HeartBleed Response with Vulnerable System:-
*Greetz to m0bi13_xT and My PC
Here's a nice collection of heart bleed tools to help you along with this exploit:-
'ONLINE' OpenSSL Heartbleed Vulnerability Scanner:
This is for those of you in this thread that are having trouble with the Python scripts below
--https://pentest-tools.com/vulnerability-scanning/openssl-heartbleed-scanner
A Checker: (site and tool) for CVE-2014-0160:
--https://github.com/FiloSottile/Heartbleed
ssltest.py: Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford
--http://pastebin.com/WmxzjkXJ
ssltest.py: (modified version) Added URL crawler and auto-detection function, reducing the trouble to manually enter the URL. You can also use a proxy server, so you can choose your own search engine in the code, and change their keywords. Feel free to edit/modify to suit your needs.
--http://pastebin.com/cLt1Uk6H
ssltest.py: (modified version #2) This version is updated for handling different version of SSL/TLS
--http://pastebin.com/WtDbK1gR
pacemaker.py: Pacemaker Attempts to abuse OpenSSL clients that are vulnerable to Heartbleed (CVE-2014-0160). Compatible with Python 2 and 3.
--https://github.com/Lekensteyn/pacemaker
SSL Server Test:
--https://www.ssllabs.com/ssltest/index.html
Metasploit Module:
--https://github.com/rapid7/metasploit-framework/pull/3206/files
Nmap NSE script: Detects whether a server is vulnerable to the OpenSSL Heartbleed:
--https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse
Nmap NSE script: Quick'n'Dirty OpenVAS nasl wrapper for ssl_heartbleed based on ssl_cert_expiry.nas
--https://gist.github.com/RealRancor/10140249
Heartbleeder: Tests your servers for OpenSSL:
--https://github.com/titanous/heartbleeder?files=1
Heartbleed Attack POC and Mass Scanner:
--https://bitbucket.org/fb1h2s/cve-2014-0160
Heartbleed Honeypot Script:
--http://packetstormsecurity.com/files/126068/hb_honeypot.pl.txt
Bleed Out Heartbleed Command Line Tool v.1.0.0.10:
Bleed Out is a command line tool written in C# for targeting instances of OpenSSL made vulnerable by the prolific "Heartbleed" bug. The tool aggressively exploits the OpenSSL vulnerability, dumping both ASCII and binary data to files. It also checks the uniqueness of each chunk before persisting it, to ensure that duplicate chunks are not saved.
--https://pentest-tools.com/vulnerability-scanning/openssl-heartbleed-scanner
A Checker: (site and tool) for CVE-2014-0160:
--https://github.com/FiloSottile/Heartbleed
ssltest.py: Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford
--http://pastebin.com/WmxzjkXJ
ssltest.py: (modified version) Added URL crawler and auto-detection function, reducing the trouble to manually enter the URL. You can also use a proxy server, so you can choose your own search engine in the code, and change their keywords. Feel free to edit/modify to suit your needs.
--http://pastebin.com/cLt1Uk6H
ssltest.py: (modified version #2) This version is updated for handling different version of SSL/TLS
--http://pastebin.com/WtDbK1gR
pacemaker.py: Pacemaker Attempts to abuse OpenSSL clients that are vulnerable to Heartbleed (CVE-2014-0160). Compatible with Python 2 and 3.
--https://github.com/Lekensteyn/pacemaker
SSL Server Test:
--https://www.ssllabs.com/ssltest/index.html
Metasploit Module:
--https://github.com/rapid7/metasploit-framework/pull/3206/files
Nmap NSE script: Detects whether a server is vulnerable to the OpenSSL Heartbleed:
--https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse
Nmap NSE script: Quick'n'Dirty OpenVAS nasl wrapper for ssl_heartbleed based on ssl_cert_expiry.nas
--https://gist.github.com/RealRancor/10140249
Heartbleeder: Tests your servers for OpenSSL:
--https://github.com/titanous/heartbleeder?files=1
Heartbleed Attack POC and Mass Scanner:
--https://bitbucket.org/fb1h2s/cve-2014-0160
Heartbleed Honeypot Script:
--http://packetstormsecurity.com/files/126068/hb_honeypot.pl.txt
Bleed Out Heartbleed Command Line Tool v.1.0.0.10:
Bleed Out is a command line tool written in C# for targeting instances of OpenSSL made vulnerable by the prolific "Heartbleed" bug. The tool aggressively exploits the OpenSSL vulnerability, dumping both ASCII and binary data to files. It also checks the uniqueness of each chunk before persisting it, to ensure that duplicate chunks are not saved.
http://packetstormsecurity.com/files/126102/BleedOut1.0.0.10.zip
Windows CMD example:
Code:
C:\Users\frank3nstien\Desktop\BleedOut1.0.0.10-1\Bin>BleedOut -h quirktools.com
Windows CMD example:
Code:
C:\Users\frank3nstien\Desktop\BleedOut1.0.0.10-1\Bin>BleedOut -h quirktools.com
Enjoy and Thanks for viewing my Blog
Thanks for sharing your honest experience. When I first took a look at my head shots,
ReplyDeleteI wasn’t too thrilled with mine but you’ve given me a new perspective!