December 17, 2017, 09:33:14 AM
Welcome, Guest. Please login or register.

Support THS!! Buy a t-shirt at the top-hat-sec store! http://www.top-hat-sec.com/store/p23/T-Shirts.html

Author Topic: CloudBleed Checker  (Read 974 times)

Offline Amonsec

  • Top Hat Member
  • Prospect
  • ********
  • Posts: 49
  • Internets: +36/-0
  • 1336 working to become 1337
CloudBleed Checker
« on: March 15, 2017, 03:59:03 AM »
Hi everybody.
A little bit latter, sadly, today we gonna see how we can find if we need to change our password after the Cloud Bleed bug scandal.

For more information:
https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
Or less technically here:
https://thehackernews.com/2017/02/cloudflare-vulnerability.html

  • Export to CSV
First we need to create a CSV file with our passwords, and I hope people here didn't use same password for all services/web-sites/applications.

For Firefox passwords export :
https://addons.mozilla.org/fr/firefox/addon/password-exporter/

For Google Chrome and Opera passwords export :
http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

For Keepass / KeepassX passwords export :
http://keepass.info/help/base/importexport.html

For other type of password export it's easy to find a tutorial on Google. :)
  • Run the script
Here we going to use an Python (2.7) script from github:
https://github.com/aarondunlop/CloudBleed.git

Requirements:
  • OSX, or Linux environments;
  • Python 2.7 or later;
  • Existing /tmp/password.csv from the above steps;
  • check.py from this project existing in /tmp/check.py.
Now we can run the script and see if we are r3kt:
Code: [Select]
root@ths-amonsec:/opt# git clone https://github.com/aarondunlop/CloudBleed.git
root@ths-amonsec:/opt# cp CloudBleed/check.py /tmp/ && cd /tmp/
root@ths-amonsec:/tmp# chmod +x check.py
root@ths-amonsec:/tmp# ./check.py
...


Fortunately all my passwords are safe , but it's not the case of everybody.
It's very important to check this things, to not being pwn later.

Hope this little post help few people.
I gonna try to be more quicker next time for event like that.

_amonsec.

« Last Edit: March 15, 2017, 05:03:31 AM by _amonsec »
"A computer is only as good as it's user" - R4V3N
OSCP (2017)

Offline doctane

  • Top Hat Member
  • Experienced
  • ********
  • Posts: 154
  • Internets: +14/-0
  • Never should of trusted hollywood!
    • Public key
Re: CloudBleed Checker
« Reply #1 on: June 22, 2017, 04:57:32 PM »
Good write up will deff check mine out!!
 :o
---
Don't blink, don't move. You feel that, as your worries fade away? You hear that? That's the Sound of Madness, calling for you!