Heartbleed Exploit – Discovery & Exploitation

Heartbleed Exploit – Discovery & Exploitation

What is Heartbleed?

Heartbleed is a security bug/vulnerability in the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol.

It allows you to read the memory of the system protected by the vulnerable version of OpenSSL.

Affects OpenSSL 1.0.1

Tools we will be using

Beebox & bWAPP

Getting Started

  • bWAPP – Select Heartbleed      vulnerability
  • Browse to URL with port 8443
  • This port can be found by using nmap to scan the server for open ports

Vulnerability scanning with Nmap

  • Nmap – sudo nmap -p 8443  –script ssl-heartbleed 192.158.1.105

  • Check the CVE for more info

Vulnerability Scanning With Metasploit

  • Msfconsole
  • It is an scanner/auxiliary      module
  • Search openssl_heartbleed
  • Set RHOSTS & RPORT
  • Show info
  • Available options or actions
  • Set action SCAN
  • Run

Dumping With Metasploit

  • Set action DUMP
  • Run

Proof of concept (Getting Session ID)

  • Python ./heartbleed.py      192.168.1.105 -p 8443
  • Once you get the session id you can impersonate the user and their authenticated session
Liked it? Take a second to support Alexis on Patreon!
Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *