FS#76653 - MD4 missing in openssl config causing evil-winrm not to work
Attached to Project:
Arch Linux
Opened by Diogo F (DFKiller) - Thursday, 24 November 2022, 11:39 GMT
Last edited by Toolybird (Toolybird) - Thursday, 24 November 2022, 21:42 GMT
Opened by Diogo F (DFKiller) - Thursday, 24 November 2022, 11:39 GMT
Last edited by Toolybird (Toolybird) - Thursday, 24 November 2022, 21:42 GMT
|
Details
Description:
Unable to to run evil-winrm and winrm in arch due to MD4 missing in the openssl.cnf file Additional info: * package version(s) 3.0.7 * config and/or log files etc. * link to upstream bug report, if any https://github.com/BlackArch/blackarch/issues/3593 Steps to reproduce: evil-winrm -u Jareth -p sarah -i 10.10.79.152 Evil-WinRM shell v3.4 Info: Establishing connection to remote endpoint Error: An error of type OpenSSL::Digest::DigestError happened, message is Digest initialization failed: initialization error Error: Exiting with code 1 Issue has been fixed by adding the following to etc/ssl/openssl.cnf and under [openssl_init] providers = provider_sect [provider_sect] default = default_sect add: legacy = legacy_sect so it shows as [provider_sect] default = default_sect legacy = legacy_sect than search for [default_sect] #activate = 1 remove the # and under that line add [legacy_sect] activate = 1 save the file and evil-winrm will work again Cause of issue. openssl was missing md4 Please add these lines to the openssl.cnf file as winrm and evil-winrm is not working at all on nay arch distro |
This task depends upon
Closed by Toolybird (Toolybird)
Thursday, 24 November 2022, 21:42 GMT
Reason for closing: Won't fix
Additional comments about closing: See comments
Thursday, 24 November 2022, 21:42 GMT
Reason for closing: Won't fix
Additional comments about closing: See comments
The ruby openssl gem does not currently provide a method to load a provider [3] so the provider has to be loaded using OpenSSL's configuration file.
Assuming evil-winrm / winrm are not run set-user-ID or set-group-ID the environment variable the environment variable OPENSSL_CONF can be used to specify an alternate location for OpenSSL's config. This avoids changing the default configuration. The variable can in set in a script file that then calls the real executable.
[1] https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/464551a8-9fc4-428e-b3d3-bc5bfb2e73a5?redirectedfrom=MSDN
[2] https://github.com/macks/ruby-ntlm/blob/323ef447c04e130a31940fa6dabe96607677c22b/lib/ntlm/util.rb#L77
[3] https://github.com/ruby/openssl/issues/567