bvstone

The Brute Force SSL Server Request-inator (tm) - Version 2.0

Posted:

The Brute Force SSL Server Request-inator (tm) - Version 2.0

If you read my previous article about having issues with Microsoft's email servers (both SMTP and API) you may know what this is about.  If not, feel free to read the article here:

My Frustrating 3 Day Journey With Microsoft, Their Cloud Servers and SSL Certificates

But, of course, ignore the code.  Why?  Because this is an update to that code which makes things a lot nicer, easier, and automatic.

We had one customer say that even after applying all of the Certificate Authorities every now and then they were still getting the RC(-23) error.  Well, if this is true, that this means WAR!  (well, not really).

Anyhow, the first thing is mostly the same.  The call to openSSL to retrieve the certificates from Microsoft's servers is as follows:

openssl.bat

for /f "skip=1" %%x in ('wmic os get localdatetime') do if not defined mydate set mydate=%%x

cd "c:\my programs\openssl\v1.0.2d\"
openssl s_client -connect smtp.office365.com:587 -starttls smtp > "\\goliath\IFS\tmp\cas\%mydate%certfile.txt" 

You'll see that the change is we are outputting the Certificate to a folder in the IFS of my Power8 i5 (named goliath... well, it's relative compared to my 515 machine... haha!)

Next, we create the batch file to run the openssl.bat batch file continuously every 5 minutes.  With some testing and updating we were able to get this to work cleaner as well:

runit.bat

@echo off
:start
start /min "openssl" "c:\temp\openssl.bat"
timeout 5
taskkill /fi "windowtitle eq openssl*"
goto start

Before when we were running this we had an annoying DOS window popping up every 5 minutes and making doing anything else impossible.  With some research (it's been YEARS since I've done anything in DOS) we were able to get this to function exactly how we wanted to... in the background!

Now, the biggest change comes with the RPG program we created.  Before it would only test against one certificate.  But now, we have it set up to test against two certificates (the two that we have found so far).  Adding a test for a third or fourth certificate will be super easy since we're using ILE and the program isn't so much of a "quick and dirty" program anymore.

COMPCA2

     H DFTACTGRP(*NO) BNDDIR('BVSTOOLS')
      ****************************************************************
      * Other Prototypes
      ****************************************************************
      /COPY QCOPYSRC,P.IFS
      /COPY QCOPYSRC,P.IFSSTD
      /COPY QCOPYSRC,P.SNDPM
      /COPY QCOPYSRC,P.MAILTOOL
      *
     D getData...
     D                 PR            10i 0
     D  in_file                    1024    Const
     D  out_data                  65535
      *
      *
     D #QCmdExc        PR                  ExtPgm('QCMDEXC')
     D  Cmd                       32000    Const
     D  CmdLen                       15  5 Const
      *
     D beginString     C                   CONST('-----BEGIN CERTIFICATE-----')
     D endString       C                   CONST('-----END CERTIFICATE-----')
     D dir@            S               *
     D data1           S          66535
     D data2           S          66535
     D data3           S          66535
     D data4           S          66535
     D testData        S          66535
     D rc              S             10i 0
     D match1          S             10i 0
     D match2          S             10i 0
     D match3          S             10i 0
     D match4          S             10i 0
     D dontMatch       S             10i 0
     D UD_NAME         S            256
     D TempFullName    S            256
     D fileType        S                   LIKE(st_objtype)
      *
     D QCmdCmd         S           1024    INZ
     D QCmdLength      S             15  5 INZ(%size(QCmdCmd))
      *
     D ErrMsg          S            256    INZ
     D delteFile       S               N   INZ
      *--------------------------------------------------------------*
      /free

       rc = getData('/tmp/ca1.txt':data1);

       if (data1 = ' ');
         #sndpm('No data1 to compare!':'D');
         EXSR $Return;
       endif;

       rc = getData('/tmp/ca2.txt':data2);

       if (data2 = ' ');
         #sndpm('No data2 to compare!':'D');
         EXSR $Return;
       endif;

       //rc = getData('/tmp/ca3.txt':data3);

       //if (data3 = ' ');
       //  #sndpm('No data3 to compare!':'D');
       //  EXSR $Return;
       //endif;

       //rc = getData('/tmp/ca4.txt':data4);

       //if (data4 = ' ');
        // #sndpm('No data4 to compare!':'D');
        // EXSR $Return;
       //endif;

       dir@ = opendir('/tmp/cas');

       if (dir@ = *NULL);
         #sndpm('Directory /tmp/css not found.':'D');
         EXSR $Return;
       endif;

       p_dirent = readdir(dir@);

       dow (p_dirent <> *NULL);
         // %subst(d_name:1:d_namelen) = filename
         UD_NAME = %subst(d_name:1:d_namelen);

         TempFullName = '/tmp/cas/' + UD_NAME;
         fileType = #stmf_getAtt(TempFullName:'type');

         if  (fileType = '*STMF');
           rc = getData(%trim(TempFullName):testData);

           if (testData <> ' ');

             select;
             when (data1 = testData);
               match1 += 1;
             when (data2 = testData);
               match2 += 1;
          // when (data3 = testData);
          //   match3 += 1;
          // when (data4 = testData);
          //   match4 += 1;
             other;
               dontMatch+=1;
               #SndPM('File ' +  %trimr(TempFullName) +
                      ' is DIFFERENT!':'D');
               QCmdCmd = 'CPY OBJ(''' +
                         %trim(TempFullName) +
                         ''') TODIR(''/tmp/cas/different'')';
               callp(e) #QCmdExc(QCmdCmd:%len(%trimr(QCmdCmd)));

               if (#mailtool_init() >= 0);
                 rc = #mailtool_setValue('configuration_file':
                        '/bvstools/bvstone_mailtool.json');
                 rc = #mailtool_loadDefaults();
                 rc = #mailtool_addTORecipient('bvstone@bvstools.com');
                 rc = #mailtool_setValue('subject':'Found Different CA!');
                 rc = #mailtool_setValue('message':'File ' +
                      %trim(TempFullName) +
                      ' is different and copied to ../different subfolder.');
                 rc = #mailtool_sendMail(errMsg);
               endif;

             endsl;

             QCmdCmd = 'RMVLNK OBJLNK(''' +
                       %trim(TempFullName) +
                         ''')';
             callp(e) #QCmdExc(QCmdCmd:%len(%trimr(QCmdCmd)));
           endif; // testdata <> ' '

         endif; // filetype = *STMF

         p_dirent = readdir(dir@);
       enddo;

       closedir(dir@);
       #SndPM('Match1:' + %char(match1) +
              ' - Match2:' + %char(match2) +
          //  ' - Match3:' + %char(match3) +
          //  ' - Match4:' + %char(match4) +
              ' - Not:' + %char(dontMatch):'C');

       exsr $Return;

       //****************************************************************
       // Return
       //*****************************************************************
       BegSr $Return;

         *INLR = *ON;
         return;

       EndSr;
      *//////////////////////////////////////////////////////////////*
      * getData - Get Data                                           *
      *//////////////////////////////////////////////////////////////*
     P getData         B                   EXPORT
      *--------------------------------------------------------------*
     D getData         PI            10i 0
     D  in_file                    1024    Const
     D  out_data                  65535
      *
     D fd1             S             10i 0
     D x               S             10i 0
     D y               S             10i 0
      *--------------------------------------------------------------*
      /free

       fd1 = #openStmf(%trim(in_file));

       if (fd1 >= 0);
         rc = #readStmf(fd1:%addr(out_data):%size(out_data));
       endif;

       if (rc < 0);
         out_data = ' ';
         return -1;
       endif;

       x = %scan(beginString:out_data);

       if (x <=  0);
         out_data = ' ';
         return -1;
       endif;

       y = %scan(endString:out_data);

       if (y <= x);
         out_data = ' ';
         return -1;
       endif;

       out_data = %subst(out_data:x:y-x);

       #closeStmf(fd1);

       return %len(%trimr(out_data));

      /end-free
      *--------------------------------------------------------------*
     P getData         E

So, what did we change?  

First, we added the getData() local subprocedure.  This is used to load a variable with the contents of a certificate file in the IFS (which is passed as a parameter into the subprocedure) and strip out everything between the BEGIN CERTIFICATE and END CERTIFICATE tags.

Right now we're only loading 2 variables. 

Next, spin through all the files in the /tmp/cas subdirectory and compare it with both the certificates we already have loaded in memory.

If we find a difference, we copy it to /tmp/cas/different and send an email to myself using MAILTOOL so that I don't have to sit and watch the program run.  When I get the email, I know I can just go and see what we have.

If we find a difference or not, we then remove the file from the IFS so it won't be processed again. 

Sort of like fishing, eh?

Finally, our last program is a simple CL that calls the COMPCA2 program every 10 minutes.

COMPCA2CL

             PGM
LOOP:
             CALL       PGM(COMPCA2)
             DLYJOB     DLY(600)
             GOTO       CMDLBL(LOOP)

             ENDPGM

With the DOS batch program running every 5 seconds to grab the CAs from the servers and COMPCA2 running every 10 minutes hopefully we will find out one way or another what's going on with Microsoft's SMTP server and their certificates.  Hopefully before Microsoft bans our IP address since this may look like a DoS attack.


