Suche senden
Hochladen
44cafe heart bleed
•
Als PPTX, PDF herunterladen
•
0 gefällt mir
•
11,476 views
I
iphonepentest
Folgen
Technologie
Bildung
Melden
Teilen
Melden
Teilen
1 von 16
Jetzt herunterladen
Empfohlen
Evaluating iOS Applications
Evaluating iOS Applications
iphonepentest
iOS application (in)security
iOS application (in)security
iphonepentest
Easy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 f
Cyber Security Alliance
iOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce it
Cyber Security Alliance
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
DefconRussia
Yow connected developing secure i os applications
Yow connected developing secure i os applications
mgianarakis
CCNP Security-IPS
CCNP Security-IPS
mohannadalhanahnah
Web Intrusion Detection
Web Intrusion Detection
Abhishek Singh
Empfohlen
Evaluating iOS Applications
Evaluating iOS Applications
iphonepentest
iOS application (in)security
iOS application (in)security
iphonepentest
Easy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 f
Cyber Security Alliance
iOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce it
Cyber Security Alliance
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
DefconRussia
Yow connected developing secure i os applications
Yow connected developing secure i os applications
mgianarakis
CCNP Security-IPS
CCNP Security-IPS
mohannadalhanahnah
Web Intrusion Detection
Web Intrusion Detection
Abhishek Singh
ios device protection review
ios device protection review
nlog2n
Beginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd session
veerababu penugonda(Mr-IoT)
Web Application Frewall
Web Application Frewall
Abhishek Singh
Hacking IoT with EXPLIoT Framework
Hacking IoT with EXPLIoT Framework
Priyanka Aash
CCNP Security-Firewall
CCNP Security-Firewall
mohannadalhanahnah
[OPD 2019] Top 10 Security Facts of 2020
[OPD 2019] Top 10 Security Facts of 2020
OWASP
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh Ojha
Yogesh Ojha
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Ajin Abraham
[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera Software
OWASP
Orbleaf: Integrated Smart Card Development Platform
Orbleaf: Integrated Smart Card Development Platform
Tech in Asia ID
Too soft[ware defined] networks SD-Wan vulnerability assessment
Too soft[ware defined] networks SD-Wan vulnerability assessment
Sergey Gordeychik
Security in the Age of Open Source
Security in the Age of Open Source
Black Duck by Synopsys
Writing ICS Vulnerability Analysis
Writing ICS Vulnerability Analysis
Digital Bond
[OPD 2019] Governance as a missing part of IT security architecture
[OPD 2019] Governance as a missing part of IT security architecture
OWASP
Eclipse Plugin for ESP-IDF - EclipseCon Europe 2019
Eclipse Plugin for ESP-IDF - EclipseCon Europe 2019
Kondal Kolipaka
Safe and Secure Applications: Deploying in a Cloud or Multi-Cloud Environment
Safe and Secure Applications: Deploying in a Cloud or Multi-Cloud Environment
DevOps.com
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developer
Steve Poole
Apache web-server-security
Apache web-server-security
Andrew Carr
How to Contribute to Ansible
How to Contribute to Ansible
Cisco DevNet
WAFEC
WAFEC
Conferencias FIST
[CLASS 2014] Palestra Técnica - Jonathan Knudsen
[CLASS 2014] Palestra Técnica - Jonathan Knudsen
TI Safe
LibreSSL, one year later
LibreSSL, one year later
Giovanni Bechis
Weitere ähnliche Inhalte
Was ist angesagt?
ios device protection review
ios device protection review
nlog2n
Beginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd session
veerababu penugonda(Mr-IoT)
Web Application Frewall
Web Application Frewall
Abhishek Singh
Hacking IoT with EXPLIoT Framework
Hacking IoT with EXPLIoT Framework
Priyanka Aash
CCNP Security-Firewall
CCNP Security-Firewall
mohannadalhanahnah
[OPD 2019] Top 10 Security Facts of 2020
[OPD 2019] Top 10 Security Facts of 2020
OWASP
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh Ojha
Yogesh Ojha
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Ajin Abraham
[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera Software
OWASP
Orbleaf: Integrated Smart Card Development Platform
Orbleaf: Integrated Smart Card Development Platform
Tech in Asia ID
Too soft[ware defined] networks SD-Wan vulnerability assessment
Too soft[ware defined] networks SD-Wan vulnerability assessment
Sergey Gordeychik
Security in the Age of Open Source
Security in the Age of Open Source
Black Duck by Synopsys
Writing ICS Vulnerability Analysis
Writing ICS Vulnerability Analysis
Digital Bond
[OPD 2019] Governance as a missing part of IT security architecture
[OPD 2019] Governance as a missing part of IT security architecture
OWASP
Eclipse Plugin for ESP-IDF - EclipseCon Europe 2019
Eclipse Plugin for ESP-IDF - EclipseCon Europe 2019
Kondal Kolipaka
Safe and Secure Applications: Deploying in a Cloud or Multi-Cloud Environment
Safe and Secure Applications: Deploying in a Cloud or Multi-Cloud Environment
DevOps.com
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developer
Steve Poole
Apache web-server-security
Apache web-server-security
Andrew Carr
How to Contribute to Ansible
How to Contribute to Ansible
Cisco DevNet
WAFEC
WAFEC
Conferencias FIST
Was ist angesagt?
(20)
ios device protection review
ios device protection review
Beginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd session
Web Application Frewall
Web Application Frewall
Hacking IoT with EXPLIoT Framework
Hacking IoT with EXPLIoT Framework
CCNP Security-Firewall
CCNP Security-Firewall
[OPD 2019] Top 10 Security Facts of 2020
[OPD 2019] Top 10 Security Facts of 2020
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh Ojha
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera Software
Orbleaf: Integrated Smart Card Development Platform
Orbleaf: Integrated Smart Card Development Platform
Too soft[ware defined] networks SD-Wan vulnerability assessment
Too soft[ware defined] networks SD-Wan vulnerability assessment
Security in the Age of Open Source
Security in the Age of Open Source
Writing ICS Vulnerability Analysis
Writing ICS Vulnerability Analysis
[OPD 2019] Governance as a missing part of IT security architecture
[OPD 2019] Governance as a missing part of IT security architecture
Eclipse Plugin for ESP-IDF - EclipseCon Europe 2019
Eclipse Plugin for ESP-IDF - EclipseCon Europe 2019
Safe and Secure Applications: Deploying in a Cloud or Multi-Cloud Environment
Safe and Secure Applications: Deploying in a Cloud or Multi-Cloud Environment
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developer
Apache web-server-security
Apache web-server-security
How to Contribute to Ansible
How to Contribute to Ansible
WAFEC
WAFEC
Ähnlich wie 44cafe heart bleed
[CLASS 2014] Palestra Técnica - Jonathan Knudsen
[CLASS 2014] Palestra Técnica - Jonathan Knudsen
TI Safe
LibreSSL, one year later
LibreSSL, one year later
Giovanni Bechis
Securing your Rails application
Securing your Rails application
clucasKrof
OSDC 2014: Christopher Kunz - Software defined networking in an open-source c...
OSDC 2014: Christopher Kunz - Software defined networking in an open-source c...
NETWAYS
Why you are not secure: Apache, OpenSSL, and PHP (Intermediate Talk)
Why you are not secure: Apache, OpenSSL, and PHP (Intermediate Talk)
Andrew Carr
OISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec Primer
CiNPA Security SIG
Heartbleed
Heartbleed
Mohammed Danish Amber
AppSec & OWASP Top 10 Primer
AppSec & OWASP Top 10 Primer
CiNPA Security SIG
Help Doctor, my application is an onion!
Help Doctor, my application is an onion!
Sebastián Guerrero Selma
WebGoat.SDWAN.Net in Depth
WebGoat.SDWAN.Net in Depth
yalegko
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
Sergey Gordeychik
SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)
Jerome Smith
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Imperva
Short Introduction of Implicit Conversion by TIS, Inc.
