Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-0160 PoC — OpenSSL 缓冲区错误漏洞

Source
https://github.com/BelminD/heartbleed
Associated Vulnerability
Title:OpenSSL 缓冲区错误漏洞 (CVE-2014-0160)
Description:OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层(SSL v2/v3)和安全传输层(TLS v1)协议的通用加密库,它支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL的TLS和DTLS实现过程中的d1_both.c和t1_lib.c文件中存在安全漏洞,该漏洞源于当处理Heartbeat Extension数据包时,缺少边界检查。远程攻击者可借助特制的数据包利用该漏洞读取服务器内存中的敏感信息(如用户名、密码、Cookie、私钥等)。以下版本的OpenSSL受到
Description
A collection of scripts and instructions to test CVE-2014-0160 (heartbleed). ❤️ 🩸
Readme
# heartbleed

## Execute the heartbleed exploit

`python heartbleed.py 127.0.0.1 -p 8443`

## Setup and run server

- Install docker and run the daemon
- Install the docker container with `docker pull hmlio/vaas-cve-2014-0160`
- Run the container with a port mapping `docker run -d -p 8443:443 hmlio/vaas-cve-2014-0160`
- Open your browser and visit `https://localhost:8443/`

## Spoof data

```
cd data_spoof
npm install
node send_data.js
```

## Edit frontend

### One file

- `docker cp container_name:/var/www/index.html .`
- Edit the file locally
- `docker cp index.html container_name:/var/www/index.html`

### Entire directory

- `docker cp container_name:/var/www .`
- Edit the file locally
- `docker cp www container_name:/var/`
File Snapshot

 [4.0K]  /data/pocs/2d261aee3070fac15f83a6b053f7cdc0a707cec4
├── [4.0K]  data_spoof
│   ├── [ 92K]  example.png
│   ├── [ 640]  package.json
│   ├── [ 16K]  package-lock.json
│   └── [ 926]  send_data.js
├── [4.1K]  heartbleed.py
├── [1.0M]  login.png
├── [ 199]  Makefile
├── [4.0K]  misc
│   └── [1.5K]  old_spoof.py
├── [ 738]  README.md
└── [4.0K]  server
    ├── [1.4K]  Dockerfile
    ├── [7.0K]  icon.png
    └── [4.0K]  www
        ├── [4.0K]  assets
        │   └── [7.1K]  heartbleed.png
        ├── [4.0K]  css
        │   ├── [ 70K]  animate.min.css
        │   ├── [174K]  bootstrap.css
        │   ├── [402K]  bootstrap.css.map
        │   ├── [ 43K]  bootstrap-grid.css
        │   ├── [ 94K]  bootstrap-grid.css.map
        │   ├── [ 33K]  bootstrap-grid.min.css
        │   ├── [ 74K]  bootstrap-grid.min.css.map
        │   ├── [141K]  bootstrap.min.css
        │   ├── [539K]  bootstrap.min.css.map
        │   ├── [4.7K]  bootstrap-reboot.css
        │   ├── [ 56K]  bootstrap-reboot.css.map
        │   ├── [3.8K]  bootstrap-reboot.min.css
        │   └── [ 25K]  bootstrap-reboot.min.css.map
        ├── [3.4K]  index.html
        └── [4.0K]  js
            ├── [191K]  bootstrap.bundle.js
            ├── [319K]  bootstrap.bundle.js.map
            ├── [ 66K]  bootstrap.bundle.min.js
            ├── [267K]  bootstrap.bundle.min.js.map
            ├── [112K]  bootstrap.js
            ├── [191K]  bootstrap.js.map
            ├── [ 48K]  bootstrap.min.js
            └── [158K]  bootstrap.min.js.map

7 directories, 34 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.