Spectre Vulnerability Proof of Concept

Spectre Vulnerability Proof of Concept

You must have heard the tech industry has been blowing up about Spectre and Meltdown for the past week. Here is a POC for Spectre that you can run in your Server/PC to check if you are vulnerable.

-Open up your Linux terminal and run the following:

mkdir exploit
cd exploit
git clone https://github.com/crozone/SpectrePoC.git
cd SpectrePoC

[Note: You would need packages gcc, make, build-essential to test the exploit. You could use “sudo apt-get install gcc make git build-essential -y” to install the packages.]

spectre exploit git POC git

[Optional: Review the spectre.c file and optionally modify the character string.

Spectre POC code - change string

[Optional: You can change the string between the double quotes. I have changed to the one below for this test]
Spectre POC modified string example

-Finally, compile and run the exploit:

gcc -o spectre spectre.c
./spectre

If you see the output which contains the characters that was stored in the *secret variable, then you are vulnerable to this exploit.Below is a sample output which indicates that the system is vulnerable to the Spectre vulnerability.

Code + Output Screenshot[Please click on the below image and open in a new tab/enarlge for better viewing]: Here, you can see the data (top to bottom in the red box) was read from a address space which the program was actually not allowed to read from.

Spectre POC exploit result and output

Output:

Spectre exploit POC output

Details of test system:

Kernel Version: 4.10.0-38-generic
Distro: Linux Mint 18.3 Sylvia – 64 bit
CPU Details:
Model: i7-4610M
cache size: 4096 KB
fpu: yes
fpu_execution: yes
clflush_size: 64
cache_alignment: 64
address sizes: 39 bits physical, 48 bits virtual

All credits go to the researchers who discovered and reported this issue => Jan Horn and Paul Kocher (along with Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg,Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz and Yuval Yarom).

A white paper on the exploit can be downloaded by clicking here.

If you liked this article, click on the ‘Like” button and Subscribe to my blog to get future updates. Cheers!

Sources, Credits & References:

Erik August
crozone github
Google Project Zero
SpectreAttack

How to setup Cloudflare CDN with Bigrock (manually) + Screenshots

This is a guide on how to setup Cloudflare CDN with BigRock (similar for Bluehost,Godaddy, Dreamhost, Hostgator) for your website or blog . You can follow the steps below:

Step 1. Create an account with Cloudflare:

Go to https://www.cloudflare.com and click on the “Signup” button.

 

cloudlare signup

Fill in your details, tick on “Agree” and then click on “Create Account“.

cloudflare create account

Step 2. Add your website

Now, in the text box below, type your website address and then click on “Scan DNS Records“as shown below.

cloudflare add site and scan dns

It will take a few moments for the scanning to complete.

 

cloudflare scanning dns records

Once, the scanning is complete, click on “Continue“.

 

cloudflare dns scanning complete

Now, click on “Continue” in the bottom corner:

cloudflare click continue

 

 

Step 3. Select Cloudflare Plan

Now, select the “Free Website” package as shown below and click on “Continue“.

 

select cloudflare free plan

Step 4. Get new name servers

Now, you will see the Cloudflare name servers as shown below. [This may vary for your website]

cloudflare name servers

As you see, for my website it is requesting to change the name server from

dns1.bigrock.in to linda.ns.cloudflare.com
dns2.bigrock.in to rob.ns.cloudflare.com

Also, also to remove the following nameservers:

dns3.bigrock.in 
dns4.bigrock.in 

[Note: The nameservers that you may see in your screen may be different.]

Step 4: Change your name servers to Cloudflare

Now, open up a new tab and login to your domain host panel (i.e. from where you bought your domain name from eg BigRock, Goddady, Hostgator, Bluehost etc). I have my domain from BigRock so I will be loggin in to my Bigrock account.

domain hosting bigrock login

Now, click on the domain you need to change the name servers to.

 

bigrock select domain

Now, click on “Name Servers” 

 

bigrock manage name servers

 

 

And you will see your default nameservers as shown below:

default bigrock name servers

Now, change your nameserver to the ones provided by cloudflare. In my case, after changing the nameserver, it will look like this:

 

cloudflare nameservers update

Now, click on “Update Name Servers“.

domain bigrock nameserver change success

Step 5: Verify in Cloudflare

Now, go back to your cloudflare tab and click on “Continue“.

cloudflare dns nameserver

It should show you show you a green banner with the status: “Active” as shown below.

 

cloudflare cdn active status[NOTE: If you the status does not show as “Active” then you can click on “Recheck Status” and it then should show that its “Active”]

[IMPORTANT: It would take about 24-48 hours for the DNS to get updated.]

And Voila! You have successfully configured Cloudflare CDN for your blog/website and should load faster.

Do check the  performance of your website after 24-48 hours and let me know in the comments sections below if there was any speed improvement.

If this article helped you, then support us by liking us  us on FacebookTwitterGoogle+ and  Tumbler. 🙂

Regards,
ΞXΤЯ3МΞ