Want more features on Pastebin? Sign Up, it's FREE!
Guest

OpenSSL 1.0.1g - Private Exploit

By: a guest on Apr 22nd, 2014  |  syntax: None  |  size: 2.57 KB  |  views: 9,030  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. --  OpenSSL 1.0.1g / OpenSSL 1.0.2beta - Memory Disclosure - Latest Versions (PRIVATE EXPLOIT) --
  2.  
  3.  
  4. ** CONTACT US AT - BitWasp@SafeMail.net **
  5. You can sent us a message at our email, feel free to contact us at bitwasp@safe-mail.net
  6.  
  7.  
  8. We have just found an vulnerability in the patched version OpenSSL.
  9. A missing bounds check in the handling of the variable "DOPENSSL_NO_HEARTBEATS"
  10. We could successfully Overflow the "DOPENSSL_NO_HEARTBEATS" and retrieve 64kb chunks of data again on the updated version.
  11.  
  12. This exploit will not get public and will remain private, we have coded the script in python,
  13. and we will use our own code for a long time before this gets patched.
  14.  
  15. We are team of five people, and we have coded nonstop for 14 days
  16. to see if we could fid a workaround, and we did it!
  17. We have no reason to make it public when the vendors will go for a update again.
  18. This will have a reasonable price for all you pentester out there who want to exploit in the wild.
  19.  
  20. OpenSSL 1.0.1g
  21. if ( 1 + 2 + payload + 16 > s -> s3 -> rrec. length ) return 0 ; /* silently discard per RFC 6520 sec.
  22.  
  23. EXPLOIT PoC
  24.  
  25. http://imgur.com/hZoHF1H
  26.  
  27. --------------------------------------------------------------------
  28. - OpenSSL 1.0.1g / OpenSSL 1.0.2beta - Memory Disclosure - (CURRENT VERSION - AFFECTS ALL UPDATED OPENSSL) #
  29. - Date: [2014/04/22]
  30. - Vendor Homepage: [ http://www.openssl.org/ ]
  31. - Software Link: [ http://www.openssl.org/source/openssl-1.0.1g.tar.gz ]
  32. - Vulnerabilities OpenSSL: [ https://www.openssl.org/news/vulnerabilities.html ]
  33. - Version: [1.0.1g]
  34.  
  35. - For exploit contact: bitwasp@safe-mail.net
  36. http://imgur.com/hZoHF1H
  37.  
  38. --------------------------------------------------------------------
  39. " PRICES "
  40.  
  41. You can sent the payment to one of the following addresses below, but contact us for download link!
  42.  
  43. (Bitcoin / BTC): 2.5 BTC - 1BKRqnmWNfK5qjhouMaBFHwjHK9ibfrKhx
  44. (Litecoin / LTC): 100 LTC - LWCtRokVZYwCRGL4xksi4KCwTjSerg8ueY
  45.  
  46. --------------------------------------------------------------------
  47.  
  48. After payment, we will sent you a download link. The download link will contain 2 exploits written in Python.
  49. Sent us a message at our email: BitWasp@safe-mail.net
  50.  
  51. " REQUIREMENTS "
  52. Python 2.7.3
  53. Basic Commands
  54.  
  55. Put exploits in C:\ and open CMD. Run .py scripts with arguments "C:\opensslv101g.py --url=www.coinbase.com --port=443"
  56.  
  57. 1. opensslv101g.py, Readme, Documentation and PoC. Ensure your version is - (1.0.1g, 1.0.2-beta1)
  58. 2. openssl.py - Ensure your version is - 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1, 1.0.2-beta1
  59.  
  60.  
  61. ---- Bitwasp@Safe-Mail.net ----
clone this paste RAW Paste Data