CVE-2014-0160

Heartbleed 复现

实验环境

环境仅供参考

CentOS Linux release 7.7.1908
VMware® Workstation 15 Pro - 15.0.0 build-10134415

安装 openssl 1.0.1c

下载源码包

wget http://www.openssl.org/source/openssl-1.0.1c.tar.gz

解压缩源码包

tar -zxvf openssl-1.0.1c.tar.gz
cd openssl-1.0.1c

安装依赖包

yum install -y gcc
yum install -y make

安装 openssl-1.0.1c

./config
make

# 编译安装时报错:" POD document had syntax errors "，主要是因为 openssl-1.0.1c 版本和 perl 的版本不兼容.
# 解决方案:删除 pod2man 文件( rm -rf /usr/bin/pod2man)
make install

配置环境变量(在文件末尾添加如下内容)

vim /etc/profile
# add openssl short path
export OPENSSL=/usr/local/ssl/bin
export PATH=$OPENSSL:$PATH:$HOME/bin
source /etc/profile

验证配置

openssl

OpenSSL> version
OpenSSL 1.0.1c 10 May 2012

创建安装目录

cd /usr/local/
mkdir httpd
cd httpd

mkdir {apache,apr,apr-util}

安装依赖包 libtools-ltdl-devel、expat-devel

在网站 http://www.rpmfind.net/linux/rpm2html/search.php?query=libtool-ltdl-devel，
下载 libtool-ltdl-devel-2.4.2-22.el7_3.x86_64.rpm

wget https://www.rpmfind.net/linux/centos/7.6.1810/os/x86_64/Packages/libtool-ltdl-devel-2.4.2-22.el7_3.x86_64.rpm

yum -y install expat-devel
rpm -ivh libtool-ltdl-devel-2.4.2-22.el7_3.x86_64.rpm

安装 apr、apr-until

wget http://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-1.6.5.tar.gz
wget http://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-util-1.6.1.tar.gz

cd /usr/local/
tar -xvf apr-1.6.5.tar.gz
cd apr-1.6.5
./configure --prefix=/usr/local/httpd/apr
make
make install
cd /usr/local/

tar -xvf apr-util-1.6.1.tar.gz
cd apr-util-1.6.1
./configure --prefix=/usr/local/httpd/apr-util/ --with-apr=/usr/local/httpd/apr
make && make instal

安装 httpd 2.2.34(记得配置防火墙:开启 80 和 443 端口)

cd
wget http://archive.apache.org/dist/httpd/httpd-2.2.34.tar.gz
tar -zvxf httpd-2.2.34.tar.gz
cd httpd-2.2.34
export LDFLAGS=-ldl
./configure --prefix=/usr/local/httpd/apache --enable-so --enable-rewrite --enable-ssl --with-ssl=/usr/local/ssl --with-apr=/usr/local/httpd/apr --with-apr-util=/usr/local/httpd/apr-util
make && make install

firewall-cmd --zone=public --add-service=http --permanent
firewall-cmd --zone=public --add-service=https --permanent
firewall-cmd --reload

修改配置(修改 98 行和 417 行的内容)

cd /usr/local/httpd/apache/conf/
vim httpd.conf
ServerName localhost:80
Include conf/extra/httpd-ssl.conf

添加认证秘钥

cd /usr/local/httpd/apache/conf/
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

运行服务

cd
cd httpd-2.2.34
./httpd

漏洞利用

下载 payload:https://www.exploit-db.com/exploits/32745

执行命令:python Heartbleed.py xxx.xxx.xxx.xxx

仅供学习，在自己的局域网环境中复现实验，切勿用于商业用途，后果自负。