Nmap Development mailing list archives
Re: [NSE] ssl-date
From: Jacob Appelbaum <jacob () appelbaum net>
Date: Tue, 31 Jul 2012 09:10:13 +0000
Aleksandar Nikolic:
Hi all, I've written a script that extracts the remote server's time from ServerHello ssl reply. First 4 bytes of server random are actually system time. Original idea by Jacob Appelbaum and his TeaTime and tlsdate tools: - https://github.com/ioerror/TeaTime - https://github.com/ioerror/tlsdate -- -- @output -- PORT STATE SERVICE REASON -- 443/tcp open https syn-ack -- |_ssl-date: Server time 2012-07-30 09:46:07 GMT; 0s from the local time. The script can be used to detect wrongly set time, or even detect non standard SSL implementations.
Thanks for the nod. If you extend your module to deal with STARTTLS, you can probably tell if all of the services on a box are using the same clock (and likely the same host) or if it's a NAT port forwarding or a firewall or something else. If you decide you want to write some STARTTLS code in C, I'd gladly take some extensions to tlsdate proper. :) All the best, Jacob _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] ssl-date Aleksandar Nikolic (Jul 30)
- Re: [NSE] ssl-date Jacob Appelbaum (Jul 31)
- Re: [NSE] ssl-date David Fifield (Jul 31)
- Re: [NSE] ssl-date Aleksandar Nikolic (Jul 31)