Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] ssl-date

From: Jacob Appelbaum <jacob () appelbaum net>
Date: Tue, 31 Jul 2012 09:10:13 +0000
Aleksandar Nikolic:

Hi all,

I've written a script that extracts the remote server's time from
ServerHello ssl reply.
First 4 bytes of server random are actually system time.


Original idea by Jacob Appelbaum and his TeaTime and tlsdate tools:
    - https://github.com/ioerror/TeaTime
    - https://github.com/ioerror/tlsdate

--
-- @output
-- PORT    STATE SERVICE REASON
-- 443/tcp open  https   syn-ack
-- |_ssl-date: Server time 2012-07-30 09:46:07 GMT; 0s from the local time.

The script can be used to detect wrongly set time, or even detect non
standard SSL implementations.


Thanks for the nod.

If you extend your module to deal with STARTTLS, you can probably tell
if all of the services on a box are using the same clock (and likely the
same host) or if it's a NAT port forwarding or a firewall or something else.

If you decide you want to write some STARTTLS code in C, I'd gladly take
some extensions to tlsdate proper. :)

All the best,
Jacob
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: