Nmap NSE Category vulns Script：tls-ticketbleed 檢測服務器是否容易受到F5 Ticketbleed漏洞（CVE-2016-9244）的影響

• 指令類型：portrule

• 類別：vuln, safe

• 下載：https://svn.nmap.org/nmap/scripts/tls-ticketbleed.nse

Nmap Script指令摘要

檢測服務器是否容易受到F5 Ticketbleed漏洞（CVE-2016-9244）的影響。

額外資訊：

https://filippo.io/Ticketbleed/

https://blog.filippo.io/finding-ticketbleed/

https://support.f5.com/csp/article/K05121675

Nmap Script指令參數

tls-ticketbleed.protocols

（默認嘗試所有）TLSv1.0, TLSv1.1, 或 TLSv1.2

tls.servername

參見tls庫的文檔。

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

參見smbauth庫的文檔。

mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only, mssql.timeout, mssql.username

參見mssql庫的文檔。

smtp.domain

參見smtp庫的文檔。

randomseed, smbbasic, smbport, smbsign

參見smb庫的文檔。

vulns.short, vulns.showall

參見vulns庫的文檔。

Nmap Script指令範例

nmap -p 443 --script tls-ticketbleed <target>

Nmap Script指令輸出

| tls-ticketbleed:
|   VULNERABLE:
|   Ticketbleed is a serious issue in products manufactured by F5, a popular
vendor of TLS load-balancers. The issue allows for stealing information from
the load balancer
|     State: VULNERABLE (Exploitable)
|     Risk factor: High
|       Ticketbleed is vulnerability in the implementation of the TLS
SessionTicket extension found in some F5 products. It allows the leakage
("bleeding") of up to 31 bytes of data from uninitialized memory. This is
caused by the TLS stack padding a Session ID, passed from the client, with
data to make it 32-bits long.
|     Exploit results:
|       2ab2ea6a4c167fbe8bf0b36c7d9ed6d3
|       *..jL......l}...
|     References:
|       https://filippo.io/Ticketbleed/
|       https://blog.filippo.io/finding-ticketbleed/
|_      https://support.f5.com/csp/article/K05121675

Nmap Script作者:

Mak Kolybabi <mak@kolybabi.com>

License: Same as Nmap--See https://nmap.org/book/man-legal.html

延伸閱讀

• 網路概念

• 技術文章

• 經驗分享

• 軟體介紹

• Nmap（持續更新Script中文翻譯）