Nmap Development mailing list archives

Re: sweet32 and ssl-enum-ciphers question

From: ToddAndMargo <ToddAndMargo () zoho com>
Date: Mon, 30 Jan 2017 22:29:01 -0800

On 01/30/2017 10:09 PM, ToddAndMargo wrote:

On 01/30/2017 11:12 AM, ToddAndMargo wrote:

Hi All,

I have a customer that got tagged with sweet32 on his PCI (credit
card security) external scan.  He is using RDP on a couple
of his workstations so he can log in from home and I do believe
the issue is that he hasn't done his Windows 7 updates
in about two years.  I will fix.

Anyway, I am on nmap 7.40.  Reading over at:

https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html

It shows a bunch of this stuff:

      Example Usage

      nmap --script ssl-enum-ciphers -p 443 <host>
      Script Output
      PORT STATE SERVICE REASON 443/tcp open https syn-ack

      | ssl-enum-ciphers:
      |   TLSv1.0:
      |     ciphers:
      |       TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (secp256r1) - A
      |       TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (secp256r1) - A

and on and so forth

My intention is to use NMap to identify the sweet32 vulnerability
and to then use NMap again to verify I have solved the issue.

I am specifically looking for the "3DES" entry associated with
sweet32.

When I run this probe, I do not get any of the this stuff.
I do get stuff back, but not the list with all the ciphers.

This is what I ran:

nmap -p xxxx,yyyy -v --script ssl-enum-ciphers www.xxx.yyy.zzz

Am I missing something here?


Many thanks,
-T


By chance, if the port(s) are closed properly, would I
not see the "ssl-enum-ciphers" report that shows
on https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html
as the script could find anything?



This script "--script +ssl-enum-ciphers" found

      64-bit block cipher 3DES vulnerable to SWEET32 attack

So now I can reproduce.

What did the "+" sign do to make the difference?


Many thanks,
-T

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Serious error.
All shortcuts have disappeared.
Screen. Mind. Both are blank.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

sweet32 and ssl-enum-ciphers question ToddAndMargo (Jan 30)
- Re: sweet32 and ssl-enum-ciphers question Daniel Calvo Castro (Jan 30)
  - Re: sweet32 and ssl-enum-ciphers question ToddAndMargo (Jan 30)
- Re: sweet32 and ssl-enum-ciphers question ToddAndMargo (Jan 30)
  - Re: sweet32 and ssl-enum-ciphers question ToddAndMargo (Jan 30)
    - Re: sweet32 and ssl-enum-ciphers question Daniel Miller (Jan 31)
    - Re: sweet32 and ssl-enum-ciphers question ToddAndMargo (Jan 31)