Companion blog post: https://securitylabs.datadoghq.com/articles/openssl-november-1-vulnerabilities/
This folder contains a proof of concept DoS exploit for the OpenSSL high severity (initially reported as critical) punycode vulnerability tracked as CVE-2022-3602. In this PoC we have a ready-to-use Vagrant box, and a set of bash scripts to help you combile and run the two attack scenarios.
This Vagrant configuration will launch the vagrant environment with:
- A Linux Ubuntu box containing the OpenSSL server with a malicious certificate
- A Windows box with the vulnerable OpenSSL client
- Run vagrant
vagrant up
- Initiate RDP access to the windows VM
vagrant rdp windows
-
Use any RDP client to connect to the windows VM, using the credentials
vagrant/vagrant -
Open the windows command line and navigate to the PoC directory
cd C:\Users\vagrant\Documents\WindowsCrash\
We've compiled openssl.exe for you using the official instructions here
- Connect to the malicious server
openssl.exe s_client -connect 192.168.56.3:3000
As you will see, this will cause openssl.exe to crash when verifying the malicious certificate. You can see details about the crash in the event viewer.
We provided a set of easy-to-use bash scripts to generate the certificate and run OpenSSL for both scenarios:
- Malicious client sending crafted certificate to a server which verifies client certificates chain here
- Malicious server having serving malicious crafted certificates chain to client. Clients will always checks for certificates chain here
- Eslam Salem
- Frederic Baguelin
- Nick Frichette
- Jeremy Fox