Re: [RFC] OpenSSL and Windows

[Thomas Buchanan <tbuchanan () thecompassgrp net>]

jah wrote:
> What's the current state of play with OpenSSL and nmap for mswin32?  
> Does it work?  Is it in use?  How can I check?  Is there anything that 
> doesn't work if nmap is not compiled with it?
>
> Regards,
>
> jah

Hello,

Here are some rough instructions that I came up with over the weekend 
for enabling OpenSSL in Nmap on Windows.  Hope they help.

First, my development environment is Windows XP SP2, Visual C++ 2005 
Express Edition, with Microsoft Platform SDK for Windows Server 2003 SP1 
installed.  This setup compiles the nmap-4.52 source with no modifications.

Here are the steps I took to enable OpenSSL:

1.  Download Win32 OpenSSL devel kit from 
http://www.slproweb.com/products/Win32OpenSSL.html
I got the 6MB file indicated for software developers.

2.  Install the Win32 OpenSSL devel kit, and take note of the 
installation directory.  I changed the default directory to 
"C:\Dev\OpenSSL"  The remainder of these directions will reference that 
directory.

3.  Download and extract latest Nmap source.  I extracted mine to 
"C:\Dev\nmap-4.52"

4.  Open .sln in Visual C++ 2005 Express Edition

5.  Edit nmap_winconfig.h, and add the following line:
#define HAVE_OPENSSL 1

Just for reference, I added this after line 112, but I don't think it 
matters too much.

6.  Edit nsock\src\nsock.h, and add the following line:
#define HAVE_OPENSSL 1

Again for reference, I added this after line 63.

7.  Edit the nmap project properties in VC++ as follows:
*  Under Configuration Properties -> C/C++ -> General, add 
"C:\Dev\OpenSSL\include" to Additional Include Directories
*  Under Configuration Properties -> Linker -> General, add 
"C:\Dev\OpenSSL\lib\VC" to Additional Library Directories
*  Under Configuration Properties -> Linker -> Input, add 
"libeay32MT.lib" and "ssleay32MT.lib" to Additional Dependencies

8.  Edit the nsock sub-project properties as follows:
*  Under Configuration Properties -> C/C++ -> General, add 
"C:\Dev\OpenSSL\include" to Additional Include Directories

9.  Add the following files to the nsock sub-project
*  Add Existing Item -> nsock\src\nsock_ssl.h to Header Files
*  Add Existing Item -> nsock\src\nsock_ssl.c to Source Files

10.  Build solution.

Hopefully, if everything has gone correctly, you will have a binary with 
OpenSSL support.

Now, to run this binary on other machines, you have a couple of options:
1.  Install the OpenSSL runtime files from 
http://www.slproweb.com/products/Win32OpenSSL.html
Current version is Win32 OpenSSL v0.9.8g Light (about 1MB download)

or

2.  Install the following files: libeay32.dll, ssleay32.dll from 
openssl-0.9.8e_WIN32.zip 
(http://www.deanlee.cn/programming/openssl-for-windows/)
These files can either be placed in the same directory as nmap.exe, or 
in the Windows system32 directory.

Here's the output of a slightly patched nmap-4.52, as you can see with 
OpenSSL support:

$ NMAPDIR=. ./nmap -d -sSV -p 443 
--script=md5test.nse,showHTMLTitle.nse 192.168.XXX.yyy
Winpcap present, dynamic linked to: WinPcap version 4.0.2 (packet.dll 
version 4.0.0.1040), based on libpcap version 0.9.5

Starting Nmap 4.52 ( http://insecure.org ) at 2008-01-07 14:53 Central 
Standard Time
Nmap linked against PCRE library 7.4 2007-09-21
Nmap linked against Lua 5.1
Nmap compiled against OpenSSL 0.9.8g 19 Oct 2007
Nmap linked against OpenSSL 0.9.8g 19 Oct 2007

<snip>

SCRIPT ENGINE: Script scanning completed.
Host cobalt (192.168.xxx.yyy) appears to be up ... good.
Interesting ports on cobalt (192.168.xxx.yyy):
PORT    STATE SERVICE  REASON  VERSION
443/tcp open  ssl/http syn-ack Microsoft IIS webserver 6.0
|_ HTML title: Welcome to Windows Small Business Server 2003
Service Info: OS: Windows

Host script results:
|  Hash test: MD5 and SHA1 hashes of IP address 192.168.xxx.yyy
|  MD5: 7787d3bd2027cfd13134682bbdf29bb6
|  SHA1: 9f799b960c8d40f303bbef0c0d3fca608aec8130
|  MD5 raw: w... '..14h+....
|  SHA1 raw: .y....@.....
|_ ?.`...0
Final times for host: srtt: 2000 rttvar: 7750  to: 100000

Read from .: nmap-mac-prefixes nmap-rpc nmap-service-probes nmap-services.
Service detection performed. Please report any incorrect results at 
http://insecure.org/nmap/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 21.250 seconds
            Raw packets sent: 2 (86B) | Rcvd: 2 (88B)

The hash script is a test for my NSE / OpenSSL patches posted here:
http://seclists.org/nmap-dev/2007/q4/0472.html

After a little work, I was able to successfully build that patch on 
Windows too, but I'm not too convinced that I got the build system quite 
right.

Anyway, let me know if you have any questions or comments.

Thanks,

Thomas

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org