Here is how to check if your OpenSSL libraries are vulnerable of CVE-2014-0160.
install go 1.2 which is required to use Heartbleed.
# go version
go version go1.2 linux/amd64
|
install Heartbleed.
# go get github.com/FiloSottile/Heartbleed
# go install github.com/FiloSottile/Heartbleed
|
# which Heartbleed
/root/.gvm/pkgsets/go1.2/global/bin/Heartbleed
# Heartbleed --help
Usage of Heartbleed:
-starttls="": use STARTTLS
|
# Heartbleed 192.168.0.1:443
2014/04/09 21:31:05 192.168.0.1:443 - SAFE
|
# Heartbleed 192.168.0.2:443
2014/04/09 13:00:07 ([]uint8) {
00000000 02 00 79 68 65 61 72 74 62 6c 65 65 64 2e 66 69 |..yheartbleed.fi|
00000010 6c 69 70 70 6f 2e 69 6f 59 45 4c 4c 4f 57 20 53 |lippo.ioYELLOW S|
00000020 55 42 4d 41 52 49 4e 45 9e ec 94 05 14 3c 96 75 |UBMARINE.....<.u|
00000030 76 5c ab 5b 0b 69 8f fd cb 97 8a 00 b9 b2 25 29 |v\.[.i........%)|
00000040 7e 3e 50 23 9b 17 e7 0c 75 4b 1c 0c 7d 21 99 89 |~>P#....uK..}!..|
00000050 aa ed dc 67 e0 41 51 05 a6 40 b8 6d 0e 55 50 cb |...g.AQ..@.m.UP.|
00000060 ca 96 f1 3d 83 10 82 60 12 8c d6 fd da b6 35 79 |...=...`......5y|
00000070 07 18 b3 48 5c e9 5b f5 2b 2c 4e 87 49 84 71 10 |...H\.[.+,N.I.q.|
00000080 16 bf bd 6c 12 65 ef 33 02 a9 22 38 |...l.e.3.."8|
}
2014/04/09 22:00:07 192.168.0.2:443 - VULNERABLE
|
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.