Short Introduction of Implicit Conversion by TIS, Inc.
scalaconfjp
Short Introduction of Implicit Converion (ScalaMatsuri2014 LT)
Short Introduction of Implicit Converion (ScalaMatsuri2014 LT)
Atsushi Oku
LibreSSL
LibreSSL
Giovanni Bechis
OpenStack in the Enterprise - Are You Ready? - Maish Saidel-Keesing
OpenStack in the Enterprise - Are You Ready? - Maish Saidel-Keesing
Cloud Native Day Tel Aviv
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
Muhammad Moinur Rahman
wolfSSL Year In Review, 2013
wolfSSL Year In Review, 2013
wolfSSL
How to exploit heartbleed vulnerability demonstration
How to exploit heartbleed vulnerability demonstration
Pankaj Rane
Ähnlich wie 44cafe heart bleed
(20)
[CLASS 2014] Palestra Técnica - Jonathan Knudsen
[CLASS 2014] Palestra Técnica - Jonathan Knudsen
LibreSSL, one year later
LibreSSL, one year later
Securing your Rails application
Securing your Rails application
OSDC 2014: Christopher Kunz - Software defined networking in an open-source c...
OSDC 2014: Christopher Kunz - Software defined networking in an open-source c...
Why you are not secure: Apache, OpenSSL, and PHP (Intermediate Talk)
Why you are not secure: Apache, OpenSSL, and PHP (Intermediate Talk)
OISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec Primer
Heartbleed
Heartbleed
AppSec & OWASP Top 10 Primer
AppSec & OWASP Top 10 Primer
Help Doctor, my application is an onion!
Help Doctor, my application is an onion!
WebGoat.SDWAN.Net in Depth
WebGoat.SDWAN.Net in Depth
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Short Introduction of Implicit Conversion by TIS, Inc.
Short Introduction of Implicit Conversion by TIS, Inc.
Short Introduction of Implicit Converion (ScalaMatsuri2014 LT)
Short Introduction of Implicit Converion (ScalaMatsuri2014 LT)
LibreSSL
LibreSSL
OpenStack in the Enterprise - Are You Ready? - Maish Saidel-Keesing
OpenStack in the Enterprise - Are You Ready? - Maish Saidel-Keesing
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
wolfSSL Year In Review, 2013
wolfSSL Year In Review, 2013
How to exploit heartbleed vulnerability demonstration
How to exploit heartbleed vulnerability demonstration
Kürzlich hochgeladen
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
carlostorres15106
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
Scott Keck-Warren
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
Softradix Technologies
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
soniya singh
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
Pixlogix Infotech
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
LBM Solutions
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Patryk Bandurski
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Alan Dix
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Ridwan Fadjar
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Memoori
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Kürzlich hochgeladen
(20)
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
44cafe heart bleed
1.
Exploitation notes on
CVE-2014-0160
2.
© 2014 MDSec
Consulting Ltd. All rights reserved. Exploitation notes on CVE-2014-0160 Heartbleed <3 - The vulnerability is announced to the world 7th April 2014 by a website, OpenSSL Security Advisory and OpenSSL 1.0.1g release. - Discovered by Riku, Antti & Matti and Neel Mehta. - I searched the page for a web cart. - Shortly the next day …. - Jared Stafford released “ssltest.py” - Security community scrambled to fix.
3.
© 2014 MDSec
Consulting Ltd. All rights reserved. Exploitation notes on CVE-2014-0160 RFC-6520 Heartbeat Extension Bug introduced to the world NYE 2011 during implementation of RFC-6520 in OpenSSL 1.0.1 Enabled by default in OpenSSL 1.0.1 Fixed in OpenSSL 1.0.1g & OpenSSL 1.0.2-beta1 still vulnerable – (git has fix.) If you run beta code on production servers…
4.
© 2014 MDSec
Consulting Ltd. All rights reserved. Exploitation notes on CVE-2014-0160 Vulnerability
5.
© 2014 MDSec
Consulting Ltd. All rights reserved. Exploitation notes on CVE-2014-0160 How does it work?
6.
© 2014 MDSec
Consulting Ltd. All rights reserved. Exploitation notes on CVE-2014-0160 How does it work?
7.
