CVE-2014-0160 PoC — OpenSSL 缓冲区错误漏洞

Source

https://github.com/0x00-V/heartbleed-poc

Associated Vulnerability

Title:OpenSSL 缓冲区错误漏洞 (CVE-2014-0160)
Description:The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Description

Proof of concept for CVE-2014-0160 (OpenSSL 1.0.1 - Heartbleed)

Readme

# Heartbleed PoC

This repository contains a simple **Proof of Concept (PoC)** implementation to test for the Heartbleed vulnerability (CVE-2014-0160) on TLS/SSL servers.

---

## Overview

Heartbleed is a critical security bug in the OpenSSL library that allows attackers to read more data than intended from a server’s memory via crafted heartbeat requests. This PoC demonstrates how to trigger the vulnerability by:

- Sending a valid TLS Client Hello to initiate a handshake
- Sending a malicious heartbeat request with an incorrect payload length
- Receiving leaked memory data from the server if vulnerable

---

## Usage

Compile the code with a C++ compiler (Don't forget to change host string and port on line 41 and 42):

```bash
g++ -o heartbleed_poc exploit.c++
```
Run the code:
```bash
./heartbleed_poc
```

You can test this script here: https://tryhackme.com/room/heartbleed

File Snapshot


 [4.0K]  /data/pocs/a81da0314f2325296b042e7d09961fa37e3a95ce
├── [4.1K]  exploit.c++
└── [ 893]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!