1. 代码分析

1.1 require

nmap:与Nmap内部接口。

shortport:建立短portrules的函数

stdnse:标准的Nmap脚本引擎功能。 该模块包含各种方便的功能，这些模块功能太小而无法证明自己。

table:将输出排列成表格。

vulns:漏洞管理功能。

tls

1.2 description

1.2.1 CCS Injection vulnerability(CVE-2014-0224)

How I discovered CCS Injection Vulnerability (CVE-2014-0224)

1.2.2 脚本流程

脚本发送一个失序的ChangeCipherSpec信息，检查服务器是否返回UNEXPECTED_MESSAGE警告字段。 由于未修复该漏洞的服务器只会接受此消息，因此CCS数据包将发送两次，以强制服务器发出警报。 如果警报类型与“UNEXPECTED_MESSAGE”不同，我们可以得出结论，服务器容易受影响。

1.3 function test_ccs_injection

1.3.1 向目标服务器发送Client Hello

s:send(hello)

检测发送状态，若失败返回错误信息Couldn't send Client Hello: err，err为s:send返回的err信息。

1.3.2 读取回复

-- 判断是否是提示超时
tls.record_buffer(s, response, i)

tls.record_read(response, i)

-- 循环record
  -- 判断record.type == “handshake"
    -- 判断body.type == "server_hello_done"
      stdnse.debug1("Handshake completed (%s)", version)

1.3.3 重复发送change_cipher_spec

change_cipher_spec消息

ccs = tls.record_write("change_cipher_spec", version, "\x01")

发送第一个ccs消息

s:send(ccs)

发送第二个ccs消息

s:send(ccs)

读取警告信息

vulnerable = alert_unexpected_message(s)

1.4 function alert_unexpected_message(s)

buffer = tls.record_buffer(s, buffer, 1)

record = tls.record_read(buffer, 1)

if record.type ~= "alert" then
    -- VULNERABLE 标记，预期中的alert record
    return true,true
  end

  for _, body in ipairs(record.body) do
    if body.level == "fatal" and body.description == "unexpected_message" then
      return true,false
    end
  end

1.5 action = function(host, port)

对tls.PROTOCOLS迭代

local vulnerable, err = test_ccs_injection(host, port, tls_version)

2. 检测

2.1 对自建易受攻击环境的检测

客户端执行nmap：

renz@ubuntuserver17:~$ nmap -p 443 --script ssl-ccs-injection 192.168.80.211

Starting Nmap 7.50 ( https://nmap.org ) at 2018-06-08 11:52 CST
Nmap scan report for 192.168.80.211
Host is up (0.00042s latency).

PORT    STATE SERVICE
443/tcp open  https
| ssl-ccs-injection:
|   VULNERABLE:
|   SSL/TLS MITM vulnerability (CCS Injection)
|     State: VULNERABLE
|     Risk factor: High
|       OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h
|       does not properly restrict processing of ChangeCipherSpec messages,
|       which allows man-in-the-middle attackers to trigger use of a zero
|       length master key in certain OpenSSL-to-OpenSSL communications, and
|       consequently hijack sessions or obtain sensitive information, via
|       a crafted TLS handshake, aka the "CCS Injection" vulnerability.
|
|     References:
|       http://www.openssl.org/news/secadv_20140605.txt
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
|_      http://www.cvedetails.com/cve/2014-0224

Nmap done: 1 IP address (1 host up) scanned in 0.26 seconds

客户端抓包:ssldump -i eth0：

...
10 2  0.0019 (0.0015)  S>C  Handshake
      ServerHello
        Version 3.1
        session_id[32]=
          b6 d5 f5 96 08 bc c0 6c 1c 31 5b df 34 11 e5 60
          d4 61 d1 da f1 c3 78 b4 d1 64 d3 df 00 48 e7 71
        cipherSuite         TLS_RSA_WITH_3DES_EDE_CBC_SHA
        compressionMethod                   NULL
10 3  0.0019 (0.0000)  S>C  Handshake
      Certificate
10 4  0.0019 (0.0000)  S>C  Handshake
      ServerHelloDone
10 5  0.0022 (0.0002)  C>S  ChangeCipherSpec
10 6  0.0426 (0.0404)  C>S  ChangeCipherSpec
10 7  0.0429 (0.0002)  S>C  Alert
    level           fatal
    value           decryption_failed
10    0.0430 (0.0001)  C>S  TCP FIN
10    0.0431 (0.0001)  S>C  TCP FIN

107行未检测到unexpected_message表明未修复该漏洞。

2.2 对自建不受攻击环境的检测

客户端执行nmap：

renz@ubuntuserver17:~$ nmap -p 443 --script ssl-ccs-injection 192.168.80.215

Starting Nmap 7.50 ( https://nmap.org ) at 2018-06-08 11:39 CST
Nmap scan report for 192.168.80.215
Host is up (0.00046s latency).

PORT    STATE SERVICE
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 0.22 seconds

客户端抓包：

78 2  0.0010 (0.0005)  S>C  Handshake
      ServerHello
        Version 3.3
        session_id[32]=
          57 bc 8c 2c ba 85 97 52 1f 0e 68 5c 56 c1 21 96
          88 db a6 b6 8c 4d b4 4b eb 36 e1 a7 b8 29 6d 57
        cipherSuite         TLS_RSA_WITH_AES_256_CBC_SHA
        compressionMethod                   NULL
78 3  0.0010 (0.0000)  S>C  Handshake
      Certificate
78 4  0.0010 (0.0000)  S>C  Handshake
      ServerHelloDone
78 5  0.0013 (0.0003)  C>S  ChangeCipherSpec
78 6  0.0016 (0.0002)  S>C  Alert
    level           fatal
    value           unexpected_message
78 7  0.0016 (0.0000)  C>S  ChangeCipherSpec
78    0.0016 (0.0000)  S>C  TCP FIN
78    0.0018 (0.0001)  C>S  TCP FIN

78行检测到unexpected_message表明已修复该漏洞。

3. 利用漏洞攻击

能力有限，虽然手头有易被攻击的环境，但仍没有什么可行的办法以己之矛攻己之盾。是不是说自己作为中间人，成功诱导c/s双方使用弱加密套件，自己这边穷举算出密钥的可能性就大了。
我果然最后都没能搞出。
看了以下几篇文章推荐给大家，如果有什么可行性高的办法请一定分享。
早期ChangeCipherSpec攻击
How I discovered CCS Injection Vulnerability (CVE-2014-0224)

3.1 使用1.0.1h之前版本的openssl进行ssl握手

进行这样一个测试，我觉得我需要两个ubuntu，作为服务端的ubuntu安装openssl-1.0.1g，并运行命令openssl s_server，客户端运行nmap。
或者通过gdb来运行openssl s_server来查看openssl如何接受ChangeCipherSpec。

handshark flow：

Client                                                Server

ClientHello                   -------->
                                                 ServerHello
                                                Certificate*
                                          ServerKeyExchange*
                                         CertificateRequest*
                              <--------      ServerHelloDone
Certificate*
ClientKeyExchange
CertificateVerify*
[ChangeCipherSpec]
Finished                      -------->
                                          [ChangeCipherSpec]
                              <--------             Finished
Application Data              <------->     Application Data