关联漏洞
标题:
OpenSSL 缓冲区错误漏洞
(CVE-2014-0160)
描述:OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层(SSL v2/v3)和安全传输层(TLS v1)协议的通用加密库,它支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL的TLS和DTLS实现过程中的d1_both.c和t1_lib.c文件中存在安全漏洞,该漏洞源于当处理Heartbeat Extension数据包时,缺少边界检查。远程攻击者可借助特制的数据包利用该漏洞读取服务器内存中的敏感信息(如用户名、密码、Cookie、私钥等)。以下版本的OpenSSL受到
描述
bleed is a tool to test servers for the 'Heartbleed' vulnerability (CVE-2014-0160).
介绍
# bleed
bleed is a tool to test servers for the '[Heartbleed](http://heartbleed.com)' vulnerability ([CVE-2014-0160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160)).
## Usage
```
$ bleed example.org
> Connecting...
> Sending Client Hello
Waiting for Server Hello...
< Received message: type = 22, ver = 0302, length = 61
< Received message: type = 22, ver = 0302, length = 6442
< Received message: type = 22, ver = 0302, length = 331
< Received message: type = 22, ver = 0302, length = 4
> Sending Heartbeat request
Unexpected EOF receiving record header. Server closed connection.
No heartbeat response. Server likely not vulnerable.
```
## Installation
### Prerequisites
* The package manager [Composer](http://getcomposer.org).
* Composer global vendor directory in your path (e.g. `export PATH=~/.composer/vendor/bin:$PATH`).
* You might have to add `"minimum-stability": "dev"` to your global `composer.json` (by default in `~/.composer/composer.json`).
### Actual installation
```
composer global require 'dominik/bleed=dev-master'
```
Composer will now install `bleed` and its dependencies.
## Updating
```
composer global update 'dominik/bleed'
```
## Fineprint
*As your attorney, I advise you* to not use this software to do stuff that's not legal under the laws applicable to wherever you may be located and whatever you are doing with it. If you need an analogy: It may be allowed to run over things in your own backyard with your car, but in most jurisdictions it's probably illegal to run over things in the streets.
* [License](https://github.com/DominikTo/bleed/blob/master/LICENSE)
* [Disclaimer](http://knowyourmeme.com/memes/i-have-no-idea-what-im-doing)
文件快照
[4.0K] /data/pocs/3ef7f69945fa423abb234b68619200398324f8b5
├── [4.0K] bin
│ └── [ 871] bleed
├── [ 503] composer.json
├── [4.0K] lib
│ └── [4.0K] bleed
│ ├── [4.1K] bleed.php
│ └── [4.0K] Payload
│ ├── [ 394] Heartbeat.php
│ ├── [1.0K] Hello.php
│ └── [ 590] Payload.php
├── [1.5K] LICENSE
└── [1.7K] README.md
4 directories, 8 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。