Nmap Development mailing list archives

Re: Unable to get SSL Certificate info for SNMP seriver with nmap ssl-cert

From: Daniel Miller <bonsaiviking () gmail com>
Date: Sun, 20 Sep 2015 12:41:00 -0500

Thanks for chiming in. What version of Nmap are you using, suhail?

Venky, it looks like you're using an older version of Nmap. The
ssl-enum-ciphers script has undergone a lot of changes since 6.40. Can you
try with Nmap 6.49BETA4 or at worst 6.47 and tell us if you still
experience a problem? See https://nmap.org/download.html

If you still experience a problem, please include output of your command
with -d2 --script-trace options. I will try to reproduce here if I don't
hear back soon.

Dan

On Sun, Sep 20, 2015 at 2:47 AM, suhail sullad <suhail.sullad () gmail com>
wrote:

Observed the same issue. Suspecting a cipher issue.
On Sep 19, 2015 6:48 PM, "knare k" <knarelinux () gmail com> wrote:

Thanks Dan.

I configured a local snmp server on an Ubuntu machine with tls support.

# snmpd dtlsudp:10161 tlstcp:10161

Created a Self-Signed certificate and used it.

And the output from the command: "openssl s_client -connect
localhost:10161"

# openssl s_client -connect localhost:10161
CONNECTED(00000003)
depth=0 C = IN, ST = AP, L = HYD, O = xyz, OU = embedded, CN = venky,
emailAddress = venky@localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 C = IN, ST = AP, L = HYD, O = xyz, OU = embedded, CN = venky,
emailAddress = venky@localhost
verify return:1
140536960857760:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3
alert handshake failure:s3_pkt.c:1262:SSL alert number 40
140536960857760:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:177:
---
Certificate chain
 0
s:/C=IN/ST=AP/L=HYD/O=xyz/OU=embedded/CN=venky/emailAddress=venky@localhost

 i:/C=IN/ST=AP/L=HYD/O=xyz/OU=embedded/CN=venky/emailAddress=venky@localhost
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICaTCCAdICCQCqllznqB/5gjANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJJ
TjELMAkGA1UECAwCQVAxDDAKBgNVBAcMA0hZRDEMMAoGA1UECgwDeHl6MREwDwYD
VQQLDAhlbWJlZGRlZDEOMAwGA1UEAwwFdmVua3kxHjAcBgkqhkiG9w0BCQEWD3Zl
bmt5QGxvY2FsaG9zdDAeFw0xNTA5MTkwOTI1MDhaFw0xNjA5MTgwOTI1MDhaMHkx
CzAJBgNVBAYTAklOMQswCQYDVQQIDAJBUDEMMAoGA1UEBwwDSFlEMQwwCgYDVQQK
DAN4eXoxETAPBgNVBAsMCGVtYmVkZGVkMQ4wDAYDVQQDDAV2ZW5reTEeMBwGCSqG
SIb3DQEJARYPdmVua3lAbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQDA0+Aiqpx9fk/wH9Hg8wQLhEOs9ysC7ASemmv+0u+axru6nsxZTpM7OnMf
vFgGjAataERxenNVkt2IuRAWIO4p+A6J/H7WrnW3AqEFqovJoWVucAOkqzZfzIuD
bnVdrksyjJoz2KNdamT/C4PLvUp4ksM1cjEHCE5e9EuNe++uQQIDAQABMA0GCSqG
SIb3DQEBCwUAA4GBAFFx8mA0mJSr79n1hKlX8SpWYKfZ415Rt/Od3Pa9HFyb4sjl
pqZHiF82KlAZNJBhdNcp8rnO+bsjJHd1KK/ECFO3ZFL4apKKaQ+6R4rNTTltLCVe
OuHUEptj0ARghnJdSzy4huurwrMurzooZOk6oJ9px4O4MKW9UThGtxr684FZ
-----END CERTIFICATE-----

subject=/C=IN/ST=AP/L=HYD/O=xyz/OU=embedded/CN=venky/emailAddress=venky@localhost

issuer=/C=IN/ST=AP/L=HYD/O=xyz/OU=embedded/CN=venky/emailAddress=venky@localhost
---
No client certificate CA names sent
---
SSL handshake has read 725 bytes and written 210 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID:
    Session-ID-ctx:
    Master-Key:

AA5C362000AE942C8584A8AD153F4D2592AAD5172A2D4D5FE3457FDB5331982AE0739130A72DB3D86CDC1AAAFB30A13B
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1442654860
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---



And the output from the command: "nmap -sV -p <snmpport>
--script=+ssl-cert <host>"

# nmap -sV -p 10161 --script=+ssl-cert localhost

Starting Nmap 6.40 ( http://nmap.org ) at 2015-09-19 14:59 IST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00014s latency).
PORT      STATE SERVICE     VERSION
10161/tcp open  ssl/unknown

Service detection performed. Please report any incorrect results at
http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.23 seconds


Thanks
Venky

On Sat, Sep 19, 2015 at 4:41 AM, Daniel Miller <bonsaiviking () gmail com>
wrote:

Venky,

Can you confirm that the SNMP service is actually running SSL? This

would be

a highly unusual configuration, but you could test with an independent

tool.

What is the output of this command?

openssl s_client -connect <host>:<snmpport>

Instead of SSL do you perhaps have SNMPv3 with encryption enabled?

Dan

On Fri, Sep 18, 2015 at 8:25 AM, knare k <knarelinux () gmail com> wrote:


Hi Ulrik,

Thanks for your response. We tried with the '+' option, but no luck.
We have set up  snmp server locally on our ubuntu machine and tried
it. Checking if we configured the snmp server properly, I will let you
know if it works.

Thanks
Venky.


---------- Forwarded message ----------
From: Ulrik Haugen <qha () lysator liu se>
Date: Mon, Sep 14, 2015 at 9:56 PM
Subject: Re: Unable to get SSL Certificate info for SNMP seriver with
nmap ssl-cert
To: knare k <knarelinux () gmail com>


knare k <knarelinux () gmail com> wrote:

I am not able to get SSL certificate for snmp using ssl-cert script

of

nmap, able to get for all others. I tried the following command with
the snmp port.

# nmap  -sU -Pn -p <snmpport> <host> --script=ssl-cert


You might have more luck with:

# nmap -sU -Pn -p <snmpport> --script=+ssl-cert <host>

The "+" before the script name makes it run even though the portrule
doesn't fire. Unfortunately i can't find the documentation for it right
now so i can't show how you should have discovered it.

Please report if this works, i have some scripts that need tuning if it
does!

Best regards
/Ulrik Haugen
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Unable to get SSL Certificate info for SNMP seriver with nmap ssl-cert knare k (Sep 14)
- Re: Unable to get SSL Certificate info for SNMP seriver with nmap ssl-cert Ulrik Haugen (Sep 14)
- Re: Unable to get SSL Certificate info for SNMP seriver with nmap ssl-cert Daniel Miller (Sep 14)
- Message not available
  - Fwd: Unable to get SSL Certificate info for SNMP seriver with nmap ssl-cert knare k (Sep 18)
    - Re: Unable to get SSL Certificate info for SNMP seriver with nmap ssl-cert Daniel Miller (Sep 18)
    - Re: Unable to get SSL Certificate info for SNMP seriver with nmap ssl-cert knare k (Sep 19)
    - Re: Unable to get SSL Certificate info for SNMP seriver with nmap ssl-cert suhail sullad (Sep 20)
    - Re: Unable to get SSL Certificate info for SNMP seriver with nmap ssl-cert Daniel Miller (Sep 20)
    - Re: Unable to get SSL Certificate info for SNMP seriver with nmap ssl-cert suhail sullad (Sep 20)
    - Message not available
    - Re: Unable to get SSL Certificate info for SNMP seriver with nmap ssl-cert suhail sullad (Sep 21)
    - Re: Unable to get SSL Certificate info for SNMP seriver with nmap ssl-cert Daniel Miller (Sep 21)
    - Re: Unable to get SSL Certificate info for SNMP seriver with nmap ssl-cert suhail sullad (Sep 21)
    - Re: Unable to get SSL Certificate info for SNMP seriver with nmap ssl-cert suhail sullad (Sep 23)
    - Re: Unable to get SSL Certificate info for SNMP seriver with nmap ssl-cert Daniel Miller (Sep 23)