SQLi Injection ေလ့လာသူမ်ားအတြက္ စာအုပ္ေလးတစ္အုပ္ပါပဲ။ ဖုိင္ဆုိဒ္ကလည္း ေသးေသးေလးသာရွိပါတယ္။ Table of Contact ကုိၾကည့္ျပီး လုိခ်င္တယ္ဆုိရင္ ဆြဲလုိက္ေပါ့ဗ်ာ။
Read more »
4/15/2014
Heartbleed Tools (OpenSSL CVE-2014-0160)
- A checker (site and tool) for CVE-2014-0160: https://github.com/FiloSottile/Heartbleed
- ssltest.py: Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford http://pastebin.com/WmxzjkXJ
- SSL Server Test https://www.ssllabs.com/ssltest/index.html
- Metasploit Module: https://github.com/rapid7/metasploit-framework/pull/3206/files
- Nmap NSE script: Detects whether a server is vulnerable to the OpenSSL Heartbleed: https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse
- Nmap NSE script: Quick'n'Dirty OpenVAS nasl wrapper for ssl_heartbleed based on ssl_cert_expiry.nas https://gist.github.com/RealRancor/10140249
- Heartbleeder: Tests your servers for OpenSSL: https://github.com/titanous/heartbleeder?files=1
- Heartbleed Attack POC and Mass Scanner: https://bitbucket.org/fb1h2s/cve-2014-0160
- Heartbleed Honeypot Script: http://packetstormsecurity.com/files/126068/hb_honeypot.pl.txt
Labels:
Exploit,
Hacking Tools
Open SSL - Zero Day Bug [Heartblood]
Open SSL Web Server အသုံးျပဳသူေတြအေနနဲ႔ version 1.0.1 ကေန 1.0.1f ကုိသုံးေနတာဆုိရင္ ခ်က္ခ်င္း 1.0.1g ကုိေျပာင္းလဲဖုိ႔ လုိအပ္တယ္လုိ႔ဆုိပါတယ္။ Heartblood bug ကုိ Google Engineer တစ္ေယာက္ျဖစ္တဲ့ codenomicon.com မွေတြ႕ရွိတာပါ။ ပုံမွန္အားျဖင့္ Website ေတြဟာ SSL (Secure Sockets Layer) ဒါမွမဟုတ္ TLS (Transport Security Layer) ကုိအသုံးျပဳရင္ လုံျခဳံမွဳရွိပါတယ္။ Open SSL ဆုိတာကလည္း အဲဒီလုိ SSL protocol ကုိ support လုပ္တဲ့တစ္ခုပါပဲ။ သူကေတာ့ Open-source ေပါ့။ ဒီ bug ေၾကာင့္ ဟက္ကာေတြဟာ User ေတြရဲ႕ data ေတြကုိခုိးယူႏုိင္မွာျဖစ္ပါတယ္။
Security researcher တစ္ေယာက္ျဖစ္တဲ့ Robert Graham ရဲ႕ေတြ႕ရွိခ်က္အရ website ေပါင္း 600,000 ေက်ာ္ဟာ vulnerable ျဖစ္တဲ့စာရင္းထဲမွာပါဝင္ပါသတဲ့။ ဒီထဲမွာ Yahoo Mail, Lastpass နဲ႔ FBI ေတြေတာင္ပါဝင္ပါတယ္။ Heartblood ေၾကာင့္ users 800 million ရွိတဲ့ Yahoo ဟာ data exposed ခံရပါတယ္။
ကုိယ္အသုံးျပဳတဲ့ we server ဟာ Vulnerable ျဖစ္/မျဖစ္ဆုိတာ filippo.io/Heartbleed မွာစစ္ေဆးၾကည့္ႏုိင္ပါတယ္။ ဒီ vulnerable flaw မွာ affected မျဖစ္တဲ့ Open SSL version ေတြကေတာ့ ဗားရွင္းအနိမ့္ေတြျဖစ္တဲ့ 1.0.0, 0.9.8 တုိ႔ျဖစ္ပါတယ္။
Video Explain
Ref: http://thehackernews.com/2014/04/heartbleed-openssl-zero-day-bug-leaves.html
http://heartbleed.com/
Read more »
Security researcher တစ္ေယာက္ျဖစ္တဲ့ Robert Graham ရဲ႕ေတြ႕ရွိခ်က္အရ website ေပါင္း 600,000 ေက်ာ္ဟာ vulnerable ျဖစ္တဲ့စာရင္းထဲမွာပါဝင္ပါသတဲ့။ ဒီထဲမွာ Yahoo Mail, Lastpass နဲ႔ FBI ေတြေတာင္ပါဝင္ပါတယ္။ Heartblood ေၾကာင့္ users 800 million ရွိတဲ့ Yahoo ဟာ data exposed ခံရပါတယ္။
ကုိယ္အသုံးျပဳတဲ့ we server ဟာ Vulnerable ျဖစ္/မျဖစ္ဆုိတာ filippo.io/Heartbleed မွာစစ္ေဆးၾကည့္ႏုိင္ပါတယ္။ ဒီ vulnerable flaw မွာ affected မျဖစ္တဲ့ Open SSL version ေတြကေတာ့ ဗားရွင္းအနိမ့္ေတြျဖစ္တဲ့ 1.0.0, 0.9.8 တုိ႔ျဖစ္ပါတယ္။
Video Explain
Ref: http://thehackernews.com/2014/04/heartbleed-openssl-zero-day-bug-leaves.html
http://heartbleed.com/
Subscribe to:
Posts (Atom)