πŸ’” Heartbleed vulnerability exploit written in Rust

Related tags

Security tools heartbleed
Overview

Heartbleed πŸ’”

Heartbleed vulnerability exploit written in Rust

What is it

Heartbleed is a buffer over-read vulnerability in outdated versions of OpenSSL, caused by a missing bound check in the heartbeat extension. It can be exploited by crafting a malicious heartbeat packet, with a specified payload lenght bigger than the actual lenght of the payload, resulting in a buffer over-read, exposing potentially sensitive data in memory.

This repo is an exploit written in Rust for this vulnerability.

How to run

Build a vulnerable version of OpenSSL

wget https://www.openssl.org/source/openssl-1.0.1b.tar.gz
tar -xvf openssl-1.0.1b.tar.gz
cd openssl-1.0.1b
./config
make

Generate a new certificate

openssl req -x509 -nodes -days 365 -newkey rsa -keyout cert.pem -out cert.pem

Run a vulnerable server

<path to vulnerable OpenSSL>/apps/openssl s_server -cert cert.pem

Run the exploit

git clone https://github.com/mrgian/heartbleed.git
cd heartbleed
cargo run -- 127.0.0.1:4433

The content of memory should be dumped to data.txt

You might also like...
Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs

Alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients*, perfect for self-hosted deploy

Daniel GarcΓ­a 21.5k Jan 8, 2023
An impish, cross-platform binary parsing crate, written in Rust
An impish, cross-platform binary parsing crate, written in Rust

libgoblin Documentation https://docs.rs/goblin/ changelog Usage Goblin requires rustc 1.40.0. Add to your Cargo.toml [dependencies] goblin = "0.4" Fea

null 891 Dec 29, 2022
rd is a record/replay debugger written in rust

rd The Record & Debug Tool The Record & Debug Tool (rd) is a Rust language port of the rr-debugger/rr debugger. With rd you can record Linux program e

Sidharth Kshatriya 947 Dec 8, 2022
Symbolic execution of LLVM IR with an engine written in Rust

haybale: Symbolic execution of LLVM IR, written in Rust haybale is a general-purpose symbolic execution engine written in Rust. It operates on LLVM IR

UCSD PLSysSec 404 Jan 1, 2023
Simple prepender virus written in Rust
Simple prepender virus written in Rust

Linux.Fe2O3 This is a POC ELF prepender written in Rust. I like writting prependers on languages that I'm learning and find interesting. As for the na

Guilherme Thomazi Bonicontro 91 Dec 9, 2022
(Toy) Compiler Infrastructure influenced by LLVM written in Rust

Sericum Compiler Infrastructure influenced by LLVM written in Rust Do not expect too much stuff! To Do Implement basic block parameters Make it possib

uint256_t 384 Dec 19, 2022
Linux LPE using polkit-1 written in Rust.

CVE-2021-4024-Rust Linux LPE using polkit-1 written in Rust. Build instructions Install rust if you haven't already git clone https://github.com/deoxy

Kevin Pham 1 Feb 3, 2022
A simple allocator written in Rust that manages memory in fixed-size chunks.

Simple Chunk Allocator A simple no_std allocator written in Rust that manages memory in fixed-size chunks/blocks. Useful for basic no_std binaries whe

Philipp Schuster 7 Aug 8, 2022
subscout is a simple, nimble subdomain enumeration tool written in Rust language

subscout is a simple, nimble subdomain enumeration tool written in Rust language. It is designed to help bug bounty hunters, security professionals and penetration testers discover subdomains of a given target domain.

Dom Sec 5 Apr 5, 2023
Owner
Gianmatteo Palmieri
Gianmatteo Palmieri
GitHub
An exploit for CVE-2012-2982 implemented in Rust

This PoC exploit for CVE-2012-2982 was written as an exercise for the "Intro to PoC scripting" Room on TryHackMe. The room can be found here: https://

Zach (Tas) 2 Dec 18, 2022
Http request smuggling vulnerability scanner

Request smuggler Http request smuggling vulnerability scanner Based on the amazing research by James Kettle. The tool can help to find servers that ma

null 204 Dec 18, 2022
Automated attack surface mapper and vulnerability scanner

Phaser Automated attack surface mapper and vulnerability scanner What is this? Phaser is a high-performance and automated attack surface mapper and vu

Sylvain Kerkour 74 Dec 16, 2022
An esoteric language/compiler written with Rust and Rust LLVM bindings

MeidoLang (パむドラング) A not so useful and esoteric language. The goal of this project was to contain some quirky or novel syntax in a stack-style program

null 0 Dec 24, 2021
A simple password manager written in Rust

ripasso A simple password manager written in Rust. The root crate ripasso is a library for accessing and decrypting passwords stored in pass format (G

Joakim Lundborg 548 Dec 26, 2022
A fast, simple, recursive content discovery tool written in Rust.

A simple, fast, recursive content discovery tool written in Rust ?? Releases ✨ Example Usage ✨ Contributing ✨ Documentation ?? ?? What the heck is a f

epi 3.6k Dec 30, 2022
link is a command and control framework written in rust

link link is a command and control framework written in rust. Currently in alpha. Table of Contents Introduction Features Feedback Build Process Ackno

null 427 Dec 24, 2022
simple multi-threaded port scanner written in rust

knockson simple multi-threaded port scanner written in rust Install Using AUR https://aur.archlinux.org/packages/knockson-bin/ yay -Syu knockson-bin M

Josh MΓΌnte 4 Oct 5, 2022
Multi-threaded Padding Oracle attacks against any service. Written in Rust.

rustpad is a multi-threaded successor to the classic padbuster, written in Rust. It abuses a Padding Oracle vulnerability to decrypt any cypher text or encrypt arbitrary plain text without knowing the encryption key!

Kibouo 76 Dec 16, 2022
OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.

OpenSK This repository contains a Rust implementation of a FIDO2 authenticator. We developed OpenSK as a Tock OS application. We intend to bring a ful

Google 2.4k Jan 7, 2023