Skip to content
/ heartbleed Public

πŸ’” Heartbleed vulnerability exploit written in Rust

4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mrgian/heartbleed

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

7 Commits
src
src
Β 
Β 
.gitignore
.gitignore
Β 
Β 
Cargo.lock
Cargo.lock
Β 
Β 
Cargo.toml
Cargo.toml
Β 
Β 
README.md
README.md
Β 
Β 

Repository files navigation

Heartbleed πŸ’”

Heartbleed vulnerability exploit written in Rust

What is it

Heartbleed is a buffer over-read vulnerability in outdated versions of OpenSSL, caused by a missing bound check in the heartbeat extension. It can be exploited by crafting a malicious heartbeat packet, with a specified payload lenght bigger than the actual lenght of the payload, resulting in a buffer over-read, exposing potentially sensitive data in memory.

This repo is an exploit written in Rust for this vulnerability.

How to run

Build a vulnerable version of OpenSSL

wget https://www.openssl.org/source/openssl-1.0.1b.tar.gz
tar -xvf openssl-1.0.1b.tar.gz
cd openssl-1.0.1b
./config
make

Generate a new certificate

openssl req -x509 -nodes -days 365 -newkey rsa -keyout cert.pem -out cert.pem

Run a vulnerable server

<path to vulnerable OpenSSL>/apps/openssl s_server -cert cert.pem

Run the exploit

git clone https://github.com/mrgian/heartbleed.git
cd heartbleed
cargo run -- 127.0.0.1:4433

The content of memory should be dumped to data.txt

About

πŸ’” Heartbleed vulnerability exploit written in Rust

Resources

Readme
Activity

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages