CVE-2014-0160 PoC — OpenSSL 缓冲区错误漏洞

Source

https://github.com/0x00-V/heartbleed-poc

Associated Vulnerability

Title:OpenSSL 缓冲区错误漏洞 (CVE-2014-0160)
Description:OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层（SSL v2/v3）和安全传输层（TLS v1）协议的通用加密库，它支持多种加密算法，包括对称密码、哈希算法、安全散列算法等。 OpenSSL的TLS和DTLS实现过程中的d1_both.c和t1_lib.c文件中存在安全漏洞，该漏洞源于当处理Heartbeat Extension数据包时，缺少边界检查。远程攻击者可借助特制的数据包利用该漏洞读取服务器内存中的敏感信息(如用户名、密码、Cookie、私钥等)。以下版本的OpenSSL受到

Description

Proof of concept for CVE-2014-0160 (OpenSSL 1.0.1 - Heartbleed)

Readme

# Heartbleed PoC

This repository contains a simple **Proof of Concept (PoC)** implementation to test for the Heartbleed vulnerability (CVE-2014-0160) on TLS/SSL servers.

---

## Overview

Heartbleed is a critical security bug in the OpenSSL library that allows attackers to read more data than intended from a server’s memory via crafted heartbeat requests. This PoC demonstrates how to trigger the vulnerability by:

- Sending a valid TLS Client Hello to initiate a handshake
- Sending a malicious heartbeat request with an incorrect payload length
- Receiving leaked memory data from the server if vulnerable

---

## Usage

Compile the code with a C++ compiler (Don't forget to change host string and port on line 41 and 42):

```bash
g++ -o heartbleed_poc exploit.c++
```
Run the code:
```bash
./heartbleed_poc
```

You can test this script here: https://tryhackme.com/room/heartbleed

File Snapshot


 [4.0K]  /data/pocs/a81da0314f2325296b042e7d09961fa37e3a95ce
├── [4.1K]  exploit.c++
└── [ 893]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!