pich4ya · May 7, 2024 02:53 · dextermallo · May 7, 2024
diff --git a/openssl3_no_md4.txt b/openssl3_no_md4.txt
 # @author Pichaya Morimoto ([email protected])

 # gem install evil-winrm
 # evil-winrm -u "${user}" -p "${pass}"  -i "${ip}"

 Evil-WinRM shell v3.4

 Info: Establishing connection to remote endpoint

 Error: An error of type OpenSSL::Digest::DigestError happened, message is Digest initialization failed: initialization error

 Error: Exiting with code 1

 # Root cause:
 OpenSSL 3.0 has retired a number of algorithms including MD4 function, which was used in evil-winrm.

 In Linux, we can configure the file /etc/ssl/openssl.cnf.

 ```bash
 [provider_sect]
 default = default_sect
 legacy = legacy_sect

 [default_sect]
 activate = 1

 [legacy_sect]
 activate = 1
 ```

 However, this seems not working with our case. Maybe because macOS/Ruby is using LibreSSL by default.

 # Solution:
 So, we will compile ruby with the old openssl 1.1 instead.
 I intentionally select the ruby version 3.1.2 to match with the Kali Linux at the time of writing this.

 brew install rbenv ruby-build [email protected]
 echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.zshrc
 echo 'eval "$(rbenv init -)"' >> ~/.zshrc
 source ~/.zshrc

 LDFLAGS="-L/opt/homebrew/opt/capstone/lib" CPPFLAGS="-I/opt/homebrew/opt/capstone/include" RUBY_CONFIGURE_OPTS="--with-openssl-dir=$(brew --prefix [email protected])" rbenv install 3.1.2

 rbenv global 3.1.2
 gem install evil-winrm

 # and it works !
 evil-winrm -u "${user}" -p "${pass}"  -i "${ip}"

 Evil-WinRM shell v3.4

 Info: Establishing connection to remote endpoint

 *Evil-WinRM* PS C:\Users\user\Documents>



 Note:

 I also tested with RUBY_CONFIGURE_OPTS="--with-openssl-dir=$(brew --prefix openssl@3)"
 in order to allow the MD4 algorithm in the /opt/homebrew/etc/openssl@3/openssl.cnf file
 along with getting the new openssl (1.1 > 3) but it failed to build :(
	# @author Pichaya Morimoto ([email protected])

	# gem install evil-winrm
	# evil-winrm -u "${user}" -p "${pass}" -i "${ip}"

	Evil-WinRM shell v3.4

	Info: Establishing connection to remote endpoint

	Error: An error of type OpenSSL::Digest::DigestError happened, message is Digest initialization failed: initialization error

	Error: Exiting with code 1

	# Root cause:
	OpenSSL 3.0 has retired a number of algorithms including MD4 function, which was used in evil-winrm.

	In Linux, we can configure the file /etc/ssl/openssl.cnf.

	```bash
	[provider_sect]
	default = default_sect
	legacy = legacy_sect

	[default_sect]
	activate = 1

	[legacy_sect]
	activate = 1
	```

	However, this seems not working with our case. Maybe because macOS/Ruby is using LibreSSL by default.

	# Solution:
	So, we will compile ruby with the old openssl 1.1 instead.
	I intentionally select the ruby version 3.1.2 to match with the Kali Linux at the time of writing this.

	brew install rbenv ruby-build [email protected]
	echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.zshrc
	echo 'eval "$(rbenv init -)"' >> ~/.zshrc
	source ~/.zshrc

	LDFLAGS="-L/opt/homebrew/opt/capstone/lib" CPPFLAGS="-I/opt/homebrew/opt/capstone/include" RUBY_CONFIGURE_OPTS="--with-openssl-dir=$(brew --prefix [email protected])" rbenv install 3.1.2

	rbenv global 3.1.2
	gem install evil-winrm

	# and it works !
	evil-winrm -u "${user}" -p "${pass}" -i "${ip}"

	Evil-WinRM shell v3.4

	Info: Establishing connection to remote endpoint

	Evil-WinRM PS C:\Users\user\Documents>



	Note:

	I also tested with RUBY_CONFIGURE_OPTS="--with-openssl-dir=$(brew --prefix openssl@3)"
	in order to allow the MD4 algorithm in the /opt/homebrew/etc/openssl@3/openssl.cnf file
	along with getting the new openssl (1.1 > 3) but it failed to build :(