Metasploit-framework: TLV in reverse_tcp, is it strong? How i can decrypt it?
How can i decrypt TLV, can i get tlv key from memory in windows machine?
And can i decrypt it after "secure" command?
jecoliho
All 3 comments
If you dig into the code on either side of a live sessions you can obtain the key from process memory at certain points during the setup. On the other hand encrypted TLVs are a transparent layer like SSL and reading data after decryption by debugging existing tooling may be simpler if you are just looking to debug some data being transferred in a specific scenario.
If you are asking to decrypt live traffic or from a network packet log, I do not know of any specific tooling with the pattern already written however it would technically be possible to create a wireshark plugin that could decode and display TLV packet data if you retrieved the keys from the server and client sides of the conversation.
jmartin-r7
on 7 Oct 2019
After "secure" command keys are changed?
jecoliho
on 8 Oct 2019
After secure the encryption key is renegotiated. So you would need to capture each time it occurs.
jmartin-r7
on 8 Oct 2019
Related issues
bcoles
路
3Comments
fluit105
路
3Comments
bugshere
路
3Comments
wvu-r7
路
3Comments
miholtz
路
3Comments
Most helpful comment
If you dig into the code on either side of a live sessions you can obtain the key from process memory at certain points during the setup. On the other hand encrypted TLVs are a transparent layer like SSL and reading data after decryption by debugging existing tooling may be simpler if you are just looking to debug some data being transferred in a specific scenario.
If you are asking to decrypt live traffic or from a network packet log, I do not know of any specific tooling with the pattern already written however it would technically be possible to create a wireshark plugin that could decode and display TLV packet data if you retrieved the keys from the server and client sides of the conversation.