esrever10 esrever10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org) | |
| # Modified by Derek Callaway (decal@ethernet.org) to add STARTTLS protocols | |
| # The authors disclaim copyright to this source code. | |
| import sys | |
| import struct |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * CVE-2014-0160 heartbleed OpenSSL information leak exploit | |
| * ========================================================= | |
| * This exploit uses OpenSSL to create an encrypted connection | |
| * and trigger the heartbleed leak. The leaked information is | |
| * returned encrypted and is then decrypted, decompressed and | |
| * wrote to a file to annoy IDS/forensics. The exploit can set | |
| * the heatbeart payload length arbitrarily or use two preset | |
| * values for 0x00 and MAX length. The vulnerability occurs due | |
| * to bounds checking not being performed on a heap value which |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org) | |
| # The author disclaims copyright to this source code. | |
| import sys | |
| import struct | |
| import socket | |
| import time | |
| import select |
NewerOlder