CVE-2014-0160 PoC — OpenSSL 缓冲区错误漏洞

Source

Associated Vulnerability

Description

Heartbleed variants

Readme

# CVE-2014-0160

## Links
https://github.com/DisK0nn3cT/MaltegoHeartbleed

https://github.com/a0726h77/heartbleed-test

https://github.com/musalbas/heartbleed-masstest

https://github.com/decal/ssltest-stls

https://github.com/isgroup-srl/openmagic

https://github.com/offensive-python/HeartLeak


## Nmap
nmap -sV -PS443 --open --script=ssl-heartbleed -iR 0


## Cisco & DD-WRT

http://security.stackexchange.com/questions/55085/heartbleed-and-routers-asas-other

## PoC

A checker (site and tool) for CVE-2014-0160: https://github.com/FiloSottile/Heartbleed
ssltest.py: Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford http://pastebin.com/WmxzjkXJ

SSL Server Test https://www.ssllabs.com/ssltest/index.html

Metasploit Module: https://github.com/rapid7/metasploit-framework/pull/3206/files

Nmap NSE script: Detects whether a server is vulnerable to the OpenSSL Heartbleed: https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse

Nmap NSE script: Quick'n'Dirty OpenVAS nasl wrapper for ssl_heartbleed based on ssl_cert_expiry.nas https://gist.github.com/RealRancor/10140249

Heartbleeder: Tests your servers for OpenSSL: https://github.com/titanous/heartbleeder?files=1

Heartbleed Attack POC and Mass Scanner: https://bitbucket.org/fb1h2s/cve-2014-0160

Heartbleed Honeypot Script: http://packetstormsecurity.com/files/126068/hb_honeypot.pl.txt

## Pacamaker

https://github.com/Lekensteyn/pacemaker



# Pacemaker


# Pacemaker
Attempts to abuse OpenSSL *clients* that are vulnerable to [Heartbleed][0]
([CVE-2014-0160][1]). Compatible with Python 2 and 3.

## Am I vulnerable?
Run the server:

    python pacemaker.py

In your client, open https://localhost:4433/ (replace the hostname if needed).
For example:

    curl https://localhost:4433/

The client will always fail to connect:

    curl: (35) Unknown SSL protocol error in connection to localhost:4433

If you are not vulnerable, the server outputs something like:

    Connection from: 127.0.0.1:40736
    Possibly not vulnerable

If you *are* vulnerable, you will see something like:

    Connection from: 127.0.0.1:40738
    Client returned 65535 (0xffff) bytes
    0000: 18 03 03 40 00 02 ff ff 2d 03 03 52 34 c6 6d 86  ...@....-..R4.m.
    0010: 8d e8 40 97 da ee 7e 21 c4 1d 2e 9f e9 60 5f 05  ..@...~!.....`_.
    0020: b0 ce af 7e b7 95 8c 33 42 3f d5 00 c0 30 00 00  ...~...3B?...0..
    0030: 05 00 0f 00 01 01 00 00 00 00 00 00 00 00 00 00  ................
    0040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    *
    4000: 00 00 00 00 00 18 03 03 40 00 00 00 00 00 00 00  ........@.......
    8000: 00 00 00 00 00 00 00 00 00 00 18 03 03 40 00 00  .............@..
    ...
    e440: 1d 2e 9f e9 60 5f 05 b0 ce af 7e b7 95 8c 33 42  ....`_....~...3B
    e450: 3f d5 00 c0 30 00 00 05 00 0f 00 01 01 00 00 00  ?...0...........
    fff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00     ...............


Subsequent lines full of NUL bytes are folded into one with an `*` thereafter
(like the `xxd` tool).

An example where more "interesting" memory gets leaked using
`wget -O /dev/null https://google.com https://localhost:4433`:

    Connection from: 127.0.0.1:41914
    Client returned 65535 (0xffff) bytes
    0000: 18 03 03 40 00 02 ff ff 2d 03 03 52 34 c6 6d 86  ...@....-..R4.m.
    0010: 8d e8 40 97 da ee 7e 21 c4 1d 2e 9f e9 60 5f 05  ..@...~!.....`_.
    0020: b0 ce af 7e b7 95 8c 33 42 3f d5 00 c0 30 00 00  ...~...3B?...0..
    0030: 05 00 0f 00 01 01 65 0d 0a 43 6f 6e 74 65 6e 74  ......e..Content
    0040: 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c  -Type: text/html
    0050: 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d  ; charset=UTF-8.
    ...
    0b50: 01 05 05 07 02 01 16 2d 68 74 74 70 73 3a 2f 2f  .......-https://
    0b60: 77 77 77 2e 67 65 6f 74 72 75 73 74 2e 63 6f 6d  www.geotrust.com
    0b70: 2f 72 65 73 6f 75 72 63 65 73 2f 72 65 70 6f 73  /resources/repos
    0b80: 69 74 6f 72 79 30 0d 06 09 2a 86 48 86 f7 0d 01  itory0...*.H....
    0b90: 01 05 05 00 03 81 81 00 76 e1 12 6e 4e 4b 16 12  ........v..nNK..
    0ba0: 86 30 06 b2 81 08 cf f0 08 c7 c7 71 7e 66 ee c2  .0.........q~f..
    0bb0: ed d4 3b 1f ff f0 f0 c8 4e d6 43 38 b0 b9 30 7d  ..;.....N.C8..0}
    0bc0: 18 d0 55 83 a2 6a cb 36 11 9c e8 48 66 a3 6d 7f  ..U..j.6...Hf.m.
    0bd0: b8 13 d4 47 fe 8b 5a 5c 73 fc ae d9 1b 32 19 38  ...G..Z\s....2.8
    0be0: ab 97 34 14 aa 96 d2 eb a3 1c 14 08 49 b6 bb e5  ..4.........I...
    0bf0: 91 ef 83 36 eb 1d 56 6f ca da bc 73 63 90 e4 7f  ...6..Vo...sc...
    0c00: 7b 3e 22 cb 3d 07 ed 5f 38 74 9c e3 03 50 4e a1  {>".=.._8t...PN.
    0c10: af 98 ee 61 f2 84 3f 12 00 00 00 00 00 00 00 00  ...a..?.........
    0c20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    *
    4000: 00 00 00 00 00 18 03 03 40 00 00 00 00 00 00 00  ........@.......
    ...
    ffd0: 00 00 00 00 5c d3 3c 02 00 00 00 00 49 53 4f 36  ....\.<.....ISO6
    ffe0: 34 36 2d 53 45 2f 2f 00 53 45 4e 5f 38 35 30 32  46-SE//.SEN_8502
    fff0: 30 30 5f 42 2f 2f 00 00 00 00 00 00 00 00 00     00_B//.........

## Advanced usage
Run `./pacemaker.py -h` for more options. The most important options are
probably `-t` (`--timeout`) and `-x` (`--count`). The default timeout is 3
seconds which should be enough for most clients to respond (unless there is a
satellite link or something).

Example to be more patient per heartbeat (5 seconds) and acquire four heartbeat
responses:

    ./pacemaker.py -t 5 -x 4

In theory, the heartbeats can take twenty seconds now, but in practice you will
get responses much faster.

## Tested clients
The following clients have been tested against OpenSSL 1.0.1f on Arch Linux and
leaked memory before the handshake:

 - MariaDB 5.5.36
 - wget 1.15 (leaks memory of earlier connections and own state)
 - curl 7.36.0 (https, FTP/IMAP/POP3/SMTP with --ftp-ssl)
 - git 1.9.1 (tested clone / push, leaks not much)
 - nginx 1.4.7 (in proxy mode, leaks memory of previous requests)
 - links 2.8 (leaks contents of previous visits!)
 - KDE 4.12.4 (kioclient, Dolphin, tested https and ftps with kde4-ftps-kio)
 - Exim 4.82 (outgoing SMTP)

links is a great example that demonstrates the effect of this bug on clients. It
is a text-based browser that leaks details including headers (cookies,
authorization tokens) and page contents.

# ssltest.py
This repository also contains a working version that targets servers. ssltest.py
was created by Jared Stafford (<jspenguin@jspenguin.org>), all due credits are
to him! It was retrieved from http://s3.jspenguin.org/ssltest.py.

At the moment, the script is only compatible with Python 2.

  [0]: http://heartbleed.com/
  [1]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
  
## Links

https://www.nccgroup.com/en/blog/2014/04/heartbleed-openssl-vulnerability/
https://www.mattslifebytes.com/?p=533
https://gist.github.com/takeshixx/10107280
https://github.com/FiloSottile/Heartbleed
http://www.reddit.com/r/netsec/comments/22huui/python_heartbleed_cve20140160_proof_of_concept/

http://lab.onsec.ru/2014/04/memory-dumper-based-on-cve-2014-0160.html

File Snapshot

 [4.0K]  /data/pocs/a265c00d3e5b2163b1fd8e8efa4f25c219f5d889
├── [3.5K]  fox_heartbleedtest.py
├── [1.9K]  hb_honeypot.pl
├── [4.7K]  hb-test.py
├── [4.3K]  Heartbeat_scanner.py
├── [6.1K]  heartbleed-altered.py
├── [ 15K]  heartbleed.c
├── [4.5K]  heartdestroy.py
├── [8.0K]  HeartLeak.py
├── [4.2K]  maltego_heartbleedtest.py
├── [ 11K]  pacemaker.py
├── [6.9K]  README.md
├── [7.9K]  sslreaper.py
├── [4.4K]  ssltest.py
└── [4.9K]  ssltest-stls.py

0 directories, 14 files

Remarks