host with Apache and a self-signed OpenSSL certificate.

Vulnerable OpenSSL stand

1. Take the oldest CentOS iso (now it is 6.7) from http://mirror.centos.org/centos/. Do not install updates during installation or after.

2. Install Apache HTTP Server. Run as root:

yum install httpd
yum install mod_ssl

3. Make and install certificte. Run as root:

mkdir /etc/httpd/ssl
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt
[You can just press enter during the configuration]

4. Edit file /etc/httpd/conf.d/ssl.conf
In section that begins with <VirtualHost _default_:443> uncomment the line

ServerName example.com:443

And make sure that this lines exist in the section:

SSLEngine on
SSLCertificateFile /etc/httpd/ssl/apache.crt
SSLCertificateKeyFile /etc/httpd/ssl/apache.key

5*. If you want to help scanner in banner detection, make sure that /etc/httpd/conf/httpd.conf contains lines:

ServerTokens Full
ServerSignature On

6. Start web server. Run as root:

service httpd start

7. Stop firewall. Run as root:

service iptables stop

or add port in iptables. Run as root

iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
service iptables restart

Check the https://<host_ip>/ and you can use it in vulnerability scanning.
And don’t forget to switch off the host after your scan is finished. 😉

One thought on “Making vulnerable OpenSSL scanning target

  1. Pingback: Export anything to Splunk with HTTP Event Collector | Alexander V. Leonov

Leave a Reply

Your email address will not be published. Required fields are marked *