top of page
作家相片Samuel

Nmap NSE Category vulns Script:sslv2-drown 確定服務器是否支持SSLv2,支持哪些加密套件,並測試CVE-2015-3197、CVE-2016-0703和CVE-2016-0800(DROWN漏洞)

已更新:8月6日


Nmap Script摘要


確定服務器是否支持SSLv2,支持哪些加密套件,並測試CVE-2015-3197、CVE-2016-0703和CVE-2016-0800(DROWN漏洞)。


Nmap Script參數

tls.servername

參見tls庫的文檔。

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

參見smbauth庫的文檔。

mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only, mssql.timeout, mssql.username

參見mssql庫的文檔。

smtp.domain

參見smtp庫的文檔。

randomseed, smbbasic, smbport, smbsign

參見smb庫的文檔。

vulns.short, vulns.showall

參見vulns庫的文檔。


Nmap Script範例


nmap -sV --script=sslv2-drown <target>

Nmap Script輸出

443/tcp open  https
| sslv2-drown:
|   ciphers:
|     SSL2_DES_192_EDE3_CBC_WITH_MD5
|     SSL2_IDEA_128_CBC_WITH_MD5
|     SSL2_RC2_128_CBC_WITH_MD5
|     SSL2_RC4_128_WITH_MD5
|     SSL2_DES_64_CBC_WITH_MD5
|   forced_ciphers:
|     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
|     SSL2_RC4_128_EXPORT40_WITH_MD5
|   vulns:
|     CVE-2016-0800:
|       title: OpenSSL: Cross-protocol attack on TLS using SSLv2 (DROWN)
|       state: VULNERABLE
|       ids:
|         CVE:CVE-2016-0800
|       description:
|               The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and
|       other products, requires a server to send a ServerVerify message before establishing
|       that a client possesses certain plaintext RSA data, which makes it easier for remote
|       attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding
|       oracle, aka a "DROWN" attack.
|
|       refs:
|         https://www.openssl.org/news/secadv/20160301.txt
|_        https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800

Nmap Script作者:

Bertrand Bonnefoy-Claudet <bertrand@cryptosense.com>

License: Same as Nmap--See https://nmap.org/book/man-legal.html


Nmap
Nmap

 

延伸閱讀

12 次查看
bottom of page