Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-0224 PoC — OpenSSL 加密问题漏洞

Source
https://github.com/droptables/ccs-eval
Associated Vulnerability
Title:OpenSSL 加密问题漏洞 (CVE-2014-0224)
Description:OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
Description
Used for evaluating hosts for CVE-2014-0224
Readme
Evaluates hosts for CVE-2014-0224 vulnerability
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

Usage:

>ccs-eval.py list-of-hosts.txt

-Takes in a list of hosts, line seperated. Checks the host for common SSL ports using 
nmap. Peforms PoC injection test supplied by RedHat (fake-client-early-ccs.pl). Writes 
results to "local-results-list-of-hosts.txt"
File Snapshot

 [4.0K]  /data/pocs/2bed6f46ecac4ee835a4ddd8fdc19d077dc0f8b8
├── [2.0K]  ccs-eval.py
├── [3.7K]  fake-client-early-ccs.pl
└── [ 371]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →