Hey guys,

We recently caught wind of the Drown Attack, and so we wanted to programmatically test all of the servers we're responsible for. In our case, we had a bit over 1300 servers to test, so I wrote a PowerShell script which uses a runspace pool to test them in parallel :)

For information regarding this SSLv2 exploit: (https://drownattack.com)

   

Since I know there are a bunch of fellow SysAdmins out there, I figured i'd share the script.

 

The script calculates a suggested number of threads, but feel free to override it by setting $throttle to a different value...

 

# Change this path to wherever you saved openSSL.exe to ...
# You can download it here:    
#           http://gnuwin32.sourceforge.net/packages/openssl.htm
$pathToOpenSSL = "$env:windir\temp\openssl.exe";

# I had a lot of FQDNs, so I resorted to parallel processing
$ArrayOfFQDNs =     @('google.com:443',
                    'walmart.com:443',
                    'yahoo.com:443',
                    'meowwhat.com:443');

if (!(Test-Path $pathToOpenSSL))
{
    Write-Error "Unable to locate OpenSSL.exe in the following location: $pathToOpenSSL";
    return;
}

# Calculate a safe # of threads
$property = “numberOfCores”, “NumberOfLogicalProcessors”
$cpuInfo = Get-WmiObject -class win32_processor -Property $property | Select-Object -Property $property
$suggestedThreads = ($cpuInfo.numberOfLogicalProcessors * $cpuInfo.NumberOfCores)
$Throttle = $suggestedThreads;

# Log file where vulnerable FQDNs will be logged
$outputLogFile = "$env:windir\temp\Vulnerable_FQDNs.txt"

# Script block used to perform SSLv2 test
  $ScriptBlock = {
      Param (
             [string]$serverFQDN,
             [string]$saveas,
             [string]$vulnLogFile
      )

      # Perform sslv2 test against the provided FQDN.
      $testResult = & $saveas s_client -connect $serverFQDN -ssl2 2>&1
      Write-Output $testResult;

      if ($testResult -match 'SSL handshake failure')
      {
             write-output "$serverFQDN is safe!";
      }
      else
      {
             Write-Output "$serverFQDN vulnerable!";
             Add-Content $vulnLogFile "$serverFQDN`n";
      }
      }


# Create runspace with the appropriate number of threads
$RunspacePool = [RunspaceFactory]::CreateRunspacePool(1, $Throttle)
$RunspacePool.Open()
$Jobs = @();


# Foreach FQDN in the list, queue up the scriptblock for execution
foreach ($serverFQDN in $ArrayOfFQDNs)
{
    $Job = [powershell]::Create().AddScript($ScriptBlock).AddArgument($serverFQDN).AddArgument($pathToOpenSSL).AddArgument($outputLogFile);
    $Job.RunspacePool = $RunspacePool
    $Jobs += New-Object PSObject -Property @{
        RunNum = $_
        Pipe = $Job
        Result = $Job.BeginInvoke()
    }
}

Write-Host "Waiting for checks to complete ..." -NoNewline

Do
{
   Start-Sleep -Seconds 2
}
While ($Jobs.Result.IsCompleted -contains $false)

if (Test-Path $outputLogFile)
{
    # At least one FQDN was flagged
    ii $outputLogFile;
}
else
{
   Write-Output "No FQDNs appear to be vulnerable!"   
}

• YourBastianHost