Scribd
Upload
42 views16 pages

Exploita) On Notes On CVE - 2014 - 0160

Heartbleed security

Uploaded by

Mo Amen
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
42 views16 pages

Exploita) On Notes On CVE - 2014 - 0160

Heartbleed security

Uploaded by

Mo Amen
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

LxplolLauon noLes on CvL-2014-0160

2014 MuSec Consulung LLd. All rlghLs reserved.


LxplolLauon noLes on CvL-2014-0160
PearLbleed <3
- 1he vulnerablllLy ls announced Lo Lhe world 7
Lh
Aprll 2014 by a webslLe,
CpenSSL SecurlLy Advlsory and CpenSSL 1.0.1g release.
- ulscovered by 8lku, Anm & Mam and neel MehLa.
- l searched Lhe page for a web carL.
- ShorLly Lhe nexL day ..
- !ared SLaord released sslLesL.py"
- SecurlLy communlLy scrambled Lo x.

2014 MuSec Consulung LLd. All rlghLs reserved.
LxplolLauon noLes on CvL-2014-0160
8lC-6320 PearLbeaL LxLenslon
8ug lnLroduced Lo Lhe world n?L
2011 durlng lmplemenLauon of
8lC-6320 ln CpenSSL 1.0.1

Lnabled by defaulL ln CpenSSL
1.0.1

llxed ln CpenSSL 1.0.1g & CpenSSL
1.0.2-beLa1 sull vulnerable - (glL
has x.)

lf you run beLa code on producuon
servers.

2014 MuSec Consulung LLd. All rlghLs reserved.
LxplolLauon noLes on CvL-2014-0160
vulnerablllLy

2014 MuSec Consulung LLd. All rlghLs reserved.
LxplolLauon noLes on CvL-2014-0160
Pow does lL work?

2014 MuSec Consulung LLd. All rlghLs reserved.
LxplolLauon noLes on CvL-2014-0160
Pow does lL work?

2014 MuSec Consulung LLd. All rlghLs reserved.
LxplolLauon noLes on CvL-2014-0160
LeL Lhe games commence.
!"#$% '()*")* +',- #.$ /012 34%%"() !#()5('5 0()62 7(.,,82 9:$)!!;2 0$<*"()
1)#$<<"*$)=$ !$'>"=$ ()5 -()? -,'$ %.,@) (% <$(6")* 5(#(A
- Screen shoLs of sslLesL.py" dumplng 16384 byLes of heap memory began Lo
appear on soclal medla slLes. 1he conLenL's of Lhe memory were alarmlng.

- luS/lS and SecurlLy vendors began Lo release deLecuon slgnaLures & scanners.
- Medla frenzy ensued spreadlng confuslng lnformauon e.g. #PearLbleedvlrus
- 1he vulnerablllLy was sull noL fully reallzed. Mlsconcepuons abound.


2014 MuSec Consulung LLd. All rlghLs reserved.
LxplolLauon noLes on CvL-2014-0160
Cn 1he Wlre
1hls ls an unencrypLed hearLbleed auack Lransmlued on Lhe wlre.
1he response ls reLurned ln unencrypLed packeLs.

2014 MuSec Consulung LLd. All rlghLs reserved.
LxplolLauon noLes on CvL-2014-0160
Auack SSL, LncrypL wlLh SSL!
l wroLe a sLand-alone explolL ln C uslng CpenSSL llbrary Lo LransmlL Lhe
PearLbeaL requesL ln encrypLed packeL.
1hls was lnLenuonally Lo bypass lS/luS slgnaLures - lL worked!
Lncrypung auacks on CpenSSL wlLh CpenSSL makes lL dlmculL Lo deLecL..
luS/lS vendors began Lo develop alLernauve deLecuon slgnaLures.

2014 MuSec Consulung LLd. All rlghLs reserved.
LxplolLauon noLes on CvL-2014-0160
Cn 1he Wlre

1hls ls an encrypLed hearLbleed auack Lransmlued on Lhe wlre.
1he response ls reLurned ln encrypLed packeLs.

2014 MuSec Consulung LLd. All rlghLs reserved.
LxplolLauon noLes on CvL-2014-0160
LxplolL lalls & Lessons
l conunued Lo push updaLes durlng Lhe explolL
developmenL process.
l learnL noL Lo commlL code changes laLe aL
nlghL wlLhouL revlew and Lesung. no, l am
noL *1PA1* CpenSSL developer!

lnLerneL ls awesome, people began Lo submlL
complle lnsLrucuons for dlerenL Llnux
plauorms. 8ullds on mosL Llnux/CS-x.
Ayman Sagy added needed u1LS supporL.
8e-use Lhe code! aLches are welcome!

2014 MuSec Consulung LLd. All rlghLs reserved.
LxplolLauon noLes on CvL-2014-0160
8SA rlvaLe key 8ecovery
Cloudare announce secreL key challenge for hearLbleed.
rovlde nglnx-1.3.13 web server llnked agalnsL CpenSSL 1.0.1.f on ubunLu
13.10 x86_64.
ledor lnduLny solved Lhe challenge rsL, oLhers qulckly followed.

lnclude/openssl/rsa.h:sLrucL rsa_sL" holds 8SA varlables (p & q) ln memory.
8SA n := pq. We can use n Lo calculaLe lf prlme ln memory ls valld.
Search for key slze prlmes ln memory leak and use Lo deLermlne remalnlng
prlme from modulo n (q n == 0) - wlLh p & q we generaLe 8SA prlvaLe key.

2014 MuSec Consulung LLd. All rlghLs reserved.
LxplolLauon noLes on CvL-2014-0160
8SA rlvaLe key 8ecovery
CbLaln cerucaLe openssl s_cllenL -connecL 192.168.11.23:443 < hup-
geL.LxL | grep 8LCln -A n > ouL.pem"
lmproved keyscan.py" by Llnar Cuo SLangvlk Lo produce valld 8SA prlvaLe
keys lnsLead of counung prlmes.
8un keyscan.py" on a memory dump Lo LesL posslble values agalnsL Lhe
cerucaLe modulus n Lo ldenufy lf modulo ls 0. 1he value and lLs dlvlslon
resulL by n are checked and lf prlmes we have p & q.

We Lhen generaLe Lhe 8SA prlvaLe key from Lhe prlme values.

MeLasplolL module also supporLs dumplng prlvaLe keys.

2014 MuSec Consulung LLd. All rlghLs reserved.
LxplolLauon noLes on CvL-2014-0160
PearLbleed.c
LxplolL works agalnsL vulnerable CpenSSL servers and cllenLs.
Leaks upLo 63333 byLes of heap daLa and 16 byLes of random paddlng.
Can re-use connecuon.
S1A811LS supporL.
Muluple SSL proLocols.
Muluple clphers.
Saves leak Lo le.


2014 MuSec Consulung LLd. All rlghLs reserved.
LxplolLauon noLes on CvL-2014-0160
uemo


uemo.

2014 MuSec Consulung LLd. All rlghLs reserved.
LxplolLauon noLes on CvL-2014-0160
Concluslons
CvL-2014-0160 wlll exlsL ln appllances & lnfrasLrucLure for some ume.
AecLed servers and devlces should be consldered compromlsed.
?our luS/lS cannoL always save you.
Lnable erfecL lorward Secrecy.
Lnable 1wo-lacLor AuLhenucauon (e.g. x.309).

L-mall: mauhew[mdsec.co.uk
1wluer: [PackerlanLasuc
hups://glLhub.com/hackerfanLasuc/publlc

You might also like