三级等保过程中漏扫发现的漏洞
其中windows系统需要禁用des等加密算法,在网上搜到的解决办法,检查windows系统支持的密码套件
Windows server 2016之前版本微软并没有给出相应的powershell 命令来获取密码套件列表,但在msdn上给出了c++代码
同时微软官网也给到了检查windows系统支持的密码套件BCryptEnumContextFunctions 函数也给出了示例代码。
结合两个参考,编译生成。
#include <windows.h>
#include <stdio.h>
#include <Bcrypt.h>
#pragma comment(lib, "Bcrypt.lib")
#ifndef NT_SUCCESS
#define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)
#endif
NTSTATUS EnumContextFunctions()
{
NTSTATUS status;
ULONG uSize = 0;
PCRYPT_CONTEXTS pContexts = NULL;
// Get the contexts for the local machine.
// CNG will allocate the memory for us.
status = BCryptEnumContexts(CRYPT_LOCAL, &uSize, &pContexts);
if (NT_SUCCESS(status))
{
// Enumerate the context identifiers.
for (ULONG uContextIndex = 0;
uContextIndex < pContexts->cContexts;
uContextIndex++)
{
wprintf(L"Context functions for %s:\n",
pContexts->rgpszContexts[uContextIndex]);
// Get the functions for this context.
// CNG will allocate the memory for us.
PCRYPT_CONTEXT_FUNCTIONS pContextFunctions = NULL;
status = BCryptEnumContextFunctions(
CRYPT_LOCAL,
//pContexts->rgpszContexts[uContextIndex],
L"SSL",
NCRYPT_SCHANNEL_INTERFACE,
&uSize,
&pContextFunctions);
if (NT_SUCCESS(status))
{
// Enumerate the functions.
for (ULONG i = 0;
i < pContextFunctions->cFunctions;
i++)
{
wprintf(L"\t%s\n",
pContextFunctions->rgpszFunctions[i]);
}
// Free the context functions buffer.
BCryptFreeBuffer(pContextFunctions);
}
}
// Free the contexts buffer.
BCryptFreeBuffer(pContexts);
}
return status;
}
void RemoveCrypt(LPWSTR wszCipher)
{
NTSTATUS status = ERROR_SUCCESS;
//LPWSTR wszCipher = (L"TLS_PSK_WITH_NULL_SHA256");
status = BCryptRemoveContextFunction(
CRYPT_LOCAL,
L"SSL",
NCRYPT_SCHANNEL_INTERFACE,
wszCipher);
if (NT_SUCCESS(status))
{
wprintf(L"result of RemoveCrypt %s is success\n", wszCipher);
}
else
{
wprintf(L"result of RemoveCrypt %s is fail\n", wszCipher);
}
}
void AddCryptTOP(LPWSTR wszCipher)
{
NTSTATUS status = ERROR_SUCCESS;
//LPWSTR wszCipher = (L “RSA_EXPORT1024_DES_CBC_SHA”);
status = BCryptAddContextFunction(
CRYPT_LOCAL,
L"SSL",
NCRYPT_SCHANNEL_INTERFACE,
wszCipher,
CRYPT_PRIORITY_TOP);
if (NT_SUCCESS(status))
{
wprintf(L"result of AddCrypt %s is success\n", wszCipher);
}
else
{
wprintf(L"result of AddCrypt %s is fail\n", wszCipher);
}
}
void AddCryptBOTTOM(LPWSTR wszCipher)
{
NTSTATUS status = ERROR_SUCCESS;
//LPWSTR wszCipher = (L “RSA_EXPORT1024_DES_CBC_SHA”);
status = BCryptAddContextFunction(
CRYPT_LOCAL,
L"SSL",
NCRYPT_SCHANNEL_INTERFACE,
wszCipher,
CRYPT_PRIORITY_BOTTOM);
if (NT_SUCCESS(status))
{
wprintf(L"result of AddCrypt %s is success\n", wszCipher);
}
else
{
wprintf(L"result of AddCrypt %s is fail\n", wszCipher);
}
}
LPWSTR ConvertCharToLPWSTR(char* szString)
{
int dwLen = strlen(szString) + 1;
int nwLen = MultiByteToWideChar(CP_ACP, 0, szString, dwLen, NULL, 0);//算出合适的长度
LPWSTR lpszPath = new WCHAR[dwLen];
MultiByteToWideChar(CP_ACP, 0, szString, dwLen, lpszPath, nwLen);
return lpszPath;
}
int main(int argc, char** argv)
{
if (strcmp(argv[1],"getLists")==0){
EnumContextFunctions();
return 0;
}
if (strcmp(argv[1],"remove") == 0){
RemoveCrypt(ConvertCharToLPWSTR(argv[2]));
return 0;
}
if (strcmp(argv[1],"addTop") == 0){
AddCryptTOP(ConvertCharToLPWSTR(argv[2]));
return 0;
}
if (strcmp(argv[1], "addBottom") == 0){
AddCryptBOTTOM(ConvertCharToLPWSTR(argv[2]));
return 0;
}
}
在cmd或者powershell中执行,检查windows系统支持的密码套件
Get-TlsCipherSuite.exe getLists
删除密码套件 Get-TlsCipherSuite.exe remove 【套件名称】
添加某个密码套件到优先底部 Get-TlsCipherSuite.exe addBottom 【套件名称】
添加某个密码套件到优先顶部 Get-TlsCipherSuite.exe addTop 【套件名称】
window2012版本的TlsCipherSuite执行代码下载