lost and found ( for me ? )

openssl : check vulnerability CVE-2014-0160 using Heartbleed

Here is how to check if your OpenSSL libraries are vulnerable of CVE-2014-0160.

install go 1.2 which is required to use Heartbleed.
# go version
go version go1.2 linux/amd64

install Heartbleed.
# go get github.com/FiloSottile/Heartbleed
# go install github.com/FiloSottile/Heartbleed

# which Heartbleed
/root/.gvm/pkgsets/go1.2/global/bin/Heartbleed

# Heartbleed  --help
Usage of Heartbleed:
 -starttls="": use STARTTLS

# Heartbleed  192.168.0.1:443
2014/04/09 21:31:05 192.168.0.1:443 - SAFE

# Heartbleed 192.168.0.2:443
2014/04/09 13:00:07 ([]uint8) {
00000000  02 00 79 68 65 61 72 74  62 6c 65 65 64 2e 66 69  |..yheartbleed.fi|
00000010  6c 69 70 70 6f 2e 69 6f  59 45 4c 4c 4f 57 20 53  |lippo.ioYELLOW S|
00000020  55 42 4d 41 52 49 4e 45  9e ec 94 05 14 3c 96 75  |UBMARINE.....<.u|
00000030  76 5c ab 5b 0b 69 8f fd  cb 97 8a 00 b9 b2 25 29  |v\.[.i........%)|
00000040  7e 3e 50 23 9b 17 e7 0c  75 4b 1c 0c 7d 21 99 89  |~>P#....uK..}!..|
00000050  aa ed dc 67 e0 41 51 05  a6 40 b8 6d 0e 55 50 cb  |...g.AQ..@.m.UP.|
00000060  ca 96 f1 3d 83 10 82 60  12 8c d6 fd da b6 35 79  |...=...`......5y|
00000070  07 18 b3 48 5c e9 5b f5  2b 2c 4e 87 49 84 71 10  |...H\.[.+,N.I.q.|
00000080  16 bf bd 6c 12 65 ef 33  02 a9 22 38              |...l.e.3.."8|
}

2014/04/09 22:00:07 192.168.0.2:443 - VULNERABLE

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.