Metasploit modules that can be used to exploit Mitel products
-
OpenSSL Heartbeat (Heartbleed) Information Leak
Disclosure Date: 2014-04-07First seen: 2020-04-26auxiliary/scanner/ssl/openssl_heartbleedThis module implements the OpenSSL Heartbleed attack. The problem exists in the handling of heartbeat requests, where a fake length can be used to leak memory data in the response. Services that support STARTTLS may also be vulnerable. The module supports several actions, allowing for scanning, dumping of memory contents to loot, and private key recovery. The LEAK_COUNT option can be used to specify leaks per SCAN or DUMP. The repeat command can be used to make running the SCAN or DUMP many times more powerful. As in: repeat -t 60 run; sleep 2 To run every two seconds for one minute. Authors: - Neel Mehta - Riku - Antti - Matti - Jared Stafford <jspenguin@jspenguin.org> - FiloSottile - Christian Mehlmauer <FireFart@gmail.com> - wvu <wvu@metasploit.com> - juan vazquez <juan.vazquez@metasploit.com> - Sebastiano Di Paola - Tom Sellers - jjarmoc - Ben Buchanan - herself -
OpenSSL Heartbeat (Heartbleed) Client Memory Exposure
Disclosure Date: 2014-04-07First seen: 2020-04-26auxiliary/server/openssl_heartbeat_client_memoryThis module provides a fake SSL service that is intended to leak memory from client systems as they connect. This module is hardcoded for using the AES-128-CBC-SHA1 cipher. Authors: - Neel Mehta - Riku - Antti - Matti - hdm <x@hdm.io>
2 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details