Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-0160 PoC — OpenSSL 缓冲区错误漏洞

Source
https://github.com/indrajeetmp11/Heartbleed-PoC-Exploit-Script
Associated Vulnerability
Title:OpenSSL 缓冲区错误漏洞 (CVE-2014-0160)
Description:OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层(SSL v2/v3)和安全传输层(TLS v1)协议的通用加密库,它支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL的TLS和DTLS实现过程中的d1_both.c和t1_lib.c文件中存在安全漏洞,该漏洞源于当处理Heartbeat Extension数据包时,缺少边界检查。远程攻击者可借助特制的数据包利用该漏洞读取服务器内存中的敏感信息(如用户名、密码、Cookie、私钥等)。以下版本的OpenSSL受到
Description
This Python PoC script detects the Heartbleed vulnerability (CVE-2014-0160) by performing a TLS handshake with heartbeat extension and sending a crafted heartbeat request. It parses responses to identify leaked memory, helping assess server susceptibility to this critical OpenSSL flaw.
Readme
Heartbleed-PoC-Exploit-Script
This Python Proof-of-Concept (PoC) script detects the Heartbleed vulnerability (CVE-2014-0160) by performing a TLS handshake with the heartbeat extension and sending a crafted heartbeat request. It parses server responses to identify leaked memory, helping assess vulnerability to this critical OpenSSL flaw.

About
Heartbleed is a severe buffer over-read vulnerability in OpenSSL’s TLS heartbeat extension that allows attackers to read up to 64KB of server memory, potentially exposing private keys, passwords, and other sensitive data. This script simulates a heartbeat request that triggers the leak if the server is vulnerable.

Improvements and Fixes
Correct TLS record header parsing using proper struct unpacking for content type, version, and payload length.

Full handshake parsing implemented, detecting the ServerHelloDone message reliably within TLS records.

Use of select makes socket reading responsive and avoids blocking.

Added clean termination of heartbeat receive loop after detecting leakage once, preventing indefinite waits and repeated logs.

Parameterized TLS version to improve compatibility with various servers.

Comprehensive exception handling ensures resilience to socket errors, timeouts, and protocol anomalies.

Usage
Requirements
Python 3.x installed

Network access to the target TLS server

Running the Script
Clone the repository:

bash
git clone https://github.com/indrajeetmp11/Heartbleed-PoC-Exploit-Script.git
cd Heartbleed-PoC-Exploit-Script
Edit the target host and port in the script or modify heartbleed_poc() call in python3_heartbleed_poc.py.

Run the script:

bash
python3 python3_heartbleed_poc.py
Observe logs for vulnerability detection and leaked data in hex.

Important Notice
Use this tool only within legal scope and on systems you own or have explicit permission to test.

Heartbleed tests can trigger security alerts on protected networks.

This PoC is for educational and research purposes.

License
This project is licensed under the MIT License. See the LICENSE file for details.

References
CVE-2014-0160 (Heartbleed)

OpenSSL Heartbeat Extension (RFC 6520)

Heartbleed Official Page

This README provides a clear, professional presentation of your PoC, details its improvements, and guides users on how to run it responsibly. Let me know if you want me to help create or format any other documentation files!
File Snapshot

 [4.0K]  /data/pocs/141eca692ad30fb888ba3781498653d694a6ce5e
├── [1.0K]  LICENSE
├── [1.0K]  LICENSE (MIT License)
├── [6.2K]  python3 heartbleed_poc.py
└── [2.3K]  README.md

1 directory, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.