Last edited 01/10/2017 at 18:28:15



Latest Posts:

BVSTools is Now Running V7R4M0 BVSTools is Now Running V7R4M0
Posted by September 28, 2019
BVSTools >> BVSTools Announcements
GreenTools for G Suite (G4G) Now Includes Send Mail Functionality (G4GSMAIL Addon) GreenTools for G Suite (G4G) Now Includes Send Mail Functionality (G4GSMAIL Addon)
Posted by August 27, 2019
BVSTools >> BVSTools Announcements >> GreenTools for G Suite (Google Apps) (G4G) Specific Announcements
GreenTools For G Suite (G4G) v12.00 Released With Base OAuth 2.0 Functionality GreenTools For G Suite (G4G) v12.00 Released With Base OAuth 2.0 Functionality
Posted by July 28, 2019
BVSTools >> BVSTools Announcements >> GreenTools for G Suite (Google Apps) (G4G) Specific Announcements
BVSTools Small Price Increase in 2020 BVSTools Small Price Increase in 2020
Posted by July 26, 2019
BVSTools >> BVSTools Announcements
GreenTools for Vertex Cloud (VTXCLOUD) Now Available GreenTools for Vertex Cloud (VTXCLOUD) Now Available
Posted by July 22, 2019
BVSTools >> BVSTools Announcements >> GreenTools for Vertex Cloud (VTXCLOUD) Specific Announcements
GreenTools for Google Apps (G4G) - Drive Addon Successfully Verified by Google GreenTools for Google Apps (G4G) - Drive Addon Successfully Verified by Google
Posted by July 22, 2019
BVSTools >> BVSTools Announcements >> GreenTools for G Suite (Google Apps) (G4G) Specific Announcements
Why I Cancelled my DynDNS Service and How I Replaced It with an IBM i Application Why I Cancelled my DynDNS Service and How I Replaced It with an IBM i Application
Posted by July 17, 2019
IBM Power Systems >> (QGPL) IBM i
Green Tools for G Suite (G4G) Product Updates (Licensing, Functionality, Base Product) Green Tools for G Suite (G4G) Product Updates (Licensing, Functionality, Base Product)
Posted by July 13, 2019
BVSTools >> BVSTools Announcements >> GreenTools for G Suite (Google Apps) (G4G) Specific Announcements
Reading JSON Data from Standard Input With YAJL and RPG Reading JSON Data from Standard Input With YAJL and RPG
Posted by July 12, 2019
Programming >> Proof of Concept (POC)
MAILTOOL Updated to Allow Use of IBM Global Security Kit (GSKIT) for SSL/TLS Communications MAILTOOL Updated to Allow Use of IBM Global Security Kit (GSKIT) for SSL/TLS Communications
Posted by June 19, 2019
BVSTools >> BVSTools Announcements >> eMail Tool (MAILTOOL) Specific Announcements
GETURI v10.00 Released Supporting IBM Global Security Kit (GSKIT) and Server Name Indication (SNI) GETURI v10.00 Released Supporting IBM Global Security Kit (GSKIT) and Server Name Indication (SNI)
Posted by June 11, 2019
BVSTools >> BVSTools Announcements >> Get URI (GETURI) Specific Announcements
BVSTools Now Offers Vertex Cloud Interface BVSTools Now Offers Vertex Cloud Interface
Posted by April 15, 2019
BVSTools >> BVSTools Announcements
Token Has an Invalid Signature Error for Office 365 Email Token Has an Invalid Signature Error for Office 365 Email
Posted by March 22, 2019
BVSTools >> BVSTools Software Discussion >> GreenTools for Microsoft Apps (G4MS) Specific Discussion
Resending Emails that have Errored Out with Updated Router or Authentication Information Resending Emails that have Errored Out with Updated Router or Authentication Information
Posted by March 1, 2019
BVSTools >> BVSTools Software Discussion >> Email Tools (MAILTOOL) Specific Discussion
BVSTools Offers Toolset to Work With HubSpot OAuth 2.0 APIs On Your IBM i BVSTools Offers Toolset to Work With HubSpot OAuth 2.0 APIs On Your IBM i
Posted by January 27, 2019
BVSTools >> BVSTools Announcements

Reply




Copyright 1983-2019 BVSTools
GreenBoard(v3) Powered by the eRPG SDK, MAILTOOL Plus!, GreenTools for Google Apps, jQuery, jQuery UI, BlockUI, CKEditor and running on the IBM i (AKA AS/400, iSeries, System i).