Skip to content

This is a tool for exploiting Ticketbleed (CVE-2016-9244) vulnerability.

License

Notifications You must be signed in to change notification settings

EgeBalci/Ticketbleed

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Ticketbleed License CVE

This tool is for exploiting Ticketbleed (CVE-2016-9244) vulnerability, the Ticketbleed library inside src folder is a modified version of go's crypto/tls, it has few changes inside handshake_client.go, tls.go, common.go files but it is almost same.

BUILD

	cd Ticketbleed
    mv Ticketbleed.go.tmp Ticketbleed.go
	go get github.com/EgeBalci/Ticketbleed
	go build Ticketbleed.go

USAGE

	    ./Ticketbleed <ip:port> <options> 
	OPTIONS:
	    -o, --out   Output filename for raw memory
	    -s, --size  Size in bytes to read (Output value may vary)
	    -h, --help  Print this message

About CVE-2016-9244

Ticketbleed (CVE-2016-9244) is a software vulnerability in the TLS stack of certain F5 products that allows a remote attacker to extract up to 31 bytes of uninitialized memory at a time, which can contain any kind of random sensitive information, like in Heartbleed.

Founder: Filippo Valsorda

Finding Ticketbleed: https://blog.filippo.io/finding-ticketbleed/

VULNERABLE VERSIONS:

Product Version
BIG-IP LTM 12.0.0 - 12.1.2 & 11.4.0 - 11.6.1
BIG-IP AAM 12.0.0 - 12.1.2 & 11.4.0 - 11.6.1
BIG-IP AFM 12.0.0 - 12.1.2 & 11.4.0 - 11.6.1
BIG-IP Analytics 12.0.0 - 12.1.2 & 11.4.0 - 11.6.1
BIG-IP APM 12.0.0 - 12.1.2 & 11.4.0 - 11.6.1
BIG-IP ASM 12.0.0 - 12.1.2 & 11.4.0 - 11.6.1
BIG-IP GTM 11.4.0 - 11.6.1
BIG-IP Link Controller 12.0.0 - 12.1.2
BIG-IP PEM 12.0.0 - 12.1.2 & 11.4.0 - 11.6.1
BIG-IP PSM 11.4.0 - 11.4.1

About

This is a tool for exploiting Ticketbleed (CVE-2016-9244) vulnerability.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages