indutny / heartbleed Goto Github PK
View Code? Open in Web Editor NEWExtracting server private key using Heartbleed OpenSSL vulnerability.
Extracting server private key using Heartbleed OpenSSL vulnerability.
Hi,
after installing with npm install -g heartbleed.js
I'm getting a segfault when trying to start it. I've rebuilt nodejs at the same place without the patch which was used previously.
Install log:
npm install -g heartbleed.js
npm http GET https://registry.npmjs.org/heartbleed.js
npm http 304 https://registry.npmjs.org/heartbleed.js
npm http GET https://registry.npmjs.org/asn1.js
npm http GET https://registry.npmjs.org/asn1.js-rfc3280
npm http GET https://registry.npmjs.org/bignum
npm http GET https://registry.npmjs.org/bindings
npm http GET https://registry.npmjs.org/progress
npm http GET https://registry.npmjs.org/yargs
npm http 304 https://registry.npmjs.org/asn1.js-rfc3280
npm http 304 https://registry.npmjs.org/bindings
npm http 304 https://registry.npmjs.org/progress
npm http 304 https://registry.npmjs.org/asn1.js
npm http 304 https://registry.npmjs.org/bignum
npm http 304 https://registry.npmjs.org/yargs
> [email protected] install /home/hb/.node/0.10.26-hb/lib/node_modules/heartbleed.js/node_modules/bignum
> node-gyp configure build
make: Entering directory `/home/hb/.node/0.10.26-hb/lib/node_modules/heartbleed.js/node_modules/bignum/build'
CXX(target) Release/obj.target/bignum/bignum.o
SOLINK_MODULE(target) Release/obj.target/bignum.node
SOLINK_MODULE(target) Release/obj.target/bignum.node: Finished
COPY Release/bignum.node
make: Leaving directory `/home/hb/.node/0.10.26-hb/lib/node_modules/heartbleed.js/node_modules/bignum/build'
npm http GET https://registry.npmjs.org/minimist
npm http 304 https://registry.npmjs.org/minimist
/home/hb/.node/0.10.26-hb/bin/heartbleed -> /home/hb/.node/0.10.26-hb/lib/node_modules/heartbleed.js/heartbleed.js
> [email protected] install /home/hb/.node/0.10.26-hb/lib/node_modules/heartbleed.js
> node-gyp rebuild
make: Entering directory `/home/hb/.node/0.10.26-hb/lib/node_modules/heartbleed.js/build'
CXX(target) Release/obj.target/heartbleed/src/heartbleed.o
SOLINK_MODULE(target) Release/obj.target/heartbleed.node
SOLINK_MODULE(target) Release/obj.target/heartbleed.node: Finished
COPY Release/heartbleed.node
make: Leaving directory `/home/hb/.node/0.10.26-hb/lib/node_modules/heartbleed.js/build'
[email protected] /home/hb/.node/0.10.26-hb/lib/node_modules/heartbleed.js
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected] ([email protected])
└── [email protected]
which heartbleed
/home/hb/.node/0.10.26-hb/bin/heartbleed
gdb node
GNU gdb (GDB) 7.6.2 (Debian 7.6.2-1)
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/hb/.node/0.10.26-hb/bin/node...done.
(gdb) r /home/hb/.node/0.10.26-hb/bin/heartbleed
Starting program: /home/hb/.node/0.10.26-hb/bin/node /home/hb/.node/0.10.26-hb/bin/heartbleed
warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7ffff7ffa000
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff7fec700 (LWP 8559)]
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff69eaf74 in _GLOBAL__sub_I_heartbleed.cc () from /home/hb/.node/0.10.26-hb/lib/node_modules/heartbleed.js/build/Release/heartbleed.node
System is a 64-bit debian testing.
https://twitter.com/indutny/status/456057773244309504
I feel like you should put this warning in a very clear place, it might not be apparent to everyone.
Heartbleeding website.com:443, stay calm...
Cert loaded...
/usr/lib/node_modules/heartbleed.js/heartbleed.js:65
s.fakeHeartbeat(sent);
^
TypeError: Object # has no method 'fakeHeartbeat'
at send (/usr/lib/node_modules/heartbleed.js/heartbleed.js:65:9)
at null._onTimeout (/usr/lib/node_modules/heartbleed.js/heartbleed.js:57:7)
at Timer.listOnTimeout as ontimeout
$ npm install -g heartbleed.js
npm http GET https://registry.npmjs.org/heartbleed.js
npm ERR! Error: failed to fetch from registry: heartbleed.js
npm ERR! at /usr/share/npm/lib/utils/npm-registry-client/get.js:139:12
npm ERR! at cb (/usr/share/npm/lib/utils/npm-registry-client/request.js:31:9)
npm ERR! at Request._callback (/usr/share/npm/lib/utils/npm-registry-client/request.js:136:18)
npm ERR! at Request.callback (/usr/lib/nodejs/request/main.js:119:22)
npm ERR! at Request. (/usr/lib/nodejs/request/main.js:212:58)
npm ERR! at Request.emit (events.js:88:20)
npm ERR! at ClientRequest. (/usr/lib/nodejs/request/main.js:412:12)
npm ERR! at ClientRequest.emit (events.js:67:17)
npm ERR! at HTTPParser.onIncoming (http.js:1261:11)
npm ERR! at HTTPParser.onHeadersComplete (http.js:102:31)
npm ERR! You may report this log at:
npm ERR! http://bugs.debian.org/npm
npm ERR! or use
npm ERR! reportbug --attach /home/ricardo/Downloads/npm-debug.log npm
npm ERR!
npm ERR! System Linux 3.11.0-19-generic
npm ERR! command "node" "/usr/bin/npm" "install" "-g" "heartbleed.js"
npm ERR! cwd /home/ricardo/Downloads
npm ERR! node -v v0.6.12
npm ERR! npm -v 1.1.4
npm ERR! message failed to fetch from registry: heartbleed.js
npm ERR!
npm ERR! Additional logging details can be found in:
npm ERR! /home/ricardo/Downloads/npm-debug.log
npm not ok
Heartbleeding 146.137.56.123:443, stay calm...
Cert loaded...
/home/XXX/.node/0.10.26-hb/lib/node_modules/heartbleed.js/heartbleed.js:95
s.pair.ssl.isSessionReused();
^
TypeError: Cannot call method 'isSessionReused' of null
at send (/home/XXX/.node/0.10.26-hb/lib/node_modules/heartbleed.js/heartbleed.js:95:18)
at null._onTimeout (/home/XXX/.node/0.10.26-hb/lib/node_modules/heartbleed.js/heartbleed.js:67:7)
at Timer.listOnTimeout as ontimeout
In heartbleed.js, the length of the heartbeat request could be random. But why would you have this feature? Isn't maximum length always the better choice? Thank you!
user@ubuntu:~/heartbleed$ heartbleed
node.js:201
throw e; // process.nextTick error, or 'error' event on first tick
^
Error: Could not locate the bindings file. Tried:
→ /usr/local/lib/node_modules/heartbleed.js/build/heartbleed.node
→ /usr/local/lib/node_modules/heartbleed.js/build/Debug/heartbleed.node
→ /usr/local/lib/node_modules/heartbleed.js/build/Release/heartbleed.node
→ /usr/local/lib/node_modules/heartbleed.js/out/Debug/heartbleed.node
→ /usr/local/lib/node_modules/heartbleed.js/Debug/heartbleed.node
→ /usr/local/lib/node_modules/heartbleed.js/out/Release/heartbleed.node
→ /usr/local/lib/node_modules/heartbleed.js/Release/heartbleed.node
→ /usr/local/lib/node_modules/heartbleed.js/build/default/heartbleed.node
→ /usr/local/lib/node_modules/heartbleed.js/compiled/0.6.12/linux/x64/heartbleed.node
at bindings (/usr/local/lib/node_modules/heartbleed.js/node_modules/bindings/bindings.js:88:9)
at Object.<anonymous> (/usr/local/lib/node_modules/heartbleed.js/heartbleed.js:2:34)
at Module._compile (module.js:441:26)
at Object..js (module.js:459:10)
at Module.load (module.js:348:32)
at Function._load (module.js:308:12)
at Array.0 (module.js:479:10)
at EventEmitter._tickCallback (node.js:192:41)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.