As per the rest of the internet, our collective jaws fell through the floor when Heartbleed was disclosed.
First and foremost- our IRC server was not vulnerable. At present, the only live IRC node is magikarp, owned and run my carbon, and running gnutls. OpenSSL based *clients* on the other hand, could plausibly have been compromised.
With that said, the first order of business once patching was in order was to develop a working exploit. Given that the internet has had a few days to patch, and that numerous other exploits are now public anyway, I’m releasing mine.
Given the time sensitive nature of the situation (We needed a working PoC to quickly enumerate internal services at $dayjob), I took the quick and dirty approach, rather than developing from scratch I produced a patched libssl that when linked against turns any SSL client into a working heartbleed vector.
You can find it at https://github.com/richo/openssl. For obvious reasons I would recommend building without shared object support, and not installing this anywhere.
