POC详情: 23ee15d55b13765f5facc55fdf80a83ac2a52361

来源
https://github.com/c0r0n3r/dheater
关联漏洞
标题: Diffie-Hellman Key Agreement Protocol 资源管理错误漏洞 (CVE-2002-20001)
描述:Diffie-Hellman Key Agreement Protocol是一种密钥协商协议。它最初在 Diffie 和 Hellman 关于公钥密码学的开创性论文中有所描述。该密钥协商协议允许 Alice 和 Bob 交换公钥值,并根据这些值和他们自己对应的私钥的知识,安全地计算共享密钥K,从而实现进一步的安全通信。仅知道交换的公钥值,窃听者无法计算共享密钥。 Diffie-Hellman Key Agreement Protocol 存在资源管理错误漏洞,远程攻击者可以发送实际上不是公钥的任意数字,并
描述
D(HE)ater is a proof of concept implementation of the D(HE)at  attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange. (read-only clone of the original GitLab project)
介绍
# D(HE)ater

D(HE)ater is the proof-of-concept implementation of the D(HE)at attack ([CVE-2002-20001](
https://nvd.nist.gov/vuln/detail/CVE-2002-20001)). For further information about the attack visit the
[project page](https://dheatattack.gitlab.io/dheater) or read the [full technical paper](
https://ieeexplore.ieee.org/document/10374117) on [IEEE Access](https://ieeeaccess.ieee.org/).

## License

The code is available under the terms of Apache License Version 2.0. 
A non-comprehensive, but straightforward description and also the full license text can be found at 
[Choose an open source license](https://choosealicense.com/licenses/apache-2.0/) website.

## Credits

D(HE)ater uses [CryptoLyzer](https://gitlab.com/coroner/cryptolyzer) to check DHE support of TLS/SSH
services and also to generate the traffic necessary to perform D(HE)at attack.
文件快照

 [4.0K]  /data/pocs/23ee15d55b13765f5facc55fdf80a83ac2a52361
├── [4.0K]  data
│   ├── [ 429]  dhparam-ffdhe-2048-openssl-225.pem
│   ├── [ 424]  dhparam-ffdhe-2048.pem
│   ├── [ 604]  dhparam-ffdhe-3072-openssl-275.pem
│   ├── [ 595]  dhparam-ffdhe-3072.pem
│   ├── [ 774]  dhparam-ffdhe-4096-openssl-325.pem
│   ├── [ 769]  dhparam-ffdhe-4096.pem
│   ├── [1.1K]  dhparam-ffdhe-6144-openssl-375.pem
│   ├── [1.1K]  dhparam-ffdhe-6144.pem
│   ├── [1.4K]  dhparam-ffdhe-8192-openssl-400.pem
│   ├── [1.4K]  dhparam-ffdhe-8192.pem
│   ├── [ 429]  dhparam-modp-2048-openssl-225.pem
│   ├── [ 424]  dhparam-modp-2048.pem
│   ├── [ 604]  dhparam-modp-3072-openssl-275.pem
│   ├── [ 595]  dhparam-modp-3072.pem
│   ├── [ 774]  dhparam-modp-4096-openssl-325.pem
│   ├── [ 769]  dhparam-modp-4096.pem
│   ├── [1.1K]  dhparam-modp-6144-openssl-375.pem
│   ├── [1.1K]  dhparam-modp-6144.pem
│   ├── [1.4K]  dhparam-modp-8192-openssl-400.pem
│   └── [1.4K]  dhparam-modp-8192.pem
├── [   4]  dev-requirements.txt
├── [4.0K]  dheater
│   ├── [ 24K]  __main__.py
│   └── [ 380]  __setup__.py
├── [ 255]  Dockerfile
├── [4.0K]  fail2ban
│   ├── [ 301]  apache-ssl.conf
│   └── [ 573]  dovecot-ssl.conf
├── [ 11K]  LICENSE.txt
├── [  38]  MANIFEST.in
├── [ 857]  README.md
├── [  42]  requirements.txt
├── [2.7K]  setup.py
├── [4.0K]  test
│   ├── [   0]  __init__.py
│   └── [ 886]  test_tls.py
├── [4.0K]  tools
│   └── [1.6K]  dh_param_priv_key_size_setter
└── [ 518]  tox.ini

5 directories, 35 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。