kelleyja
2013-03-14, 14:33
Looks like support for SSL version 2 has been removed from this distribution, which makes it difficult to test for insecure SSLv2 ciphers on webservers. I added back the support, by using the following commands that I found on the interwebs and I thought I'd share :cool:
1 - get yourself a drink, this takes a while
2- this was done on a base install of the 32bit gnome vmimage
root@kali:~# sudo apt-get install devscripts quilt
root@kali:~#apt-get source openssl
root@kali:~#cd openssl-*
root@kali:~/openssl-1.0.1e# quilt pop -a #removing patches
root@kali:~/openssl-1.0.1e# vi debian/patches/series # you need to remove the line that says something like "no-ssl2.patch" name may vary Press :x<return> to save and exit vi
root@kali:~/openssl-1.0.1e# vi debian/rules # remove the arg that says no-ssl2, leave the rest of that line Press :x<return> to save and exit vi
root@kali:~/openssl-1.0.1e# quilt push -a # repatch
root@kali:~/openssl-1.0.1e# dch -n 'Allow SSLv2' #change description for changelog
root@kali:~/openssl-1.0.1e# dpkg-source --commit # commit any changes
root@kali:~/openssl-1.0.1e# debuild -uc -us # rebuild OpenSSL with customizations
root@kali:~/openssl-1.0.1e# cd ../ # go up a level
root@kali:~# sudo dpkg -i *ssl*.deb # install that package you just rebuilt
test it on your coworkers ssl2 site
root@kali:~# openssl
OpenSSL> s_client -connect www.<insertserver>.com:443 -ssl2
CONNECTED # it works, if something messed up it will say invalid arg -ssl2
sslscan still will not work at this point because we need to rebuild that pkg too
root@kali:~# apt-get source sslscan #get the source
root@kali:~# cd sslscan* # go to sslscan
root@kali:~/sslscan-1.8.2# debuild -uc -us #rebuild the pkg
root@kali:~/sslscan-1.8.2# cd ../ # get out of sslscan
root@kali:~# sudo dpkg -i *sslscan*.deb #reinstall
it should check for sslv2 ciphers now
1 - get yourself a drink, this takes a while
2- this was done on a base install of the 32bit gnome vmimage
root@kali:~# sudo apt-get install devscripts quilt
root@kali:~#apt-get source openssl
root@kali:~#cd openssl-*
root@kali:~/openssl-1.0.1e# quilt pop -a #removing patches
root@kali:~/openssl-1.0.1e# vi debian/patches/series # you need to remove the line that says something like "no-ssl2.patch" name may vary Press :x<return> to save and exit vi
root@kali:~/openssl-1.0.1e# vi debian/rules # remove the arg that says no-ssl2, leave the rest of that line Press :x<return> to save and exit vi
root@kali:~/openssl-1.0.1e# quilt push -a # repatch
root@kali:~/openssl-1.0.1e# dch -n 'Allow SSLv2' #change description for changelog
root@kali:~/openssl-1.0.1e# dpkg-source --commit # commit any changes
root@kali:~/openssl-1.0.1e# debuild -uc -us # rebuild OpenSSL with customizations
root@kali:~/openssl-1.0.1e# cd ../ # go up a level
root@kali:~# sudo dpkg -i *ssl*.deb # install that package you just rebuilt
test it on your coworkers ssl2 site
root@kali:~# openssl
OpenSSL> s_client -connect www.<insertserver>.com:443 -ssl2
CONNECTED # it works, if something messed up it will say invalid arg -ssl2
sslscan still will not work at this point because we need to rebuild that pkg too
root@kali:~# apt-get source sslscan #get the source
root@kali:~# cd sslscan* # go to sslscan
root@kali:~/sslscan-1.8.2# debuild -uc -us #rebuild the pkg
root@kali:~/sslscan-1.8.2# cd ../ # get out of sslscan
root@kali:~# sudo dpkg -i *sslscan*.deb #reinstall
it should check for sslv2 ciphers now