# CVE-2014-0160 Heartbleed 复现 --- ## 免责声明 `本文档仅供学习和研究使用,请勿使用文中的技术源码用于非法用途,任何人造成的任何负面影响,与本人无关.` --- **实验环境** `环境仅供参考` - CentOS Linux release 7.7.1908 - VMware® Workstation 15 Pro - 15.0.0 build-10134415 --- ## 安装 openssl 1.0.1c 下载源码包 ```bash wget http://www.openssl.org/source/openssl-1.0.1c.tar.gz ``` 解压缩源码包 ```bash tar -zxvf openssl-1.0.1c.tar.gz cd openssl-1.0.1c ``` 安装依赖包 ```bash yum install -y gcc yum install -y make ``` 安装 openssl-1.0.1c ```bash ./config make # 编译安装时报错:" POD document had syntax errors ",主要是因为 openssl-1.0.1c 版本和 perl 的版本不兼容. # 解决方案:删除 pod2man 文件( rm -rf /usr/bin/pod2man) make install ``` 配置环境变量(在文件末尾添加如下内容) ```bash vim /etc/profile # add openssl short path export OPENSSL=/usr/local/ssl/bin export PATH=$OPENSSL:$PATH:$HOME/bin source /etc/profile ``` 验证配置 ```bash openssl OpenSSL> version OpenSSL 1.0.1c 10 May 2012 ``` --- ## 创建安装目录 ```bash cd /usr/local/ mkdir httpd cd httpd mkdir {apache,apr,apr-util} ``` --- ## 安装依赖包 libtools-ltdl-devel、expat-devel 在网站 http://www.rpmfind.net/linux/rpm2html/search.php?query=libtool-ltdl-devel, 下载 libtool-ltdl-devel-2.4.2-22.el7_3.x86_64.rpm ```bash wget https://www.rpmfind.net/linux/centos/7.6.1810/os/x86_64/Packages/libtool-ltdl-devel-2.4.2-22.el7_3.x86_64.rpm yum -y install expat-devel rpm -ivh libtool-ltdl-devel-2.4.2-22.el7_3.x86_64.rpm ``` --- ## 安装 apr、apr-until ```bash wget http://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-1.6.5.tar.gz wget http://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-util-1.6.1.tar.gz cd /usr/local/ tar -xvf apr-1.6.5.tar.gz cd apr-1.6.5 ./configure --prefix=/usr/local/httpd/apr make make install cd /usr/local/ tar -xvf apr-util-1.6.1.tar.gz cd apr-util-1.6.1 ./configure --prefix=/usr/local/httpd/apr-util/ --with-apr=/usr/local/httpd/apr make && make instal ``` --- ## 安装 httpd 2.2.34(记得配置防火墙:开启 80 和 443 端口) ```bash cd wget http://archive.apache.org/dist/httpd/httpd-2.2.34.tar.gz tar -zvxf httpd-2.2.34.tar.gz cd httpd-2.2.34 export LDFLAGS=-ldl ./configure --prefix=/usr/local/httpd/apache --enable-so --enable-rewrite --enable-ssl --with-ssl=/usr/local/ssl --with-apr=/usr/local/httpd/apr --with-apr-util=/usr/local/httpd/apr-util make && make install firewall-cmd --zone=public --add-service=http --permanent firewall-cmd --zone=public --add-service=https --permanent firewall-cmd --reload ``` 修改配置(修改 98 行和 417 行的内容) ```bash cd /usr/local/httpd/apache/conf/ vim httpd.conf ServerName localhost:80 Include conf/extra/httpd-ssl.conf ``` 添加认证秘钥 ```bash cd /usr/local/httpd/apache/conf/ openssl genrsa -out server.key 2048 openssl req -new -key server.key -out server.csr openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt ``` 运行服务 ``` cd cd httpd-2.2.34 ./httpd ``` --- ## 漏洞利用 下载 payload:https://www.exploit-db.com/exploits/32745 执行命令:`python Heartbleed.py xxx.xxx.xxx.xxx`