© 2014 MDSec
Consulting Ltd. All rights reserved. Exploitation notes on CVE-2014-0160 Let the games commence. Sites ranging from the FBI, Russian Standard Bank, Yahoo!, OpenSSL, Belgian Intelligence Service and many more shown as leaking data. - Screen shots of “ssltest.py” dumping 16384 bytes of heap memory began to appear on social media sites. The content’s of the memory were alarming. - IDS/IPS and Security vendors began to release detection signatures & scanners. - Media frenzy ensued spreading confusing information e.g. #HeartbleedVirus - The vulnerability was still not fully realized. Misconceptions abound.
8.
© 2014 MDSec
Consulting Ltd. All rights reserved. Exploitation notes on CVE-2014-0160 On The Wire • This is an unencrypted heartbleed attack transmitted on the wire. • The response is returned in unencrypted packets.
9.
© 2014 MDSec
Consulting Ltd. All rights reserved. Exploitation notes on CVE-2014-0160 Attack SSL, Encrypt with SSL! • I wrote a stand-alone exploit in C using OpenSSL library to transmit the Heartbeat request in encrypted packet. • This was intentionally to bypass IPS/IDS signatures – it worked! • Encrypting attacks on OpenSSL with OpenSSL makes it difficult to detect…. • IDS/IPS vendors began to develop alternative detection signatures.
10.
© 2014 MDSec
Consulting Ltd. All rights reserved. Exploitation notes on CVE-2014-0160 On The Wire • This is an encrypted heartbleed attack transmitted on the wire. • The response is returned in encrypted packets.
11.
© 2014 MDSec
Consulting Ltd. All rights reserved. Exploitation notes on CVE-2014-0160 Exploit Fails & Lessons • I continued to push updates during the exploit development process. • I learnt not to commit code changes late at night without review and testing… No, I am not *THAT* OpenSSL developer! • Internet is awesome, people began to submit compile instructions for different Linux platforms. Builds on most Linux/OS-X. • Ayman Sagy added needed DTLS support. • Re-use the code! Patches are welcome!
12.
© 2014 MDSec
Consulting Ltd. All rights reserved. Exploitation notes on CVE-2014-0160 RSA Private Key Recovery • Cloudflare announce secret key challenge for heartbleed. • Provide nginx-1.5.13 web server linked against OpenSSL 1.0.1.f on Ubuntu 13.10 x86_64. • Fedor Indutny solved the challenge first, others quickly followed. • “include/openssl/rsa.h:struct rsa_st” holds RSA variables (p & q) in memory. • RSA n := pq. We can use n to calculate if prime in memory is valid. • Search for key size primes in memory leak and use to determine remaining prime from modulo n (q % n == 0) – with p & q we generate RSA private key.
13.
© 2014 MDSec
Consulting Ltd. All rights reserved. Exploitation notes on CVE-2014-0160 RSA Private Key Recovery • Obtain certificate “openssl s_client -connect 192.168.11.23:443 < http- get.txt | grep BEGIN –A n > out.pem” • Improved “keyscan.py” by Einar Otto Stangvik to produce valid RSA private keys instead of counting primes. • Run “keyscan.py” on a memory dump to test possible values against the certificate modulus n to identify if modulo is 0. The value and its division result by n are checked and if primes we have p & q. • We then generate the RSA private key from the prime values. • Metasploit module also supports dumping private keys.
14.
© 2014 MDSec
Consulting Ltd. All rights reserved. Exploitation notes on CVE-2014-0160 Heartbleed.c • Exploit works against vulnerable OpenSSL servers and clients. • Leaks upto 65535 bytes of heap data and 16 bytes of random padding. • Can re-use connection. • STARTTLS support. • Multiple SSL protocols. • Multiple ciphers. • Saves leak to file.
15.
© 2014 MDSec
Consulting Ltd. All rights reserved. Exploitation notes on CVE-2014-0160 Demo Demo.
16.
© 2014 MDSec
Consulting Ltd. All rights reserved. Exploitation notes on CVE-2014-0160 Conclusions • CVE-2014-0160 will exist in appliances & infrastructure for some time. • Affected servers and devices should be considered compromised. • Your IDS/IPS cannot always save you. • Enable Perfect Forward Secrecy. • Enable Two-Factor Authentication (e.g. X.509). E-mail: matthew@mdsec.co.uk Twitter: @HackerFantastic https://github.com/hackerfantastic/public
Jetzt herunterladen