Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Contact:https://twitter.com/N4rCochaos
- #!/usr/bin/perl
- # hb_honeypot.pl -- a quick 'n dirty honeypot hack for Heartbleed
- #
- # This Perl script listens on TCP port 443 and responds with completely bogus
- # SSL heartbeat responses, unless it detects the start of a byte pattern
- # similar to that used in Jared Stafford's (jspenguin@jspenguin.org) demo for
- # CVE-2014-0160 'Heartbleed'.
- #
- # Run as root for the privileged port. Outputs IPs of suspected heartbleed scan
- # to the console. Rickrolls scanner in the hex dump.
- #
- # 8 April 2014
- # http://www.glitchwrks.com/
- # shouts to binrev
- use strict;
- use warnings;
- use IO::Socket;
- my $sock = new IO::Socket::INET (
- LocalPort => '443',
- Proto => 'tcp',
- Listen => 1,
- Reuse => 1,
- );
- die "Could not create socket!" unless $sock;
- # The "done" bit of the handshake response
- my $done = pack ("H*", '16030100010E');
- # Your message here
- my $taunt = "09809*)(*)(76&^%&(*&^7657332 Hi there! Your scan has been logged! Have no fear, this is for research only -- We're never gonna give you up, never gonna let you down!";
- my $troll = pack ("H*", ('180301' . sprintf( "%04x", length($taunt))));
- # main "barf responses into the socket" loop
- while (my $client = $sock->accept()) {
- $client->autoflush(1);
- my $found = 0;
- # read things that look like lines, puke nonsense heartbeat responses until
- # a line that looks like it's from the PoC shows up
- while (<$client>) {
- my $line = unpack("H*", $_);
- if ($line =~ /^0034.*/) {
- print $client $done;
- $found = 1;
- } else {
- print $client $troll;
- print $client $taunt;
- }
- if ($found == 1) {
- print $client $troll;
- print $client $taunt;
- print $client->peerhost . "\n";
- $found = 0;
- }
- }
- }
- close($sock);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
