Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-0160 PoC — OpenSSL 缓冲区错误漏洞

Source
https://github.com/OffensivePython/HeartLeak
Associated Vulnerability
Title:OpenSSL 缓冲区错误漏洞 (CVE-2014-0160)
Description:OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层(SSL v2/v3)和安全传输层(TLS v1)协议的通用加密库,它支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL的TLS和DTLS实现过程中的d1_both.c和t1_lib.c文件中存在安全漏洞,该漏洞源于当处理Heartbeat Extension数据包时,缺少边界检查。远程攻击者可借助特制的数据包利用该漏洞读取服务器内存中的敏感信息(如用户名、密码、Cookie、私钥等)。以下版本的OpenSSL受到
Description
CVE-2014-0160 (Heartbeat Buffer over-read bug)
Readme
HeartLeak
=========

Yet, another exploitation script for the most buzzed bug of all the time. 
The script has two features:


scan: Generates random hosts (IP addresses), checks if they supports OpenSSL, test them if they vulnerable to CVE-2014-0160 (Heartbeat Buffer over-read bug) and save vulnerable hosts in a TXT file


monitor: This keeps sending malicious heartbeat requests, dumps leaked data "as is" in a file. It also looks for printable data, save them in a TXT file and display them on the screen.
File Snapshot

 [4.0K]  /data/pocs/6c573a5bf4e777d3512db33881d94ca077f696ca
├── [8.0K]  HeartLeak.py
├── [1.1K]  LICENSE
└── [ 511]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.